OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
7 | 7 |
8 #include <accctrl.h> | 8 #include <accctrl.h> |
9 #include <windows.h> | 9 #include <windows.h> |
10 | 10 |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 | 75 |
76 // Returns the integrity level SDDL string associated with a given | 76 // Returns the integrity level SDDL string associated with a given |
77 // IntegrityLevel value. | 77 // IntegrityLevel value. |
78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); | 78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); |
79 | 79 |
80 // Sets the integrity level on the current process on Vista. It returns without | 80 // Sets the integrity level on the current process on Vista. It returns without |
81 // failing on XP. If the integrity level that you specify is greater than the | 81 // failing on XP. If the integrity level that you specify is greater than the |
82 // current integrity level, the function will fail. | 82 // current integrity level, the function will fail. |
83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); | 83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); |
84 | 84 |
| 85 // Hardens the integrity level policy on a token. This is only valid on Win 7 |
| 86 // and above. Specifically it sets the policy to block read and execute so |
| 87 // that a lower privileged process cannot open the token for impersonate or |
| 88 // duplicate permissions. This should limit potential security holes. |
| 89 DWORD HardenTokenIntegrityLevelPolicy(HANDLE token); |
| 90 |
| 91 // Hardens the integrity level policy on the current process. This is only |
| 92 // valid on Win 7 and above. Specifically it sets the policy to block read |
| 93 // and execute so that a lower privileged process cannot open the token for |
| 94 // impersonate or duplicate permissions. This should limit potential security |
| 95 // holes. |
| 96 DWORD HardenProcessIntegrityLevelPolicy(); |
| 97 |
85 } // namespace sandbox | 98 } // namespace sandbox |
86 | 99 |
87 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 100 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
OLD | NEW |