summaryrefslogtreecommitdiffstats
path: root/sandbox/src/restricted_token_utils.h
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/src/restricted_token_utils.h')
-rw-r--r--sandbox/src/restricted_token_utils.h8
1 files changed, 7 insertions, 1 deletions
diff --git a/sandbox/src/restricted_token_utils.h b/sandbox/src/restricted_token_utils.h
index 0aade8b..dd7b55c 100644
--- a/sandbox/src/restricted_token_utils.h
+++ b/sandbox/src/restricted_token_utils.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -78,6 +78,12 @@ DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level);
// current integrity level, the function will fail.
DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level);
+// Adds deny ACEs on the supplied object for WinRestrictedCodeSid and
+// WinNullSid. This prevents the object from being accessible to sandboxed
+// processes. This prevents the object from being accessed by a sandboxed
+// process at USER_INTERACTIVE through USER_LOCKDOWN;
+DWORD SetObjectDenyRestrictedAndNull(HANDLE handle, SE_OBJECT_TYPE type);
+
} // namespace sandbox
#endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
generated by cgit v1.1 at 2025-05-11 09:07:03 +0000