summaryrefslogtreecommitdiffstats
path: root/sandbox/src/security_level.h
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/src/security_level.h')
-rw-r--r--sandbox/src/security_level.h127
1 files changed, 0 insertions, 127 deletions
diff --git a/sandbox/src/security_level.h b/sandbox/src/security_level.h
deleted file mode 100644
index 467f96f..0000000
--- a/sandbox/src/security_level.h
+++ /dev/null
@@ -1,127 +0,0 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_SRC_SECURITY_LEVEL_H_
-#define SANDBOX_SRC_SECURITY_LEVEL_H_
-
-namespace sandbox {
-
-// List of all the integrity levels supported in the sandbox. This is used
-// only on Windows Vista. You can't set the integrity level of the process
-// in the sandbox to a level higher than yours.
-enum IntegrityLevel {
- INTEGRITY_LEVEL_SYSTEM,
- INTEGRITY_LEVEL_HIGH,
- INTEGRITY_LEVEL_MEDIUM,
- INTEGRITY_LEVEL_MEDIUM_LOW,
- INTEGRITY_LEVEL_LOW,
- INTEGRITY_LEVEL_BELOW_LOW,
- INTEGRITY_LEVEL_UNTRUSTED,
- INTEGRITY_LEVEL_LAST
-};
-
-// The Token level specifies a set of security profiles designed to
-// provide the bulk of the security of sandbox.
-//
-// TokenLevel |Restricting |Deny Only |Privileges|
-// |Sids |Sids | |
-// ----------------------------|--------------|----------------|----------|
-// USER_LOCKDOWN | Null Sid | All | None |
-// ----------------------------|--------------|----------------|----------|
-// USER_RESTRICTED | RESTRICTED | All | Traverse |
-// ----------------------------|--------------|----------------|----------|
-// USER_LIMITED | Users | All except: | Traverse |
-// | Everyone | Users | |
-// | RESTRICTED | Everyone | |
-// | | Interactive | |
-// ----------------------------|--------------|----------------|----------|
-// USER_INTERACTIVE | Users | All except: | Traverse |
-// | Everyone | Users | |
-// | RESTRICTED | Everyone | |
-// | Owner | Interactive | |
-// | | Local | |
-// | | Authent-users | |
-// | | User | |
-// ----------------------------|--------------|----------------|----------|
-// USER_NON_ADMIN | None | All except: | Traverse |
-// | | Users | |
-// | | Everyone | |
-// | | Interactive | |
-// | | Local | |
-// | | Authent-users | |
-// | | User | |
-// ----------------------------|--------------|----------------|----------|
-// USER_RESTRICTED_SAME_ACCESS | All | None | All |
-// ----------------------------|--------------|----------------|----------|
-// USER_UNPROTECTED | None | None | All |
-// ----------------------------|--------------|----------------|----------|
-//
-// The above restrictions are actually a transformation that is applied to
-// the existing broker process token. The resulting token that will be
-// applied to the target process depends both on the token level selected
-// and on the broker token itself.
-//
-// The LOCKDOWN and RESTRICTED are designed to allow access to almost
-// nothing that has security associated with and they are the recommended
-// levels to run sandboxed code specially if there is a chance that the
-// broker is process might be started by a user that belongs to the Admins
-// or power users groups.
-enum TokenLevel {
- USER_LOCKDOWN = 0,
- USER_RESTRICTED,
- USER_LIMITED,
- USER_INTERACTIVE,
- USER_NON_ADMIN,
- USER_RESTRICTED_SAME_ACCESS,
- USER_UNPROTECTED
-};
-
-// The Job level specifies a set of decreasing security profiles for the
-// Job object that the target process will be placed into.
-// This table summarizes the security associated with each level:
-//
-// JobLevel |General |Quota |
-// |restrictions |restrictions |
-// -----------------|---------------------------------- |--------------------|
-// JOB_UNPROTECTED | None | *Kill on Job close.|
-// -----------------|---------------------------------- |--------------------|
-// JOB_INTERACTIVE | *Forbid system-wide changes using | |
-// | SystemParametersInfo(). | *Kill on Job close.|
-// | *Forbid the creation/switch of | |
-// | Desktops. | |
-// | *Forbids calls to ExitWindows(). | |
-// -----------------|---------------------------------- |--------------------|
-// JOB_LIMITED_USER | Same as INTERACTIVE_USER plus: | *One active process|
-// | *Forbid changes to the display | limit. |
-// | settings. | *Kill on Job close.|
-// -----------------|---------------------------------- |--------------------|
-// JOB_RESTRICTED | Same as LIMITED_USER plus: | *One active process|
-// | * No read/write to the clipboard. | limit. |
-// | * No access to User Handles that | *Kill on Job close.|
-// | belong to other processes. | |
-// | * Forbid message broadcasts. | |
-// | * Forbid setting global hooks. | |
-// | * No access to the global atoms | |
-// | table. | |
-// -----------------|-----------------------------------|--------------------|
-// JOB_LOCKDOWN | Same as RESTRICTED | *One active process|
-// | | limit. |
-// | | *Kill on Job close.|
-// | | *Kill on unhandled |
-// | | exception. |
-// | | |
-// In the context of the above table, 'user handles' refers to the handles of
-// windows, bitmaps, menus, etc. Files, treads and registry handles are kernel
-// handles and are not affected by the job level settings.
-enum JobLevel {
- JOB_LOCKDOWN = 0,
- JOB_RESTRICTED,
- JOB_LIMITED_USER,
- JOB_INTERACTIVE,
- JOB_UNPROTECTED
-};
-
-} // namespace sandbox
-
-#endif // SANDBOX_SRC_SECURITY_LEVEL_H_
generated by cgit v1.1 at 2025-04-03 07:16:40 +0000