security/sandbox/chromium/sandbox/win/src/handle_policy.h
author Bob Owen <bobowencode@gmail.com>
Tue, 06 Sep 2016 08:57:21 +0100
changeset 312802 a46f0e32289bb8975eef7f87d14cbd71c9c10582
parent 225142 f1688fd78a39ba08437ba6190c7cc87fe34da30e
permissions -rw-r--r--
Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld MozReview-Commit-ID: 14eHMsYZznA

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_SRC_HANDLE_POLICY_H_
#define SANDBOX_SRC_HANDLE_POLICY_H_

#include <string>

#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/policy_low_level.h"
#include "sandbox/win/src/sandbox_policy.h"

namespace sandbox {

enum EvalResult;

// This class centralizes most of the knowledge related to handle policy.
class HandlePolicy {
 public:
  // Creates the required low-level policy rules to evaluate a high-level
  // policy rule for handles, in particular duplicate action.
  static bool GenerateRules(const wchar_t* type_name,
                            TargetPolicy::Semantics semantics,
                            LowLevelPolicy* policy);

  // Processes a 'TargetPolicy::DuplicateHandle()' request from the target.
  static DWORD DuplicateHandleProxyAction(EvalResult eval_result,
                                          HANDLE source_handle,
                                          DWORD target_process_id,
                                          HANDLE* target_handle,
                                          DWORD desired_access,
                                          DWORD options);
};

}  // namespace sandbox

#endif  // SANDBOX_SRC_HANDLE_POLICY_H_