security/sandbox/win/src/restricted_token_utils.h@6474c204b198 (annotated)
security/sandbox/win/src/restricted_token_utils.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| michael@0 | 6 | #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| michael@0 | 7 | |
| michael@0 | 8 | #include <accctrl.h> |
| michael@0 | 9 | #include <windows.h> |
| michael@0 | 10 | |
| michael@0 | 11 | #include "sandbox/win/src/restricted_token.h" |
| michael@0 | 12 | #include "sandbox/win/src/security_level.h" |
| michael@0 | 13 | |
| michael@0 | 14 | // Contains the utility functions to be able to create restricted tokens based |
| michael@0 | 15 | // on a security profiles. |
| michael@0 | 16 | |
| michael@0 | 17 | namespace sandbox { |
| michael@0 | 18 | |
| michael@0 | 19 | // The type of the token returned by the CreateNakedToken. |
| michael@0 | 20 | enum TokenType { |
| michael@0 | 21 | IMPERSONATION = 0, |
| michael@0 | 22 | PRIMARY |
| michael@0 | 23 | }; |
| michael@0 | 24 | |
| michael@0 | 25 | // Creates a restricted token based on the effective token of the current |
| michael@0 | 26 | // process. The parameter security_level determines how much the token is |
| michael@0 | 27 | // restricted. The token_type determines if the token will be used as a primary |
| michael@0 | 28 | // token or impersonation token. The integrity level of the token is set to |
| michael@0 | 29 | // |integrity level| on Vista only. |
| michael@0 | 30 | // token_handle is the output value containing the handle of the |
| michael@0 | 31 | // newly created restricted token. |
| michael@0 | 32 | // If the function succeeds, the return value is ERROR_SUCCESS. If the |
| michael@0 | 33 | // function fails, the return value is the win32 error code corresponding to |
| michael@0 | 34 | // the error. |
| michael@0 | 35 | DWORD CreateRestrictedToken(HANDLE *token_handle, |
| michael@0 | 36 | TokenLevel security_level, |
| michael@0 | 37 | IntegrityLevel integrity_level, |
| michael@0 | 38 | TokenType token_type); |
| michael@0 | 39 | |
| michael@0 | 40 | // Starts the process described by the input parameter command_line in a job |
| michael@0 | 41 | // with a restricted token. Also set the main thread of this newly created |
| michael@0 | 42 | // process to impersonate a user with more rights so it can initialize |
| michael@0 | 43 | // correctly. |
| michael@0 | 44 | // |
| michael@0 | 45 | // Parameters: primary_level is the security level of the primary token. |
| michael@0 | 46 | // impersonation_level is the security level of the impersonation token used |
| michael@0 | 47 | // to initialize the process. job_level is the security level of the job |
| michael@0 | 48 | // object used to encapsulate the process. |
| michael@0 | 49 | // |
| michael@0 | 50 | // The output parameter job_handle is the handle to the job object. It has |
| michael@0 | 51 | // to be closed with CloseHandle() when not needed. Closing this handle will |
| michael@0 | 52 | // kill the process started. |
| michael@0 | 53 | // |
| michael@0 | 54 | // Note: The process started with this function has to call RevertToSelf() as |
| michael@0 | 55 | // soon as possible to stop using the impersonation token and start being |
| michael@0 | 56 | // secure. |
| michael@0 | 57 | // |
| michael@0 | 58 | // Note: The Unicode version of this function will fail if the command_line |
| michael@0 | 59 | // parameter is a const string. |
| michael@0 | 60 | DWORD StartRestrictedProcessInJob(wchar_t *command_line, |
| michael@0 | 61 | TokenLevel primary_level, |
| michael@0 | 62 | TokenLevel impersonation_level, |
| michael@0 | 63 | JobLevel job_level, |
| michael@0 | 64 | HANDLE *job_handle); |
| michael@0 | 65 | |
| michael@0 | 66 | // Sets the integrity label on a object handle. |
| michael@0 | 67 | DWORD SetObjectIntegrityLabel(HANDLE handle, SE_OBJECT_TYPE type, |
| michael@0 | 68 | const wchar_t* ace_access, |
| michael@0 | 69 | const wchar_t* integrity_level_sid); |
| michael@0 | 70 | |
| michael@0 | 71 | // Sets the integrity level on a token. This is only valid on Vista. It returns |
| michael@0 | 72 | // without failing on XP. If the integrity level that you specify is greater |
| michael@0 | 73 | // than the current integrity level, the function will fail. |
| michael@0 | 74 | DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level); |
| michael@0 | 75 | |
| michael@0 | 76 | // Sets the integrity level on the current process on Vista. It returns without |
| michael@0 | 77 | // failing on XP. If the integrity level that you specify is greater than the |
| michael@0 | 78 | // current integrity level, the function will fail. |
| michael@0 | 79 | DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); |
| michael@0 | 80 | |
| michael@0 | 81 | } // namespace sandbox |
| michael@0 | 82 | |
| michael@0 | 83 | #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
