Don't show supervised user as "already on this device" while they're being imported.
[chromium-blink-merge.git] / sandbox / win / src / process_thread_policy.h
blob2871dcaa276b3b660a1f202487644600e26b21da
1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H_
6 #define SANDBOX_SRC_PROCESS_THREAD_POLICY_H_
8 #include <string>
10 #include "sandbox/win/src/policy_low_level.h"
12 #include "base/basictypes.h"
13 #include "base/strings/string16.h"
14 #include "sandbox/win/src/crosscall_server.h"
15 #include "sandbox/win/src/sandbox_policy.h"
17 namespace sandbox {
19 enum EvalResult;
21 // This class centralizes most of the knowledge related to process execution.
22 class ProcessPolicy {
23 public:
24 // Creates the required low-level policy rules to evaluate a high-level.
25 // policy rule for process creation
26 // 'name' is the executable to be spawn.
27 // 'semantics' is the desired semantics.
28 // 'policy' is the policy generator to which the rules are going to be added.
29 static bool GenerateRules(const wchar_t* name,
30 TargetPolicy::Semantics semantics,
31 LowLevelPolicy* policy);
33 // Opens a thread from the child process and returns the handle.
34 // client_info contains the information about the child process,
35 // desired_access is the access requested by the child and thread_id
36 // is the thread_id to be opened.
37 // The function returns the return value of NtOpenThread.
38 static NTSTATUS OpenThreadAction(const ClientInfo& client_info,
39 uint32 desired_access,
40 uint32 thread_id,
41 HANDLE* handle);
43 // Opens the process id passed in and returns the duplicated handle to
44 // the child. We only allow the child processes to open themselves. Any other
45 // pid open is denied.
46 static NTSTATUS OpenProcessAction(const ClientInfo& client_info,
47 uint32 desired_access,
48 uint32 process_id,
49 HANDLE* handle);
51 // Opens the token associated with the process and returns the duplicated
52 // handle to the child. We only allow the child processes to open his own
53 // token (using ::GetCurrentProcess()).
54 static NTSTATUS OpenProcessTokenAction(const ClientInfo& client_info,
55 HANDLE process,
56 uint32 desired_access,
57 HANDLE* handle);
59 // Opens the token associated with the process and returns the duplicated
60 // handle to the child. We only allow the child processes to open his own
61 // token (using ::GetCurrentProcess()).
62 static NTSTATUS OpenProcessTokenExAction(const ClientInfo& client_info,
63 HANDLE process,
64 uint32 desired_access,
65 uint32 attributes,
66 HANDLE* handle);
68 // Processes a 'CreateProcessW()' request from the target.
69 // 'client_info' : the target process that is making the request.
70 // 'eval_result' : The desired policy action to accomplish.
71 // 'app_name' : The full path of the process to be created.
72 // 'command_line' : The command line passed to the created process.
73 static DWORD CreateProcessWAction(EvalResult eval_result,
74 const ClientInfo& client_info,
75 const base::string16 &app_name,
76 const base::string16 &command_line,
77 PROCESS_INFORMATION* process_info);
80 } // namespace sandbox
83 #endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H_