Lines Matching refs:sandbox
25 #include "sandbox/src/sandbox.h"
27 static sandbox::BrokerServices* g_broker_services = NULL;
125 sandbox::TargetPolicy::Semantics access,
126 sandbox::TargetPolicy* policy) {
136 sandbox::ResultCode result;
137 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access,
139 if (result != sandbox::SBOX_ALL_OK)
147 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access,
149 if (result != sandbox::SBOX_ALL_OK)
158 sandbox::TargetPolicy::Semantics access,
159 sandbox::TargetPolicy* policy) {
160 sandbox::ResultCode result;
161 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access,
163 if (result != sandbox::SBOX_ALL_OK)
167 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access,
169 if (result != sandbox::SBOX_ALL_OK)
193 sandbox::TargetPolicy* policy) {
222 // Eviction of injected DLLs is done by the sandbox so that the injected module
224 void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) {
229 // Adds the generic policy rules to a sandbox TargetPolicy.
230 bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
231 sandbox::ResultCode result;
234 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
235 sandbox::TargetPolicy::FILES_ALLOW_ANY,
237 if (result != sandbox::SBOX_ALL_OK)
240 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
241 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
243 if (result != sandbox::SBOX_ALL_OK)
261 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS,
262 sandbox::TargetPolicy::PROCESS_MIN_EXEC,
264 if (result != sandbox::SBOX_ALL_OK)
271 // Creates a sandbox without any restriction.
272 bool ApplyPolicyForTrustedPlugin(sandbox::TargetPolicy* policy) {
273 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
274 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED);
278 // Creates a sandbox with the plugin running in a restricted environment.
281 bool ApplyPolicyForUntrustedPlugin(sandbox::TargetPolicy* policy) {
282 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
284 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
288 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
290 policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED);
291 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
294 sandbox::TargetPolicy::FILES_ALLOW_ANY, policy))
298 sandbox::TargetPolicy::FILES_ALLOW_ANY, policy))
302 sandbox::TargetPolicy::FILES_ALLOW_READONLY,
307 sandbox::TargetPolicy::FILES_ALLOW_READONLY,
312 sandbox::TargetPolicy::FILES_ALLOW_ANY,
317 sandbox::TargetPolicy::FILES_ALLOW_ANY,
322 sandbox::TargetPolicy::FILES_ALLOW_READONLY,
327 sandbox::TargetPolicy::REG_ALLOW_ANY,
332 sandbox::TargetPolicy::REG_ALLOW_ANY,
338 sandbox::TargetPolicy::REG_ALLOW_ANY,
343 sandbox::TargetPolicy::FILES_ALLOW_ANY,
351 sandbox::TargetPolicy::FILES_ALLOW_READONLY,
413 // Creates a sandbox for the built-in flash plugin running in a restricted
416 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) {
417 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
420 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
421 sandbox::USER_INTERACTIVE);
422 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
424 policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
425 sandbox::USER_LIMITED);
428 sandbox::TargetPolicy::REG_ALLOW_READONLY,
432 sandbox::TargetPolicy::REG_ALLOW_READONLY,
437 sandbox::TargetPolicy::REG_ALLOW_READONLY,
469 sandbox::TargetPolicy* policy) {
475 sandbox::ResultCode result = sandbox::SBOX_ALL_OK;
476 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
477 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
479 if (result != sandbox::SBOX_ALL_OK) {
484 // The built-in flash gets a custom, more restricted sandbox.
487 // Spawn the flash broker and apply sandbox policy.
516 // TODO(cpu): Lock down the sandbox more if possible.
518 bool AddPolicyForGPU(CommandLine*, sandbox::TargetPolicy* policy) {
519 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
522 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
523 sandbox::USER_LIMITED);
524 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
526 policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
527 sandbox::USER_LIMITED);
534 void AddPolicyForRenderer(sandbox::TargetPolicy* policy,
536 policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
538 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
542 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
545 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);
546 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
551 if (sandbox::SBOX_ALL_OK == policy->SetAlternateDesktop(use_winsta)) {
563 namespace sandbox {
565 void InitBrokerServices(sandbox::BrokerServices* broker_services) {
614 // the built-in flash, the user forcing plugins into sandbox or the
615 // the user explicitly excluding flash from the sandbox.
628 VLOG(1) << "GPU sandbox is disabled";
638 // In process plugins won't work if the sandbox is enabled.
645 // In process WebGL won't work if the sandbox is enabled.
669 sandbox::ResultCode result;
671 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
692 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
693 sandbox::TargetPolicy::FILES_ALLOW_ANY,
695 if (result != sandbox::SBOX_ALL_OK)
699 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
700 sandbox::TargetPolicy::FILES_ALLOW_ANY,
702 if (result != sandbox::SBOX_ALL_OK)
721 if (sandbox::SBOX_ALL_OK != result)
729 // the process is in a sandbox.
736 } // namespace sandbox
