Lines Matching refs:policy
126 sandbox::TargetPolicy* policy) { in AddDirectory() argument
137 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, in AddDirectory()
147 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, in AddDirectory()
159 sandbox::TargetPolicy* policy) { in AddKeyAndSubkeys() argument
161 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, in AddKeyAndSubkeys()
167 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, in AddKeyAndSubkeys()
193 sandbox::TargetPolicy* policy) { in BlacklistAddOneDll() argument
214 policy->AddDllToUnload(alt_name.c_str()); in BlacklistAddOneDll()
216 policy->AddDllToUnload(module_name); in BlacklistAddOneDll()
224 void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { in AddDllEvictionPolicy() argument
226 BlacklistAddOneDll(kTroublesomeDlls[ix], policy); in AddDllEvictionPolicy()
230 bool AddGenericPolicy(sandbox::TargetPolicy* policy) { in AddGenericPolicy() argument
234 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, in AddGenericPolicy()
240 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, in AddGenericPolicy()
261 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, in AddGenericPolicy()
272 bool ApplyPolicyForTrustedPlugin(sandbox::TargetPolicy* policy) { in ApplyPolicyForTrustedPlugin() argument
273 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); in ApplyPolicyForTrustedPlugin()
274 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED); in ApplyPolicyForTrustedPlugin()
281 bool ApplyPolicyForUntrustedPlugin(sandbox::TargetPolicy* policy) { in ApplyPolicyForUntrustedPlugin() argument
282 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); in ApplyPolicyForUntrustedPlugin()
290 policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED); in ApplyPolicyForUntrustedPlugin()
291 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); in ApplyPolicyForUntrustedPlugin()
294 sandbox::TargetPolicy::FILES_ALLOW_ANY, policy)) in ApplyPolicyForUntrustedPlugin()
298 sandbox::TargetPolicy::FILES_ALLOW_ANY, policy)) in ApplyPolicyForUntrustedPlugin()
303 policy)) in ApplyPolicyForUntrustedPlugin()
308 policy)) in ApplyPolicyForUntrustedPlugin()
313 policy)) in ApplyPolicyForUntrustedPlugin()
318 policy)) in ApplyPolicyForUntrustedPlugin()
323 policy)) in ApplyPolicyForUntrustedPlugin()
328 policy)) in ApplyPolicyForUntrustedPlugin()
333 policy)) in ApplyPolicyForUntrustedPlugin()
339 policy)) in ApplyPolicyForUntrustedPlugin()
344 policy)) in ApplyPolicyForUntrustedPlugin()
352 policy)) in ApplyPolicyForUntrustedPlugin()
416 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) { in ApplyPolicyForBuiltInFlashPlugin() argument
417 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); in ApplyPolicyForBuiltInFlashPlugin()
420 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, in ApplyPolicyForBuiltInFlashPlugin()
422 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); in ApplyPolicyForBuiltInFlashPlugin()
424 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, in ApplyPolicyForBuiltInFlashPlugin()
429 policy)) in ApplyPolicyForBuiltInFlashPlugin()
433 policy)) in ApplyPolicyForBuiltInFlashPlugin()
438 policy)) in ApplyPolicyForBuiltInFlashPlugin()
442 AddDllEvictionPolicy(policy); in ApplyPolicyForBuiltInFlashPlugin()
469 sandbox::TargetPolicy* policy) { in AddPolicyForPlugin() argument
476 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, in AddPolicyForPlugin()
491 return ApplyPolicyForTrustedPlugin(policy); in AddPolicyForPlugin()
493 return ApplyPolicyForBuiltInFlashPlugin(policy); in AddPolicyForPlugin()
501 return ApplyPolicyForTrustedPlugin(policy); in AddPolicyForPlugin()
503 return ApplyPolicyForUntrustedPlugin(policy); in AddPolicyForPlugin()
518 bool AddPolicyForGPU(CommandLine*, sandbox::TargetPolicy* policy) { in AddPolicyForGPU() argument
519 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); in AddPolicyForGPU()
522 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, in AddPolicyForGPU()
524 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); in AddPolicyForGPU()
526 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, in AddPolicyForGPU()
530 AddDllEvictionPolicy(policy); in AddPolicyForGPU()
534 void AddPolicyForRenderer(sandbox::TargetPolicy* policy, in AddPolicyForRenderer() argument
536 policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0); in AddPolicyForRenderer()
545 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); in AddPolicyForRenderer()
546 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); in AddPolicyForRenderer()
551 if (sandbox::SBOX_ALL_OK == policy->SetAlternateDesktop(use_winsta)) { in AddPolicyForRenderer()
558 AddDllEvictionPolicy(policy); in AddPolicyForRenderer()
671 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); in StartProcessWithAccess() local
675 if (!AddPolicyForPlugin(cmd_line, policy)) in StartProcessWithAccess()
678 if (!AddPolicyForGPU(cmd_line, policy)) in StartProcessWithAccess()
681 AddPolicyForRenderer(policy, &on_sandbox_desktop); in StartProcessWithAccess()
692 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, in StartProcessWithAccess()
699 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, in StartProcessWithAccess()
706 if (!AddGenericPolicy(policy)) { in StartProcessWithAccess()
716 policy, &target); in StartProcessWithAccess()
717 policy->Release(); in StartProcessWithAccess()