| // Copyright 2022 The ChromiumOS Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // If this file changes, update this file upstream and update windows pre-built libraries |
| // that upstream uses. |
| // |
| // TODO(b/239836957): Add how to generate and update pre-built library. |
| |
| #![allow(deref_nullptr)] |
| |
| /* automatically generated by rust-bindgen 0.56.0 */ |
| |
| pub const JOB_OBJECT_UILIMIT_NONE: u32 = 0; |
| pub const JOB_OBJECT_UILIMIT_HANDLES: u32 = 1; |
| pub const JOB_OBJECT_UILIMIT_READCLIPBOARD: u32 = 2; |
| pub const JOB_OBJECT_UILIMIT_WRITECLIPBOARD: u32 = 4; |
| pub const JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS: u32 = 8; |
| pub const JOB_OBJECT_UILIMIT_DISPLAYSETTINGS: u32 = 16; |
| pub const JOB_OBJECT_UILIMIT_GLOBALATOMS: u32 = 32; |
| pub const JOB_OBJECT_UILIMIT_DESKTOP: u32 = 64; |
| pub const JOB_OBJECT_UILIMIT_EXITWINDOWS: u32 = 128; |
| pub const JOB_OBJECT_UILIMIT_ALL: u32 = 255; |
| pub type size_t = ::std::os::raw::c_ulonglong; |
| pub type wchar_t = ::std::os::raw::c_ushort; |
| pub type DWORD = ::std::os::raw::c_ulong; |
| pub type HANDLE = *mut ::std::os::raw::c_void; |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct _PROCESS_INFORMATION { |
| pub hProcess: HANDLE, |
| pub hThread: HANDLE, |
| pub dwProcessId: DWORD, |
| pub dwThreadId: DWORD, |
| } |
| #[test] |
| fn bindgen_test_layout__PROCESS_INFORMATION() { |
| assert_eq!( |
| ::std::mem::size_of::<_PROCESS_INFORMATION>(), |
| 24usize, |
| concat!("Size of: ", stringify!(_PROCESS_INFORMATION)) |
| ); |
| assert_eq!( |
| ::std::mem::align_of::<_PROCESS_INFORMATION>(), |
| 8usize, |
| concat!("Alignment of ", stringify!(_PROCESS_INFORMATION)) |
| ); |
| assert_eq!( |
| unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).hProcess as *const _ as usize }, |
| 0usize, |
| concat!( |
| "Offset of field: ", |
| stringify!(_PROCESS_INFORMATION), |
| "::", |
| stringify!(hProcess) |
| ) |
| ); |
| assert_eq!( |
| unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).hThread as *const _ as usize }, |
| 8usize, |
| concat!( |
| "Offset of field: ", |
| stringify!(_PROCESS_INFORMATION), |
| "::", |
| stringify!(hThread) |
| ) |
| ); |
| assert_eq!( |
| unsafe { |
| &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).dwProcessId as *const _ as usize |
| }, |
| 16usize, |
| concat!( |
| "Offset of field: ", |
| stringify!(_PROCESS_INFORMATION), |
| "::", |
| stringify!(dwProcessId) |
| ) |
| ); |
| assert_eq!( |
| unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).dwThreadId as *const _ as usize }, |
| 20usize, |
| concat!( |
| "Offset of field: ", |
| stringify!(_PROCESS_INFORMATION), |
| "::", |
| stringify!(dwThreadId) |
| ) |
| ); |
| } |
| pub type PROCESS_INFORMATION = _PROCESS_INFORMATION; |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum ResultCode { |
| SBOX_ALL_OK = 0, |
| SBOX_ERROR_GENERIC = 1, |
| SBOX_ERROR_BAD_PARAMS = 2, |
| SBOX_ERROR_UNSUPPORTED = 3, |
| SBOX_ERROR_NO_SPACE = 4, |
| SBOX_ERROR_INVALID_IPC = 5, |
| SBOX_ERROR_FAILED_IPC = 6, |
| SBOX_ERROR_NO_HANDLE = 7, |
| SBOX_ERROR_UNEXPECTED_CALL = 8, |
| SBOX_ERROR_WAIT_ALREADY_CALLED = 9, |
| SBOX_ERROR_CHANNEL_ERROR = 10, |
| SBOX_ERROR_CANNOT_CREATE_DESKTOP = 11, |
| SBOX_ERROR_CANNOT_CREATE_WINSTATION = 12, |
| SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION = 13, |
| SBOX_ERROR_INVALID_APP_CONTAINER = 14, |
| SBOX_ERROR_INVALID_CAPABILITY = 15, |
| SBOX_ERROR_CANNOT_INIT_APPCONTAINER = 16, |
| SBOX_ERROR_PROC_THREAD_ATTRIBUTES = 17, |
| SBOX_ERROR_CREATE_PROCESS = 18, |
| SBOX_ERROR_DELEGATE_PRE_SPAWN = 19, |
| SBOX_ERROR_ASSIGN_PROCESS_TO_JOB_OBJECT = 20, |
| SBOX_ERROR_SET_THREAD_TOKEN = 21, |
| SBOX_ERROR_GET_THREAD_CONTEXT = 22, |
| SBOX_ERROR_DUPLICATE_TARGET_INFO = 23, |
| SBOX_ERROR_SET_LOW_BOX_TOKEN = 24, |
| SBOX_ERROR_CREATE_FILE_MAPPING = 25, |
| SBOX_ERROR_DUPLICATE_SHARED_SECTION = 26, |
| SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION = 27, |
| SBOX_ERROR_APPLY_ASLR_MITIGATIONS = 28, |
| SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS = 29, |
| SBOX_ERROR_SETUP_INTERCEPTION_SERVICE = 30, |
| SBOX_ERROR_INITIALIZE_INTERCEPTIONS = 31, |
| SBOX_ERROR_SETUP_NTDLL_IMPORTS = 32, |
| SBOX_ERROR_SETUP_HANDLE_CLOSER = 33, |
| SBOX_ERROR_CANNOT_GET_WINSTATION = 34, |
| SBOX_ERROR_CANNOT_QUERY_WINSTATION_SECURITY = 35, |
| SBOX_ERROR_CANNOT_GET_DESKTOP = 36, |
| SBOX_ERROR_CANNOT_QUERY_DESKTOP_SECURITY = 37, |
| SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_CONFIG_BUFFER = 38, |
| SBOX_ERROR_CANNOT_COPY_DATA_TO_CHILD = 39, |
| SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_THUNK = 40, |
| SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41, |
| SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42, |
| SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS = 43, |
| SBOX_ERROR_CREATE_APPCONTAINER = 44, |
| SBOX_ERROR_CREATE_APPCONTAINER_ACCESS_CHECK = 45, |
| SBOX_ERROR_CREATE_APPCONTAINER_CAPABILITY = 46, |
| SBOX_ERROR_CANNOT_INIT_JOB = 47, |
| SBOX_ERROR_INVALID_LOWBOX_SID = 48, |
| SBOX_ERROR_CANNOT_CREATE_RESTRICTED_TOKEN = 49, |
| SBOX_ERROR_CANNOT_SET_DESKTOP_INTEGRITY = 50, |
| SBOX_ERROR_CANNOT_CREATE_LOWBOX_TOKEN = 51, |
| SBOX_ERROR_CANNOT_MODIFY_LOWBOX_TOKEN_DACL = 52, |
| SBOX_ERROR_CANNOT_CREATE_RESTRICTED_IMP_TOKEN = 53, |
| SBOX_ERROR_CANNOT_DUPLICATE_PROCESS_HANDLE = 54, |
| SBOX_ERROR_CANNOT_LOADLIBRARY_EXECUTABLE = 55, |
| SBOX_ERROR_CANNOT_FIND_VARIABLE_ADDRESS = 56, |
| SBOX_ERROR_CANNOT_WRITE_VARIABLE_VALUE = 57, |
| SBOX_ERROR_INVALID_WRITE_VARIABLE_SIZE = 58, |
| SBOX_ERROR_CANNOT_INIT_BROKERSERVICES = 59, |
| SBOX_ERROR_CANNOT_UPDATE_JOB_PROCESS_LIMIT = 60, |
| SBOX_ERROR_CANNOT_CREATE_LOWBOX_IMPERSONATION_TOKEN = 61, |
| SBOX_ERROR_UNSANDBOXED_PROCESS = 62, |
| SBOX_ERROR_LAST = 63, |
| } |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum IntegrityLevel { |
| INTEGRITY_LEVEL_SYSTEM = 0, |
| INTEGRITY_LEVEL_HIGH = 1, |
| INTEGRITY_LEVEL_MEDIUM = 2, |
| INTEGRITY_LEVEL_MEDIUM_LOW = 3, |
| INTEGRITY_LEVEL_LOW = 4, |
| INTEGRITY_LEVEL_BELOW_LOW = 5, |
| INTEGRITY_LEVEL_UNTRUSTED = 6, |
| INTEGRITY_LEVEL_LAST = 7, |
| } |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum TokenLevel { |
| USER_LOCKDOWN = 0, |
| USER_RESTRICTED = 1, |
| USER_LIMITED = 2, |
| USER_INTERACTIVE = 3, |
| USER_RESTRICTED_NON_ADMIN = 4, |
| USER_NON_ADMIN = 5, |
| USER_RESTRICTED_SAME_ACCESS = 6, |
| USER_UNPROTECTED = 7, |
| USER_LAST = 8, |
| } |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum JobLevel { |
| JOB_LOCKDOWN = 0, |
| JOB_RESTRICTED = 1, |
| JOB_LIMITED_USER = 2, |
| JOB_INTERACTIVE = 3, |
| JOB_UNPROTECTED = 4, |
| JOB_NONE = 5, |
| } |
| pub type MitigationFlags = u64; |
| pub const MITIGATION_DEP: MitigationFlags = 1; |
| pub const MITIGATION_DEP_NO_ATL_THUNK: MitigationFlags = 2; |
| pub const MITIGATION_SEHOP: MitigationFlags = 4; |
| pub const MITIGATION_RELOCATE_IMAGE: MitigationFlags = 8; |
| pub const MITIGATION_RELOCATE_IMAGE_REQUIRED: MitigationFlags = 16; |
| pub const MITIGATION_HEAP_TERMINATE: MitigationFlags = 32; |
| pub const MITIGATION_BOTTOM_UP_ASLR: MitigationFlags = 64; |
| pub const MITIGATION_HIGH_ENTROPY_ASLR: MitigationFlags = 128; |
| pub const MITIGATION_STRICT_HANDLE_CHECKS: MitigationFlags = 256; |
| pub const MITIGATION_DLL_SEARCH_ORDER: MitigationFlags = 512; |
| pub const MITIGATION_HARDEN_TOKEN_IL_POLICY: MitigationFlags = 1024; |
| pub const MITIGATION_WIN32K_DISABLE: MitigationFlags = 2048; |
| pub const MITIGATION_EXTENSION_POINT_DISABLE: MitigationFlags = 4096; |
| pub const MITIGATION_DYNAMIC_CODE_DISABLE: MitigationFlags = 8192; |
| pub const MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT: MitigationFlags = 16384; |
| pub const MITIGATION_DYNAMIC_CODE_OPT_OUT_THIS_THREAD: MitigationFlags = 32768; |
| pub const MITIGATION_NONSYSTEM_FONT_DISABLE: MitigationFlags = 65536; |
| pub const MITIGATION_FORCE_MS_SIGNED_BINS: MitigationFlags = 131072; |
| pub const MITIGATION_IMAGE_LOAD_NO_REMOTE: MitigationFlags = 262144; |
| pub const MITIGATION_IMAGE_LOAD_NO_LOW_LABEL: MitigationFlags = 524288; |
| pub const MITIGATION_IMAGE_LOAD_PREFER_SYS32: MitigationFlags = 1048576; |
| pub const MITIGATION_RESTRICT_INDIRECT_BRANCH_PREDICTION: MitigationFlags = 2097152; |
| pub const MITIGATION_CET_DISABLED: MitigationFlags = 4194304; |
| pub const MITIGATION_KTM_COMPONENT: MitigationFlags = 8388608; |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum SubSystem { |
| SUBSYS_FILES = 0, |
| SUBSYS_NAMED_PIPES = 1, |
| SUBSYS_PROCESS = 2, |
| SUBSYS_REGISTRY = 3, |
| SUBSYS_SYNC = 4, |
| SUBSYS_WIN32K_LOCKDOWN = 5, |
| SUBSYS_SIGNED_BINARY = 6, |
| SUBSYS_SOCKET = 7, |
| } |
| #[repr(i32)] |
| #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] |
| pub enum Semantics { |
| FILES_ALLOW_ANY = 0, |
| FILES_ALLOW_READONLY = 1, |
| FILES_ALLOW_QUERY = 2, |
| FILES_ALLOW_DIR_ANY = 3, |
| NAMEDPIPES_ALLOW_ANY = 4, |
| PROCESS_MIN_EXEC = 5, |
| PROCESS_ALL_EXEC = 6, |
| EVENTS_ALLOW_ANY = 7, |
| EVENTS_ALLOW_READONLY = 8, |
| REG_ALLOW_READONLY = 9, |
| REG_ALLOW_ANY = 10, |
| FAKE_USER_GDI_INIT = 11, |
| SIGNED_ALLOW_LOAD = 12, |
| SOCKET_ALLOW_BROKER = 13, |
| } |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct BrokerServices { |
| _unused: [u8; 0], |
| } |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct TargetServices { |
| _unused: [u8; 0], |
| } |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct ProcessState { |
| _unused: [u8; 0], |
| } |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct TargetPolicy { |
| _unused: [u8; 0], |
| } |
| #[repr(C)] |
| #[derive(Debug, Copy, Clone)] |
| pub struct PolicyInfo { |
| _unused: [u8; 0], |
| } |
| extern "C" { |
| pub fn sbox_broker_init(broker: *mut BrokerServices) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_create_policy(broker: *mut BrokerServices) -> *mut TargetPolicy; |
| } |
| extern "C" { |
| pub fn sbox_release_policy(policy: *mut TargetPolicy); |
| } |
| extern "C" { |
| pub fn sbox_spawn_target( |
| broker: *mut BrokerServices, |
| exe_path: *const wchar_t, |
| command_line: *const wchar_t, |
| policy: *mut TargetPolicy, |
| last_warning: *mut ResultCode, |
| last_error: *mut DWORD, |
| target: *mut PROCESS_INFORMATION, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_wait_for_all_targets(broker: *mut BrokerServices) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_target_init(target: *mut TargetServices) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_lower_token(target: *mut TargetServices); |
| } |
| extern "C" { |
| pub fn sbox_get_state(target: *mut TargetServices) -> *mut ProcessState; |
| } |
| extern "C" { |
| pub fn get_broker_services() -> *mut BrokerServices; |
| } |
| extern "C" { |
| pub fn get_target_services() -> *mut TargetServices; |
| } |
| extern "C" { |
| pub fn sbox_set_token_level( |
| policy: *mut TargetPolicy, |
| initial: TokenLevel, |
| lockdown: TokenLevel, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_initial_token_level(policy: *mut TargetPolicy) -> TokenLevel; |
| } |
| extern "C" { |
| pub fn sbox_get_lockdown_token_level(policy: *mut TargetPolicy) -> TokenLevel; |
| } |
| extern "C" { |
| pub fn sbox_set_job_level( |
| policy: *mut TargetPolicy, |
| job_level: JobLevel, |
| ui_exceptions: u32, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_job_level(policy: *mut TargetPolicy) -> JobLevel; |
| } |
| extern "C" { |
| pub fn sbox_set_job_memory_limit(policy: *mut TargetPolicy, memory_limit: size_t) |
| -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_set_integrity_level(policy: *mut TargetPolicy, level: IntegrityLevel) |
| -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_set_delayed_integrity_level( |
| policy: *mut TargetPolicy, |
| level: IntegrityLevel, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_integrity_level(policy: *mut TargetPolicy) -> IntegrityLevel; |
| } |
| extern "C" { |
| pub fn sbox_set_alternate_desktop( |
| policy: *mut TargetPolicy, |
| alternate_winstation: bool, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_create_alternate_desktop( |
| policy: *mut TargetPolicy, |
| alternate_winstation: bool, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_destroy_alternate_desktop(policy: *mut TargetPolicy); |
| } |
| extern "C" { |
| pub fn sbox_set_lowbox(policy: *mut TargetPolicy, sid: *const wchar_t) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_set_process_mitigations( |
| policy: *mut TargetPolicy, |
| flags: MitigationFlags, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_process_mitigations(policy: *mut TargetPolicy) -> MitigationFlags; |
| } |
| extern "C" { |
| pub fn sbox_set_delayed_process_mitigations( |
| policy: *mut TargetPolicy, |
| flags: MitigationFlags, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_delayed_process_mitigations(policy: *mut TargetPolicy) -> MitigationFlags; |
| } |
| extern "C" { |
| pub fn sbox_set_disconnect_csrss(policy: *mut TargetPolicy) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_set_strict_interceptions(policy: *mut TargetPolicy); |
| } |
| extern "C" { |
| pub fn sbox_set_stdout_handle(policy: *mut TargetPolicy, handle: HANDLE) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_set_stderr_handle(policy: *mut TargetPolicy, handle: HANDLE) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_add_rule( |
| policy: *mut TargetPolicy, |
| subsystem: SubSystem, |
| semantics: Semantics, |
| pattern: *const wchar_t, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_add_dll_to_unload( |
| policy: *mut TargetPolicy, |
| dll_name: *const wchar_t, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_add_kernel_object_to_close( |
| policy: *mut TargetPolicy, |
| handle_type: *const wchar_t, |
| handle_name: *const wchar_t, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_add_handle_to_share(policy: *mut TargetPolicy, handle: HANDLE); |
| } |
| extern "C" { |
| pub fn sbox_set_lockdown_default_dacl(policy: *mut TargetPolicy); |
| } |
| extern "C" { |
| pub fn sbox_add_restricting_random_sid(policy: *mut TargetPolicy); |
| } |
| extern "C" { |
| pub fn sbox_add_app_container_profile( |
| policy: *mut TargetPolicy, |
| package_name: *const wchar_t, |
| create_profile: bool, |
| ) -> ResultCode; |
| } |
| extern "C" { |
| pub fn sbox_get_policy_info(policy: *mut TargetPolicy) -> *mut PolicyInfo; |
| } |
| extern "C" { |
| pub fn sbox_release_policy_info(policy_info: *mut PolicyInfo); |
| } |
| extern "C" { |
| pub fn sbox_policy_info_json_string( |
| policy_info: *mut PolicyInfo, |
| ) -> *const ::std::os::raw::c_char; |
| } |
