-
Notifications
You must be signed in to change notification settings - Fork 6.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use distinct methods for policy rules in sandbox
The sandbox library on Windows includes a complex rules engine to allow proxied functions to evaluate their arguments. Details of this engine leak out of the sandbox interface via the AddRule() method which allows specification of a subsystem and semantics. In practice only four actions are currently supported: allowing access to files or pipes, allowing Dlls to load under CIG and setting up GDI hooks for Win32 lockdown. This CL removes the generic AddRule method from sandbox_policy.h and replaces it with several more-specific functions, allowing deletion of the SubSystem enum. This should allow for simplification of the internals of the rules-engine without exposing these changes to the rest of Chromium. No functional changes. Bug: 1023583 Change-Id: Ia14fdd4913345ac00711a44d5efb3e753d07260f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4981986 Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#1216336}
- Loading branch information
Showing
25 changed files
with
187 additions
and
235 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.