Index: sandbox/win/src/sandbox_policy.h |
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h |
index 22a2049c2d109d9770ef337829d63f99f6c958b5..61af25fe5e71a3e860877a7ae40a73ab6706f492 100644 |
--- a/sandbox/win/src/sandbox_policy.h |
+++ b/sandbox/win/src/sandbox_policy.h |
@@ -183,6 +183,12 @@ class TargetPolicy { |
// Sets a capability to be enabled for the sandboxed process' AppContainer. |
virtual ResultCode SetCapability(const wchar_t* sid) = 0; |
+ // Sets the LowBox token for sandboxed process. This is mutually exclusive |
+ // with SetAppContainer method. So far there are two methods to start |
rvargas (doing something else)
2015/02/28 01:10:06
nit: I think we can drop the second sentence.
Shrikant Kelkar
2015/02/28 01:55:41
Done.
|
+ // appcontainer process, one through startupinfoex and other using |
+ // createlowboxtoken. |
+ virtual ResultCode SetLowBox(const wchar_t* sid) = 0; |
+ |
// Sets the mitigations enabled when the process is created. Most of these |
// are implemented as attributes passed via STARTUPINFOEX. So they take |
// effect before any thread in the target executes. The declaration of |