content/common/sandbox_win.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_COMMON_SANDBOX_WIN_H_
   6 #define CONTENT_COMMON_SANDBOX_WIN_H_
   7
   8 #include "content/common/content_export.h"
   9 #include "sandbox/win/src/security_level.h"
  10
  11 namespace base {
  12 class CommandLine;
  13 }
  14
  15 namespace sandbox {
  16 class BrokerServices;
  17 class TargetPolicy;
  18 class TargetServices;
  19 }
  20
  21 namespace content {
  22
  23 // Wrapper around sandbox::TargetPolicy::SetJobLevel that checks if the sandbox
  24 // should be let to run without a job object assigned.
  25 void SetJobLevel(const base::CommandLine& cmd_line,
  26                  sandbox::JobLevel job_level,
  27                  uint32 ui_exceptions,
  28                  sandbox::TargetPolicy* policy);
  29
  30 // Closes handles that are opened at process creation and initialization.
  31 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy);
  32
  33 // Add AppContainer policy for |sid| on supported OS.
  34 void AddAppContainerPolicy(sandbox::TargetPolicy* policy, const wchar_t* sid);
  35
  36 // Add the win32k lockdown policy on supported OS.
  37 bool AddWin32kLockdownPolicy(sandbox::TargetPolicy* policy);
  38
  39 bool InitBrokerServices(sandbox::BrokerServices* broker_services);
  40
  41 bool InitTargetServices(sandbox::TargetServices* target_services);
  42
  43 }  // namespace content
  44
  45 #endif  // CONTENT_COMMON_SANDBOX_WIN_H_