Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(177)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/restricted_token_utils.h

Issue 810083002: Added a new process mitigation to harden process token IL policy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Changed comments to correctly indicate Windows 7 Created 5 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/process_mitigations.cc ('k') | sandbox/win/src/restricted_token_utils.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
7 7
8 #include <accctrl.h> 8 #include <accctrl.h>
9 #include <windows.h> 9 #include <windows.h>
10 10
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
75 75
76 // Returns the integrity level SDDL string associated with a given 76 // Returns the integrity level SDDL string associated with a given
77 // IntegrityLevel value. 77 // IntegrityLevel value.
78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); 78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level);
79 79
80 // Sets the integrity level on the current process on Vista. It returns without 80 // Sets the integrity level on the current process on Vista. It returns without
81 // failing on XP. If the integrity level that you specify is greater than the 81 // failing on XP. If the integrity level that you specify is greater than the
82 // current integrity level, the function will fail. 82 // current integrity level, the function will fail.
83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); 83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level);
84 84
85 // Hardens the integrity level policy on a token. This is only valid on Win 7
86 // and above. Specifically it sets the policy to block read and execute so
87 // that a lower privileged process cannot open the token for impersonate or
88 // duplicate permissions. This should limit potential security holes.
89 DWORD HardenTokenIntegrityLevelPolicy(HANDLE token);
90
91 // Hardens the integrity level policy on the current process. This is only
92 // valid on Win 7 and above. Specifically it sets the policy to block read
93 // and execute so that a lower privileged process cannot open the token for
94 // impersonate or duplicate permissions. This should limit potential security
95 // holes.
96 DWORD HardenProcessIntegrityLevelPolicy();
97
85 } // namespace sandbox 98 } // namespace sandbox
86 99
87 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ 100 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
OLDNEW
« no previous file with comments | « sandbox/win/src/process_mitigations.cc ('k') | sandbox/win/src/restricted_token_utils.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698