diff options
author | shrikant <shrikant@chromium.org> | 2015-03-01 20:23:01 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-03-02 04:23:28 +0000 |
commit | f7540af7428f4b146136ec19b781886693f8c03f (patch) | |
tree | 182f19c9fe7d507ab98c4e6fe4d313bb6ab3dec3 /sandbox/win/src/sandbox_policy.h | |
parent | 611754aea9d1c0ba5c7980fa267fd005dc249b85 (diff) | |
download | chromium_src-f7540af7428f4b146136ec19b781886693f8c03f.zip chromium_src-f7540af7428f4b146136ec19b781886693f8c03f.tar.gz chromium_src-f7540af7428f4b146136ec19b781886693f8c03f.tar.bz2 |
This CL adds a method to create process using LowBox token on Windows. LowBox will help us tackle some of the escapes from Sandbox.
R=cpu,jschuh,rvargas,wfh,forshaw
BUG=455496
Review URL: https://codereview.chromium.org/937353002
Cr-Commit-Position: refs/heads/master@{#318648}
Diffstat (limited to 'sandbox/win/src/sandbox_policy.h')
-rw-r--r-- | sandbox/win/src/sandbox_policy.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h index 22a2049..6f096fb 100644 --- a/sandbox/win/src/sandbox_policy.h +++ b/sandbox/win/src/sandbox_policy.h @@ -183,6 +183,10 @@ class TargetPolicy { // Sets a capability to be enabled for the sandboxed process' AppContainer. virtual ResultCode SetCapability(const wchar_t* sid) = 0; + // Sets the LowBox token for sandboxed process. This is mutually exclusive + // with SetAppContainer method. + virtual ResultCode SetLowBox(const wchar_t* sid) = 0; + // Sets the mitigations enabled when the process is created. Most of these // are implemented as attributes passed via STARTUPINFOEX. So they take // effect before any thread in the target executes. The declaration of |