michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ michael@0: #define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ michael@0: michael@0: #include michael@0: michael@0: #include "base/basictypes.h" michael@0: #include "sandbox/win/src/security_level.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: // Sets the mitigation policy for the current process, ignoring any settings michael@0: // that are invalid for the current version of Windows. michael@0: bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags); michael@0: michael@0: // Returns the flags that must be enforced after startup for the current OS michael@0: // version. michael@0: MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags); michael@0: michael@0: // Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES michael@0: // policy flags used by UpdateProcThreadAttribute(). The size field varies michael@0: // between a 32-bit and a 64-bit type based on the exact build and version of michael@0: // Windows, so the returned size must be passed to UpdateProcThreadAttribute(). michael@0: void ConvertProcessMitigationsToPolicy(MitigationFlags flags, michael@0: DWORD64* policy_flags, size_t* size); michael@0: michael@0: // Adds mitigations that need to be performed on the suspended target process michael@0: // before execution begins. michael@0: bool ApplyProcessMitigationsToSuspendedProcess(HANDLE process, michael@0: MitigationFlags flags); michael@0: michael@0: // Returns true if all the supplied flags can be set after a process starts. michael@0: bool CanSetProcessMitigationsPostStartup(MitigationFlags flags); michael@0: michael@0: // Returns true if all the supplied flags can be set before a process starts. michael@0: bool CanSetProcessMitigationsPreStartup(MitigationFlags flags); michael@0: michael@0: } // namespace sandbox michael@0: michael@0: #endif // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ michael@0: