OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
7 | 7 |
8 #include <windows.h> | 8 #include <windows.h> |
9 | 9 |
10 #include <list> | 10 #include <list> |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
49 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) override; | 49 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) override; |
50 virtual base::string16 GetAlternateDesktop() const override; | 50 virtual base::string16 GetAlternateDesktop() const override; |
51 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) override; | 51 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) override; |
52 virtual void DestroyAlternateDesktop() override; | 52 virtual void DestroyAlternateDesktop() override; |
53 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; | 53 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; |
54 virtual IntegrityLevel GetIntegrityLevel() const override; | 54 virtual IntegrityLevel GetIntegrityLevel() const override; |
55 virtual ResultCode SetDelayedIntegrityLevel( | 55 virtual ResultCode SetDelayedIntegrityLevel( |
56 IntegrityLevel integrity_level) override; | 56 IntegrityLevel integrity_level) override; |
57 virtual ResultCode SetAppContainer(const wchar_t* sid) override; | 57 virtual ResultCode SetAppContainer(const wchar_t* sid) override; |
58 virtual ResultCode SetCapability(const wchar_t* sid) override; | 58 virtual ResultCode SetCapability(const wchar_t* sid) override; |
59 virtual ResultCode SetLowBox(const wchar_t* sid) override; | |
59 virtual ResultCode SetProcessMitigations(MitigationFlags flags) override; | 60 virtual ResultCode SetProcessMitigations(MitigationFlags flags) override; |
60 virtual MitigationFlags GetProcessMitigations() override; | 61 virtual MitigationFlags GetProcessMitigations() override; |
61 virtual ResultCode SetDelayedProcessMitigations( | 62 virtual ResultCode SetDelayedProcessMitigations( |
62 MitigationFlags flags) override; | 63 MitigationFlags flags) override; |
63 virtual MitigationFlags GetDelayedProcessMitigations() const override; | 64 virtual MitigationFlags GetDelayedProcessMitigations() const override; |
64 virtual void SetStrictInterceptions() override; | 65 virtual void SetStrictInterceptions() override; |
65 virtual ResultCode SetStdoutHandle(HANDLE handle) override; | 66 virtual ResultCode SetStdoutHandle(HANDLE handle) override; |
66 virtual ResultCode SetStderrHandle(HANDLE handle) override; | 67 virtual ResultCode SetStderrHandle(HANDLE handle) override; |
67 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, | 68 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, |
68 const wchar_t* pattern) override; | 69 const wchar_t* pattern) override; |
(...skipping 10 matching lines...) Expand all Loading... | |
79 // Creates a Job object with the level specified in a previous call to | 80 // Creates a Job object with the level specified in a previous call to |
80 // SetJobLevel(). | 81 // SetJobLevel(). |
81 ResultCode MakeJobObject(HANDLE* job); | 82 ResultCode MakeJobObject(HANDLE* job); |
82 | 83 |
83 // Creates the two tokens with the levels specified in a previous call to | 84 // Creates the two tokens with the levels specified in a previous call to |
84 // SetTokenLevel(). | 85 // SetTokenLevel(). |
85 ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown); | 86 ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown); |
86 | 87 |
87 const AppContainerAttributes* GetAppContainer() const; | 88 const AppContainerAttributes* GetAppContainer() const; |
88 | 89 |
90 const PSID GetLowBoxSid() const; | |
91 | |
89 // Adds a target process to the internal list of targets. Internally a | 92 // Adds a target process to the internal list of targets. Internally a |
90 // call to TargetProcess::Init() is issued. | 93 // call to TargetProcess::Init() is issued. |
91 bool AddTarget(TargetProcess* target); | 94 bool AddTarget(TargetProcess* target); |
92 | 95 |
93 // Called when there are no more active processes in a Job. | 96 // Called when there are no more active processes in a Job. |
94 // Removes a Job object associated with this policy and the target associated | 97 // Removes a Job object associated with this policy and the target associated |
95 // with the job. | 98 // with the job. |
96 bool OnJobEmpty(HANDLE job); | 99 bool OnJobEmpty(HANDLE job); |
97 | 100 |
98 EvalResult EvalPolicy(int service, CountedParameterSetBase* params); | 101 EvalResult EvalPolicy(int service, CountedParameterSetBase* params); |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
151 // Memory structure that stores the low level policy. | 154 // Memory structure that stores the low level policy. |
152 PolicyGlobal* policy_; | 155 PolicyGlobal* policy_; |
153 // The list of dlls to unload in the target process. | 156 // The list of dlls to unload in the target process. |
154 std::vector<base::string16> blacklisted_dlls_; | 157 std::vector<base::string16> blacklisted_dlls_; |
155 // This is a map of handle-types to names that we need to close in the | 158 // This is a map of handle-types to names that we need to close in the |
156 // target process. A null set means we need to close all handles of the | 159 // target process. A null set means we need to close all handles of the |
157 // given type. | 160 // given type. |
158 HandleCloser handle_closer_; | 161 HandleCloser handle_closer_; |
159 std::vector<base::string16> capabilities_; | 162 std::vector<base::string16> capabilities_; |
160 scoped_ptr<AppContainerAttributes> appcontainer_list_; | 163 scoped_ptr<AppContainerAttributes> appcontainer_list_; |
164 PSID lowbox_sid_; | |
cpu_(ooo_6.6-7.5)
2015/02/28 02:13:53
instead pointer to sid? we don't use PHANDLE for
Shrikant Kelkar
2015/02/28 02:33:47
Sorry, didn't understand. We need PSID for CreateL
| |
161 | 165 |
162 static HDESK alternate_desktop_handle_; | 166 static HDESK alternate_desktop_handle_; |
163 static HWINSTA alternate_winstation_handle_; | 167 static HWINSTA alternate_winstation_handle_; |
164 static IntegrityLevel alternate_desktop_integrity_level_label_; | 168 static IntegrityLevel alternate_desktop_integrity_level_label_; |
165 | 169 |
166 DISALLOW_COPY_AND_ASSIGN(PolicyBase); | 170 DISALLOW_COPY_AND_ASSIGN(PolicyBase); |
167 }; | 171 }; |
168 | 172 |
169 } // namespace sandbox | 173 } // namespace sandbox |
170 | 174 |
171 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 175 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
OLD | NEW |