The Tor Browser / file diff

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/sandbox/win/src/process_mitigations.h	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,44 @@
     1.4 +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
     1.5 +// Use of this source code is governed by a BSD-style license that can be
     1.6 +// found in the LICENSE file.
     1.7 +
     1.8 +#ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
     1.9 +#define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
    1.10 +
    1.11 +#include <windows.h>
    1.12 +
    1.13 +#include "base/basictypes.h"
    1.14 +#include "sandbox/win/src/security_level.h"
    1.15 +
    1.16 +namespace sandbox {
    1.17 +
    1.18 +// Sets the mitigation policy for the current process, ignoring any settings
    1.19 +// that are invalid for the current version of Windows.
    1.20 +bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags);
    1.21 +
    1.22 +// Returns the flags that must be enforced after startup for the current OS
    1.23 +// version.
    1.24 +MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags);
    1.25 +
    1.26 +// Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
    1.27 +// policy flags used by UpdateProcThreadAttribute(). The size field varies
    1.28 +// between a 32-bit and a 64-bit type based on the exact build and version of
    1.29 +// Windows, so the returned size must be passed to UpdateProcThreadAttribute().
    1.30 +void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
    1.31 +                                       DWORD64* policy_flags, size_t* size);
    1.32 +
    1.33 +// Adds mitigations that need to be performed on the suspended target process
    1.34 +// before execution begins.
    1.35 +bool ApplyProcessMitigationsToSuspendedProcess(HANDLE process,
    1.36 +                                               MitigationFlags flags);
    1.37 +
    1.38 +// Returns true if all the supplied flags can be set after a process starts.
    1.39 +bool CanSetProcessMitigationsPostStartup(MitigationFlags flags);
    1.40 +
    1.41 +// Returns true if all the supplied flags can be set before a process starts.
    1.42 +bool CanSetProcessMitigationsPreStartup(MitigationFlags flags);
    1.43 +
    1.44 +}  // namespace sandbox
    1.45 +
    1.46 +#endif  // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
    1.47 +