| // Copyright 2019 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_DIAGNOSTIC_H_ |
| #define SANDBOX_WIN_SRC_SANDBOX_POLICY_DIAGNOSTIC_H_ |
| |
| #include <stddef.h> |
| |
| #include <memory> |
| #include <string> |
| #include <vector> |
| |
| #include "base/macros.h" |
| #include "sandbox/win/src/app_container.h" |
| #include "sandbox/win/src/handle_closer.h" |
| #include "sandbox/win/src/policy_low_level.h" |
| #include "sandbox/win/src/process_mitigations.h" |
| #include "sandbox/win/src/sandbox.h" |
| #include "sandbox/win/src/security_level.h" |
| #include "sandbox/win/src/sid.h" |
| |
| namespace sandbox { |
| |
| class PolicyBase; |
| |
| // Intended to rhyme with TargetPolicy, may eventually share a common base |
| // with a configuration holding class (i.e. this class will extend with dynamic |
| // members such as the |process_ids_| list.) |
| class PolicyDiagnostic final : public PolicyInfo { |
| public: |
| // This should quickly copy what it needs from PolicyBase. |
| explicit PolicyDiagnostic(PolicyBase* policy); |
| |
| PolicyDiagnostic(const PolicyDiagnostic&) = delete; |
| PolicyDiagnostic& operator=(const PolicyDiagnostic&) = delete; |
| |
| ~PolicyDiagnostic() override; |
| const char* JsonString() override; |
| |
| private: |
| // |json_string_| is lazily constructed. |
| std::unique_ptr<std::string> json_string_; |
| std::vector<uint32_t> process_ids_; |
| TokenLevel lockdown_level_ = USER_LAST; |
| JobLevel job_level_ = JOB_NONE; |
| IntegrityLevel desired_integrity_level_ = INTEGRITY_LEVEL_LAST; |
| MitigationFlags desired_mitigations_ = 0; |
| std::unique_ptr<Sid> app_container_sid_; |
| // Only populated if |app_container_sid_| is present. |
| std::vector<Sid> capabilities_; |
| // Only populated if |app_container_sid_| is present. |
| std::vector<Sid> initial_capabilities_; |
| AppContainerType app_container_type_ = AppContainerType::kNone; |
| std::unique_ptr<PolicyGlobal> policy_rules_; |
| bool is_csrss_connected_ = false; |
| HandleMap handles_to_close_; |
| }; |
| |
| } // namespace sandbox |
| |
| #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_DIAGNOSTIC_H_ |