summaryrefslogtreecommitdiffstats
path: root/security/sandbox/chromium-shim/base/win/sdkdecls.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox/chromium-shim/base/win/sdkdecls.h')
-rw-r--r--security/sandbox/chromium-shim/base/win/sdkdecls.h368
1 files changed, 368 insertions, 0 deletions
diff --git a/security/sandbox/chromium-shim/base/win/sdkdecls.h b/security/sandbox/chromium-shim/base/win/sdkdecls.h
new file mode 100644
index 0000000000..b7aa855e62
--- /dev/null
+++ b/security/sandbox/chromium-shim/base/win/sdkdecls.h
@@ -0,0 +1,368 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_
+#define _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_
+
+#include <windows.h>
+
+// This file contains definitions required for things dynamically loaded
+// while building or targetting lower platform versions or lower SDKs.
+
+#if (_WIN32_WINNT < 0x0602)
+#define ProcThreadAttributeSecurityCapabilities 9
+#define PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES \
+ ProcThreadAttributeValue (ProcThreadAttributeSecurityCapabilities, FALSE, TRUE, FALSE)
+
+#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_MASK (0x00000003 << 8)
+#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_DEFER (0x00000000 << 8)
+#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8)
+#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8)
+#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8)
+#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_MASK (0x00000003 << 12)
+#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_DEFER (0x00000000 << 12)
+#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12)
+#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12)
+#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_RESERVED (0x00000003 << 12)
+#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_MASK (0x00000003 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_DEFER (0x00000000 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_RESERVED (0x00000003 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_MASK (0x00000003 << 20)
+#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_DEFER (0x00000000 << 20)
+#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20)
+#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20)
+#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_RESERVED (0x00000003 << 20)
+#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_MASK (0x00000003 << 24)
+#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_DEFER (0x00000000 << 24)
+#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24)
+#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24)
+#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_RESERVED (0x00000003 << 24)
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_MASK (0x00000003 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_DEFER (0x00000000 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_RESERVED (0x00000003 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_MASK (0x00000003uLL << 32)
+#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_DEFER (0x00000000uLL << 32)
+#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001uLL << 32)
+#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002uLL << 32)
+#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_RESERVED (0x00000003uLL << 32)
+
+typedef struct _MEMORY_PRIORITY_INFORMATION {
+ ULONG MemoryPriority;
+} MEMORY_PRIORITY_INFORMATION, *PMEMORY_PRIORITY_INFORMATION;
+
+WINBASEAPI
+BOOL
+WINAPI
+GetThreadInformation(
+ _In_ HANDLE hThread,
+ _In_ THREAD_INFORMATION_CLASS ThreadInformationClass,
+ _Out_writes_bytes_(ThreadInformationSize) LPVOID ThreadInformation,
+ _In_ DWORD ThreadInformationSize
+ );
+
+WINBASEAPI
+BOOL
+WINAPI
+SetThreadInformation(
+ _In_ HANDLE hThread,
+ _In_ THREAD_INFORMATION_CLASS ThreadInformationClass,
+ _In_reads_bytes_(ThreadInformationSize) LPVOID ThreadInformation,
+ _In_ DWORD ThreadInformationSize
+);
+
+// Check if we're including >= win8 winnt.h
+#ifndef NTDDI_WIN8
+
+typedef struct _SECURITY_CAPABILITIES {
+ PSID AppContainerSid;
+ PSID_AND_ATTRIBUTES Capabilities;
+ DWORD CapabilityCount;
+ DWORD Reserved;
+} SECURITY_CAPABILITIES, *PSECURITY_CAPABILITIES, *LPSECURITY_CAPABILITIES;
+
+typedef enum _PROCESS_MITIGATION_POLICY {
+ ProcessDEPPolicy,
+ ProcessASLRPolicy,
+ ProcessReserved1MitigationPolicy,
+ ProcessStrictHandleCheckPolicy,
+ ProcessSystemCallDisablePolicy,
+ ProcessMitigationOptionsMask,
+ ProcessExtensionPointDisablePolicy,
+ MaxProcessMitigationPolicy
+} PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY;
+
+#define LOAD_LIBRARY_SEARCH_DEFAULT_DIRS 0x00001000
+
+typedef struct _PROCESS_MITIGATION_ASLR_POLICY {
+ union {
+ DWORD Flags;
+ struct {
+ DWORD EnableBottomUpRandomization : 1;
+ DWORD EnableForceRelocateImages : 1;
+ DWORD EnableHighEntropy : 1;
+ DWORD DisallowStrippedImages : 1;
+ DWORD ReservedFlags : 28;
+ };
+ };
+} PROCESS_MITIGATION_ASLR_POLICY, *PPROCESS_MITIGATION_ASLR_POLICY;
+
+typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY {
+ union {
+ DWORD Flags;
+ struct {
+ DWORD RaiseExceptionOnInvalidHandleReference : 1;
+ DWORD HandleExceptionsPermanentlyEnabled : 1;
+ DWORD ReservedFlags : 30;
+ };
+ };
+} PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
+
+typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
+ union {
+ DWORD Flags;
+ struct {
+ DWORD DisallowWin32kSystemCalls : 1;
+ DWORD ReservedFlags : 31;
+ };
+ };
+} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
+
+typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY {
+ union {
+ DWORD Flags;
+ struct {
+ DWORD DisableExtensionPoints : 1;
+ DWORD ReservedFlags : 31;
+ };
+ };
+} PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
+
+#endif // NTDDI_WIN8
+
+WINBASEAPI
+BOOL
+WINAPI
+GetProcessMitigationPolicy(
+ _In_ HANDLE hProcess,
+ _In_ PROCESS_MITIGATION_POLICY MitigationPolicy,
+ _Out_writes_bytes_(dwLength) PVOID lpBuffer,
+ _In_ SIZE_T dwLength
+ );
+
+WINBASEAPI
+BOOL
+WINAPI
+SetProcessMitigationPolicy(
+ _In_ PROCESS_MITIGATION_POLICY MitigationPolicy,
+ _In_reads_bytes_(dwLength) PVOID lpBuffer,
+ _In_ SIZE_T dwLength
+ );
+
+#if !defined(_USERENV_)
+#define USERENVAPI DECLSPEC_IMPORT
+#else
+#define USERENVAPI
+#endif
+
+USERENVAPI
+HRESULT
+WINAPI
+CreateAppContainerProfile(_In_ PCWSTR pszAppContainerName,
+ _In_ PCWSTR pszDisplayName,
+ _In_ PCWSTR pszDescription,
+ _In_reads_opt_(dwCapabilityCount)
+ PSID_AND_ATTRIBUTES pCapabilities,
+ _In_ DWORD dwCapabilityCount,
+ _Outptr_ PSID* ppSidAppContainerSid);
+
+USERENVAPI
+HRESULT
+WINAPI
+DeleteAppContainerProfile(
+ _In_ PCWSTR pszAppContainerName);
+
+USERENVAPI
+HRESULT
+WINAPI
+GetAppContainerRegistryLocation(
+ _In_ REGSAM desiredAccess,
+ _Outptr_ PHKEY phAppContainerKey);
+
+USERENVAPI
+HRESULT
+WINAPI
+GetAppContainerFolderPath(
+ _In_ PCWSTR pszAppContainerSid,
+ _Outptr_ PWSTR *ppszPath);
+
+USERENVAPI
+HRESULT
+WINAPI
+DeriveAppContainerSidFromAppContainerName(
+ _In_ PCWSTR pszAppContainerName,
+ _Outptr_ PSID *ppsidAppContainerSid);
+
+#endif // (_WIN32_WINNT < 0x0602)
+
+#if (_WIN32_WINNT < 0x0603)
+//
+// Define dynamic code options.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_MASK (0x00000003uLL << 36)
+#define PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_DEFER (0x00000000uLL << 36)
+#define PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_ALWAYS_ON (0x00000001uLL << 36)
+#define PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_ALWAYS_OFF (0x00000002uLL << 36)
+#define PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_ALWAYS_ON_ALLOW_OPT_OUT (0x00000003uLL << 36)
+
+//
+// Define Control Flow Guard (CFG) mitigation policy options. Control Flow
+// Guard allows indirect control transfers to be checked at runtime.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_MASK (0x00000003uLL << 40)
+#define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_DEFER (0x00000000uLL << 40)
+#define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_ON (0x00000001uLL << 40)
+#define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF (0x00000002uLL << 40)
+#define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_EXPORT_SUPPRESSION (0x00000003uLL << 40)
+
+//
+// Define module signature options. When enabled, this option will
+// block mapping of non-microsoft binaries.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_MASK (0x00000003uLL << 44)
+#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_DEFER (0x00000000uLL << 44)
+#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON (0x00000001uLL << 44)
+#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_OFF (0x00000002uLL << 44)
+#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_RESERVED (0x00000003uLL << 44)
+#endif
+
+#if (_WIN32_WINNT < 0x0A00)
+//
+// Define Font Disable Policy. When enabled, this option will
+// block loading Non System Fonts.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_MASK (0x00000003uLL << 48)
+#define PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_DEFER (0x00000000uLL << 48)
+#define PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON (0x00000001uLL << 48)
+#define PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_OFF (0x00000002uLL << 48)
+#define PROCESS_CREATION_MITIGATION_POLICY_AUDIT_NONSYSTEM_FONTS (0x00000003uLL << 48)
+
+//
+// Define remote image load options. When enabled, this option will
+// block mapping of images from remote devices.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_MASK (0x00000003uLL << 52)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_DEFER (0x00000000uLL << 52)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON (0x00000001uLL << 52)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_OFF (0x00000002uLL << 52)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_RESERVED (0x00000003uLL << 52)
+
+//
+// Define low IL image load options. When enabled, this option will
+// block mapping of images that have the low mandatory label.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_MASK (0x00000003uLL << 56)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_DEFER (0x00000000uLL << 56)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON (0x00000001uLL << 56)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_OFF (0x00000002uLL << 56)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_RESERVED (0x00000003uLL << 56)
+
+//
+// Define image load options to prefer System32 images compared to
+// the same images in application directory. When enabled, this option
+// will prefer loading images from system32 folder.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_MASK (0x00000003uLL << 60)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_DEFER (0x00000000uLL << 60)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON (0x00000001uLL << 60)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_OFF (0x00000002uLL << 60)
+#define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_RESERVED (0x00000003uLL << 60)
+
+//
+// Define the restricted indirect branch prediction mitigation policy options.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_MASK (0x00000003ui64 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_DEFER (0x00000000ui64 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_ALWAYS_ON (0x00000001ui64 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_ALWAYS_OFF (0x00000002ui64 << 16)
+#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_RESERVED (0x00000003ui64 << 16)
+
+//
+// Define the user-mode shadow stack mitigation policy options.
+//
+
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_MASK (0x00000003ui64 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_DEFER (0x00000000ui64 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_ALWAYS_ON (0x00000001ui64 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_ALWAYS_OFF (0x00000002ui64 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_RESERVED (0x00000003ui64 << 28)
+#define PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_STRICT_MODE (0x00000003ui64 << 28)
+
+//
+// Define Attribute to disable creation of child process
+//
+
+#define PROCESS_CREATION_CHILD_PROCESS_RESTRICTED 0x01
+#define PROCESS_CREATION_CHILD_PROCESS_OVERRIDE 0x02
+
+//
+// Define Attribute for Desktop Appx Overide.
+//
+
+#define PROCESS_CREATION_DESKTOP_APPX_OVERRIDE 0x04
+
+#define ProcThreadAttributeChildProcessPolicy 14
+
+#define PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY \
+ ProcThreadAttributeValue (ProcThreadAttributeChildProcessPolicy, FALSE, TRUE, FALSE)
+
+//
+// Define Attribute to opt out of matching All Application Packages
+//
+
+#define PROCESS_CREATION_ALL_APPLICATION_PACKAGES_OPT_OUT 0x01
+
+#define ProcThreadAttributeAllApplicationPackagesPolicy 15
+
+#define PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \
+ ProcThreadAttributeValue (ProcThreadAttributeAllApplicationPackagesPolicy, FALSE, TRUE, FALSE)
+
+//
+// Define functions declared only when _WIN32_WINNT >= 0x0A00
+//
+
+WINBASEAPI
+BOOL
+WINAPI
+IsWow64Process2(
+ _In_ HANDLE hProcess,
+ _Out_ USHORT* pProcessMachine,
+ _Out_opt_ USHORT* pNativeMachine
+ );
+
+WINBASEAPI
+BOOL
+WINAPI
+IsUserCetAvailableInEnvironment(
+ _In_ DWORD UserCetEnvironment
+ );
+
+#define USER_CET_ENVIRONMENT_WIN32_PROCESS 0x00000000
+
+#endif // (_WIN32_WINNT < 0x0A00)
+
+#endif // _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 15:48:23 +0000