sandbox 22 apps/shell/app/shell_main.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 22 ash/shell/shell_main.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 17 chrome/app/chrome_main.cc sandbox::SandboxInterfaceInfo* sandbox_info); sandbox 28 chrome/app/chrome_main.cc sandbox::SandboxInterfaceInfo* sandbox_info) { sandbox 42 chrome/app/client_util.cc typedef int (*DLL_MAIN)(HINSTANCE, sandbox::SandboxInterfaceInfo*); sandbox 289 chrome/app/client_util.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 16 chrome/app/client_util.h namespace sandbox { sandbox 2679 chrome/browser/chrome_content_browser_client.cc sandbox::TargetPolicy* policy, sandbox 2685 chrome/browser/chrome_content_browser_client.cc sandbox::ResultCode result = policy->AddRule( sandbox 2686 chrome/browser/chrome_content_browser_client.cc sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 2687 chrome/browser/chrome_content_browser_client.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 2689 chrome/browser/chrome_content_browser_client.cc if (result != sandbox::SBOX_ALL_OK) { sandbox 2696 chrome/browser/chrome_content_browser_client.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, sandbox 2697 chrome/browser/chrome_content_browser_client.cc sandbox::TargetPolicy::HANDLES_DUP_ANY, sandbox 2699 chrome/browser/chrome_content_browser_client.cc if (result != sandbox::SBOX_ALL_OK) { sandbox 278 chrome/browser/chrome_content_browser_client.h virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, sandbox 14 chrome/test/security_tests/security_tests.cc using sandbox::TestOpenKey; sandbox 15 chrome/test/security_tests/security_tests.cc using sandbox::TestOpenReadFile; sandbox 16 chrome/test/security_tests/security_tests.cc using sandbox::TestOpenWriteFile; sandbox 19 chrome/test/security_tests/security_tests.cc if (sandbox::SBOX_TEST_DENIED != x) { \ sandbox 41 chrome_elf/blacklist/blacklist.cc __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; sandbox 252 chrome_elf/blacklist/blacklist.cc sandbox::ServiceResolverThunk* thunk = GetThunk(kRelaxed); sandbox 306 chrome_elf/blacklist/blacklist.cc NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName), sandbox 312 chrome_elf/blacklist/blacklist.cc sizeof(sandbox::ThunkData), sandbox 326 chrome_elf/blacklist/blacklist.cc NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName), sandbox 332 chrome_elf/blacklist/blacklist.cc sizeof(sandbox::ThunkData), sandbox 34 chrome_elf/blacklist/blacklist_interceptions.cc HMODULE ntdll = ::GetModuleHandle(sandbox::kNtdllName); sandbox 133 chrome_elf/blacklist/blacklist_interceptions.cc *flags |= sandbox::MODULE_IS_PE_IMAGE; sandbox 147 chrome_elf/blacklist/blacklist_interceptions.cc *flags |= sandbox::MODULE_HAS_ENTRY_POINT; sandbox 149 chrome_elf/blacklist/blacklist_interceptions.cc *flags |= sandbox::MODULE_HAS_CODE; sandbox 201 chrome_elf/blacklist/blacklist_interceptions.cc if (module_name.empty() && (image_flags & sandbox::MODULE_HAS_CODE)) { sandbox 213 chrome_elf/create_file/chrome_create_file.cc char thunk_buffer[sizeof(sandbox::ThunkData)] = {}; sandbox 218 chrome_elf/create_file/chrome_create_file.cc memcpy(&thunk_buffer, &g_nt_thunk_storage, sizeof(sandbox::ThunkData)); sandbox 23 chrome_elf/ntdll_cache.cc __declspec(allocate(".crthunk")) sandbox::ThunkData g_nt_thunk_storage; sandbox 57 chrome_elf/ntdll_cache.cc scoped_ptr<sandbox::ServiceResolverThunk> thunk(GetThunk(kRelaxed)); sandbox 73 chrome_elf/ntdll_cache.cc NTSTATUS ret = thunk->CopyThunk(::GetModuleHandle(sandbox::kNtdllName), sandbox 76 chrome_elf/ntdll_cache.cc sizeof(sandbox::ThunkData), sandbox 10 chrome_elf/ntdll_cache.h namespace sandbox { sandbox 19 chrome_elf/ntdll_cache.h extern sandbox::ThunkData g_nt_thunk_storage; sandbox 112 chrome_elf/thunk_getter.cc sandbox::ServiceResolverThunk* GetThunk(bool relaxed) { sandbox 114 chrome_elf/thunk_getter.cc sandbox::ServiceResolverThunk* thunk = NULL; sandbox 127 chrome_elf/thunk_getter.cc thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); sandbox 131 chrome_elf/thunk_getter.cc thunk = new sandbox::Wow64W8ResolverThunk(current_process, relaxed); sandbox 133 chrome_elf/thunk_getter.cc thunk = new sandbox::Wow64ResolverThunk(current_process, relaxed); sandbox 135 chrome_elf/thunk_getter.cc thunk = new sandbox::Win8ResolverThunk(current_process, relaxed); sandbox 137 chrome_elf/thunk_getter.cc thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); sandbox 8 chrome_elf/thunk_getter.h namespace sandbox { sandbox 14 chrome_elf/thunk_getter.h sandbox::ServiceResolverThunk* GetThunk(bool relaxed); sandbox 50 components/nacl/broker/nacl_broker_listener.cc void NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 57 components/nacl/broker/nacl_broker_listener.cc sandbox::ResultCode result = policy->AddRule( sandbox 58 components/nacl/broker/nacl_broker_listener.cc sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 59 components/nacl/broker/nacl_broker_listener.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 61 components/nacl/broker/nacl_broker_listener.cc *success = (result == sandbox::SBOX_ALL_OK); sandbox 29 components/nacl/broker/nacl_broker_listener.h virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 363 components/nacl/loader/nacl_helper_linux.cc sandbox::InitLibcUrandomOverrides(); sandbox 49 components/nacl/loader/nacl_helper_win_64.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 19 components/nacl/loader/nacl_main_platform_delegate_win.cc sandbox::TargetServices* target_services = sandbox 23 components/nacl/loader/nacl_sandbox_linux.cc using sandbox::ErrorCode; sandbox 24 components/nacl/loader/nacl_sandbox_linux.cc using sandbox::SandboxBPF; sandbox 25 components/nacl/loader/nacl_sandbox_linux.cc using sandbox::SandboxBPFPolicy; sandbox 72 components/nacl/loader/nacl_sandbox_linux.cc sandbox::SandboxBPF* sb, int sysno) const { sandbox 855 content/app/content_main_runner.cc sandbox::SandboxInterfaceInfo sandbox_info_; sandbox 38 content/app/startup_helper_win.cc void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) { sandbox 39 content/app/startup_helper_win.cc info->broker_services = sandbox::SandboxFactory::GetBrokerServices(); sandbox 41 content/app/startup_helper_win.cc info->target_services = sandbox::SandboxFactory::GetTargetServices(); sandbox 44 content/app/startup_helper_win.cc sandbox::ApplyProcessMitigationsToCurrentProcess( sandbox 45 content/app/startup_helper_win.cc sandbox::MITIGATION_DEP | sandbox 46 content/app/startup_helper_win.cc sandbox::MITIGATION_DEP_NO_ATL_THUNK); sandbox 190 content/browser/gpu/gpu_process_host.cc bool sandbox = !cmd_line_->HasSwitch(switches::kDisableGpuSandbox); sandbox 191 content/browser/gpu/gpu_process_host.cc if(! sandbox) { sandbox 194 content/browser/gpu/gpu_process_host.cc return sandbox; sandbox 206 content/browser/gpu/gpu_process_host.cc virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 212 content/browser/gpu/gpu_process_host.cc policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, sandbox 213 content/browser/gpu/gpu_process_host.cc sandbox::USER_LIMITED); sandbox 214 content/browser/gpu/gpu_process_host.cc SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); sandbox 215 content/browser/gpu/gpu_process_host.cc policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); sandbox 217 content/browser/gpu/gpu_process_host.cc policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, sandbox 218 content/browser/gpu/gpu_process_host.cc sandbox::USER_LIMITED); sandbox 227 content/browser/gpu/gpu_process_host.cc sandbox::JOB_LIMITED_USER, sandbox 234 content/browser/gpu/gpu_process_host.cc policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); sandbox 237 content/browser/gpu/gpu_process_host.cc SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); sandbox 238 content/browser/gpu/gpu_process_host.cc policy->SetTokenLevel(sandbox::USER_UNPROTECTED, sandbox 239 content/browser/gpu/gpu_process_host.cc sandbox::USER_LIMITED); sandbox 244 content/browser/gpu/gpu_process_host.cc sandbox::ResultCode result = policy->AddRule( sandbox 245 content/browser/gpu/gpu_process_host.cc sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 246 content/browser/gpu/gpu_process_host.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 248 content/browser/gpu/gpu_process_host.cc if (result != sandbox::SBOX_ALL_OK) { sandbox 259 content/browser/gpu/gpu_process_host.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, sandbox 260 content/browser/gpu/gpu_process_host.cc sandbox::TargetPolicy::HANDLES_DUP_BROKER, sandbox 262 content/browser/gpu/gpu_process_host.cc if (result != sandbox::SBOX_ALL_OK) { sandbox 271 content/browser/gpu/gpu_process_host.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, sandbox 272 content/browser/gpu/gpu_process_host.cc sandbox::TargetPolicy::FILES_ALLOW_ANY, sandbox 274 content/browser/gpu/gpu_process_host.cc if (result != sandbox::SBOX_ALL_OK) { sandbox 58 content/browser/ppapi_plugin_process_host.cc virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 64 content/browser/ppapi_plugin_process_host.cc sandbox::ResultCode result; sandbox 65 content/browser/ppapi_plugin_process_host.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 66 content/browser/ppapi_plugin_process_host.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 68 content/browser/ppapi_plugin_process_host.cc *success = (result == sandbox::SBOX_ALL_OK); sandbox 305 content/browser/renderer_host/render_process_host_impl.cc virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 82 content/browser/worker_host/worker_process_host.cc virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 143 content/browser/zygote_host/zygote_host_impl_linux.cc scoped_ptr<sandbox::SetuidSandboxClient> sandbox 144 content/browser/zygote_host/zygote_host_impl_linux.cc sandbox_client(sandbox::SetuidSandboxClient::Create()); sandbox 446 content/browser/zygote_host/zygote_host_impl_linux.cc adj_oom_score_cmdline.push_back(sandbox::kAdjustOOMScoreSwitch); sandbox 28 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeProcess] = ProcessHandle; sandbox 29 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeThread] = ThreadHandle; sandbox 30 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeFile] = FileHandle; sandbox 31 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeDirectory] = DirectoryHandle; sandbox 32 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeKey] = KeyHandle; sandbox 33 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeWindowStation] = WindowStationHandle; sandbox 34 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeDesktop] = DesktopHandle; sandbox 35 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeService] = ServiceHandle; sandbox 36 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeMutex] = MutexHandle; sandbox 37 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeSemaphore] = SemaphoreHandle; sandbox 38 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeEvent] = EventHandle; sandbox 39 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeTimer] = TimerHandle; sandbox 40 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeNamedPipe] = NamedPipeHandle; sandbox 41 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeJobObject] = JobHandle; sandbox 42 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeFileMap] = FileMapHandle; sandbox 43 content/common/handle_enumerator_win.cc handle_types[sandbox::HandleTable::kTypeAlpcPort] = AlpcPortHandle; sandbox 53 content/common/handle_enumerator_win.cc sandbox::HandleTable handles; sandbox 59 content/common/handle_enumerator_win.cc for (sandbox::HandleTable::Iterator sys_handle sandbox 16 content/common/sandbox_init_win.cc bool InitializeSandbox(sandbox::SandboxInterfaceInfo* sandbox_info) { sandbox 18 content/common/sandbox_init_win.cc sandbox::BrokerServices* broker_services = sandbox_info->broker_services; sandbox 31 content/common/sandbox_init_win.cc sandbox::TargetPolicy* policy = broker_services->CreatePolicy(); sandbox 32 content/common/sandbox_init_win.cc sandbox::ResultCode result = policy->CreateAlternateDesktop(use_winsta); sandbox 33 content/common/sandbox_init_win.cc CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result); sandbox 42 content/common/sandbox_init_win.cc sandbox::TargetServices* target_services = sandbox_info->target_services; sandbox 29 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc using sandbox::ErrorCode; sandbox 30 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc using sandbox::SandboxBPF; sandbox 31 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc using sandbox::SyscallSets; sandbox 109 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ErrorCode CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 117 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc return CrosArmGpuProcessPolicy::EvaluateSyscall(sandbox, sysno); sandbox 128 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ErrorCode CrosArmGpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 148 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, sandbox 158 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc return GpuProcessPolicy::EvaluateSyscall(sandbox, sysno); sandbox 174 content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>( sandbox 33 content/common/sandbox_linux/bpf_gpu_policy_linux.cc using sandbox::BrokerProcess; sandbox 34 content/common/sandbox_linux/bpf_gpu_policy_linux.cc using sandbox::ErrorCode; sandbox 35 content/common/sandbox_linux/bpf_gpu_policy_linux.cc using sandbox::SandboxBPF; sandbox 36 content/common/sandbox_linux/bpf_gpu_policy_linux.cc using sandbox::SyscallSets; sandbox 37 content/common/sandbox_linux/bpf_gpu_policy_linux.cc using sandbox::arch_seccomp_data; sandbox 122 content/common/sandbox_linux/bpf_gpu_policy_linux.cc ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 130 content/common/sandbox_linux/bpf_gpu_policy_linux.cc return GpuProcessPolicy::EvaluateSyscall(sandbox, sysno); sandbox 161 content/common/sandbox_linux/bpf_gpu_policy_linux.cc ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 181 content/common/sandbox_linux/bpf_gpu_policy_linux.cc return sandbox->Trap(GpuSIGSYS_Handler, broker_process_); sandbox 187 content/common/sandbox_linux/bpf_gpu_policy_linux.cc return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); sandbox 202 content/common/sandbox_linux/bpf_gpu_policy_linux.cc base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>( sandbox 14 content/common/sandbox_linux/bpf_gpu_policy_linux.h namespace sandbox { sandbox 42 content/common/sandbox_linux/bpf_gpu_policy_linux.h sandbox::BrokerProcess* broker_process() { return broker_process_; } sandbox 52 content/common/sandbox_linux/bpf_gpu_policy_linux.h sandbox::BrokerProcess* broker_process_; sandbox 17 content/common/sandbox_linux/bpf_ppapi_policy_linux.cc using sandbox::SyscallSets; sandbox 36 content/common/sandbox_linux/bpf_ppapi_policy_linux.cc ErrorCode PpapiProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 40 content/common/sandbox_linux/bpf_ppapi_policy_linux.cc return sandbox::RestrictCloneToThreadsAndEPERMFork(sandbox); sandbox 66 content/common/sandbox_linux/bpf_ppapi_policy_linux.cc return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); sandbox 17 content/common/sandbox_linux/bpf_renderer_policy_linux.cc using sandbox::SyscallSets; sandbox 36 content/common/sandbox_linux/bpf_renderer_policy_linux.cc ErrorCode RendererProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 40 content/common/sandbox_linux/bpf_renderer_policy_linux.cc return sandbox::RestrictCloneToThreadsAndEPERMFork(sandbox); sandbox 42 content/common/sandbox_linux/bpf_renderer_policy_linux.cc return sandbox::RestrictIoctl(sandbox); sandbox 44 content/common/sandbox_linux/bpf_renderer_policy_linux.cc return sandbox::RestrictPrctl(sandbox); sandbox 87 content/common/sandbox_linux/bpf_renderer_policy_linux.cc return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); sandbox 22 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.cc : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {} sandbox 13 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h using sandbox::ErrorCode; sandbox 14 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h using sandbox::SandboxBPF; sandbox 22 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h class SandboxBPFBasePolicy : public sandbox::SandboxBPFPolicy { sandbox 43 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h scoped_ptr<sandbox::BaselinePolicy> baseline_policy_; sandbox 13 content/common/sandbox_linux/sandbox_init_linux.cc bool InitializeSandbox(scoped_ptr<sandbox::SandboxBPFPolicy> policy) { sandbox 17 content/common/sandbox_linux/sandbox_init_linux.cc scoped_ptr<sandbox::SandboxBPFPolicy> GetBPFSandboxBaselinePolicy() { sandbox 36 content/common/sandbox_linux/sandbox_linux.cc using sandbox::Yama; sandbox 109 content/common/sandbox_linux/sandbox_linux.cc setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { sandbox 227 content/common/sandbox_linux/sandbox_linux.cc sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get()); sandbox 237 content/common/sandbox_linux/sandbox_linux.cc sandbox::SetuidSandboxClient* sandbox 369 content/common/sandbox_linux/sandbox_linux.cc return sandbox::Credentials().HasOpenDirectory(proc_fd_); sandbox 399 content/common/sandbox_linux/sandbox_linux.cc CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), sandbox 18 content/common/sandbox_linux/sandbox_linux.h namespace sandbox { class SetuidSandboxClient; } sandbox 74 content/common/sandbox_linux/sandbox_linux.h sandbox::SetuidSandboxClient* setuid_sandbox_client() const; sandbox 119 content/common/sandbox_linux/sandbox_linux.h scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; sandbox 38 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc using sandbox::BaselinePolicy; sandbox 39 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc using sandbox::SyscallSets; sandbox 56 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy); sandbox 86 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc ErrorCode BlacklistDebugAndNumaPolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 93 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc return sandbox->Trap(sandbox::CrashSIGSYS_Handler, NULL); sandbox 154 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy) { sandbox 160 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc SandboxBPF sandbox; sandbox 161 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc sandbox.SetSandboxPolicy(policy); sandbox 162 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc sandbox.StartSandbox(); sandbox 283 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc scoped_ptr<sandbox::SandboxBPFPolicy> policy) { sandbox 294 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc scoped_ptr<sandbox::SandboxBPFPolicy> sandbox 297 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); sandbox 299 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc return scoped_ptr<sandbox::SandboxBPFPolicy>(); sandbox 13 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h namespace sandbox { sandbox 42 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h scoped_ptr<sandbox::SandboxBPFPolicy> policy); sandbox 44 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h static scoped_ptr<sandbox::SandboxBPFPolicy> GetBaselinePolicy(); sandbox 34 content/common/sandbox_win.cc static sandbox::BrokerServices* g_broker_services = NULL; sandbox 35 content/common/sandbox_win.cc static sandbox::TargetServices* g_target_services = NULL; sandbox 113 content/common/sandbox_win.cc sandbox::TargetPolicy::Semantics access, sandbox 114 content/common/sandbox_win.cc sandbox::TargetPolicy* policy) { sandbox 122 content/common/sandbox_win.cc sandbox::ResultCode result; sandbox 123 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, sandbox 125 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 133 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, sandbox 135 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 144 content/common/sandbox_win.cc sandbox::TargetPolicy::Semantics access, sandbox 145 content/common/sandbox_win.cc sandbox::TargetPolicy* policy) { sandbox 146 content/common/sandbox_win.cc sandbox::ResultCode result; sandbox 147 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, sandbox 149 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 153 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, sandbox 155 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 180 content/common/sandbox_win.cc sandbox::TargetPolicy* policy) { sandbox 217 content/common/sandbox_win.cc void AddGenericDllEvictionPolicy(sandbox::TargetPolicy* policy) { sandbox 274 content/common/sandbox_win.cc bool AddGenericPolicy(sandbox::TargetPolicy* policy) { sandbox 275 content/common/sandbox_win.cc sandbox::ResultCode result; sandbox 279 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, sandbox 280 content/common/sandbox_win.cc sandbox::TargetPolicy::HANDLES_DUP_ANY, sandbox 282 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 288 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, sandbox 289 content/common/sandbox_win.cc sandbox::TargetPolicy::FILES_ALLOW_ANY, sandbox 291 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 298 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 299 content/common/sandbox_win.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 301 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 306 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, sandbox 307 content/common/sandbox_win.cc sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, sandbox 309 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 327 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, sandbox 328 content/common/sandbox_win.cc sandbox::TargetPolicy::PROCESS_MIN_EXEC, sandbox 330 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 339 content/common/sandbox_win.cc bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) { sandbox 340 content/common/sandbox_win.cc sandbox::ResultCode result; sandbox 342 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, sandbox 343 content/common/sandbox_win.cc sandbox::TargetPolicy::HANDLES_DUP_ANY, sandbox 345 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 348 content/common/sandbox_win.cc sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; sandbox 352 content/common/sandbox_win.cc initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; sandbox 355 content/common/sandbox_win.cc policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); sandbox 357 content/common/sandbox_win.cc policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED); sandbox 362 content/common/sandbox_win.cc if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(use_winsta)) { sandbox 509 content/common/sandbox_win.cc sandbox::JobLevel job_level, sandbox 511 content/common/sandbox_win.cc sandbox::TargetPolicy* policy) { sandbox 515 content/common/sandbox_win.cc policy->SetJobLevel(sandbox::JOB_NONE, 0); sandbox 520 content/common/sandbox_win.cc void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { sandbox 527 content/common/sandbox_win.cc bool InitBrokerServices(sandbox::BrokerServices* broker_services) { sandbox 532 content/common/sandbox_win.cc sandbox::ResultCode result = broker_services->Init(); sandbox 563 content/common/sandbox_win.cc return sandbox::SBOX_ALL_OK == result; sandbox 566 content/common/sandbox_win.cc bool InitTargetServices(sandbox::TargetServices* target_services) { sandbox 569 content/common/sandbox_win.cc sandbox::ResultCode result = target_services->Init(); sandbox 571 content/common/sandbox_win.cc return sandbox::SBOX_ALL_OK == result; sandbox 623 content/common/sandbox_win.cc sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); sandbox 625 content/common/sandbox_win.cc sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | sandbox 626 content/common/sandbox_win.cc sandbox::MITIGATION_BOTTOM_UP_ASLR | sandbox 627 content/common/sandbox_win.cc sandbox::MITIGATION_DEP | sandbox 628 content/common/sandbox_win.cc sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox 629 content/common/sandbox_win.cc sandbox::MITIGATION_SEHOP; sandbox 631 content/common/sandbox_win.cc if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) sandbox 634 content/common/sandbox_win.cc mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS | sandbox 635 content/common/sandbox_win.cc sandbox::MITIGATION_DLL_SEARCH_ORDER; sandbox 637 content/common/sandbox_win.cc if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) sandbox 640 content/common/sandbox_win.cc SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); sandbox 655 content/common/sandbox_win.cc sandbox::TargetPolicy::FILES_ALLOW_READONLY, sandbox 665 content/common/sandbox_win.cc sandbox::ResultCode result; sandbox 667 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, sandbox 668 content/common/sandbox_win.cc sandbox::TargetPolicy::FILES_ALLOW_ANY, sandbox 670 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 674 content/common/sandbox_win.cc result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, sandbox 675 content/common/sandbox_win.cc sandbox::TargetPolicy::FILES_ALLOW_ANY, sandbox 677 content/common/sandbox_win.cc if (result != sandbox::SBOX_ALL_OK) sandbox 712 content/common/sandbox_win.cc if (sandbox::SBOX_ALL_OK != result) { sandbox 713 content/common/sandbox_win.cc if (result == sandbox::SBOX_ERROR_GENERIC) sandbox 750 content/common/sandbox_win.cc options) == sandbox::SBOX_ALL_OK) { sandbox 768 content/common/sandbox_win.cc return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; sandbox 14 content/common/sandbox_win.h namespace sandbox { sandbox 25 content/common/sandbox_win.h sandbox::JobLevel job_level, sandbox 27 content/common/sandbox_win.h sandbox::TargetPolicy* policy); sandbox 30 content/common/sandbox_win.h void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy); sandbox 32 content/common/sandbox_win.h bool InitBrokerServices(sandbox::BrokerServices* broker_services); sandbox 34 content/common/sandbox_win.h bool InitTargetServices(sandbox::TargetServices* target_services); sandbox 25 content/gpu/gpu_child_thread.h namespace sandbox { sandbox 83 content/gpu/gpu_child_thread.h sandbox::TargetServices* target_services_; sandbox 64 content/gpu/gpu_main.cc bool StartSandboxWindows(const sandbox::SandboxInterfaceInfo*); sandbox 443 content/gpu/gpu_main.cc bool StartSandboxWindows(const sandbox::SandboxInterfaceInfo* sandbox_info) { sandbox 449 content/gpu/gpu_main.cc sandbox::TargetServices* target_services = sandbox_info->target_services; sandbox 42 content/ppapi_plugin/ppapi_plugin_main.cc sandbox::TargetServices* g_target_services = NULL; sandbox 61 content/ppapi_plugin/ppapi_thread.cc extern sandbox::TargetServices* g_target_services; sandbox 18 content/public/app/content_main.h namespace sandbox { sandbox 45 content/public/app/content_main.h sandbox::SandboxInterfaceInfo* sandbox_info; sandbox 12 content/public/app/startup_helper_win.h namespace sandbox { sandbox 26 content/public/app/startup_helper_win.h void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* sandbox_info); sandbox 68 content/public/browser/content_browser_client.h namespace sandbox { sandbox 630 content/public/browser/content_browser_client.h virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, sandbox 36 content/public/common/content_client.h namespace sandbox { sandbox 16 content/public/common/main_function_params.h namespace sandbox { sandbox 43 content/public/common/main_function_params.h sandbox::SandboxInterfaceInfo* sandbox_info; sandbox 18 content/public/common/sandbox_init.h namespace sandbox { sandbox 36 content/public/common/sandbox_init.h sandbox::SandboxInterfaceInfo* sandbox_info); sandbox 89 content/public/common/sandbox_init.h scoped_ptr<sandbox::SandboxBPFPolicy> policy); sandbox 93 content/public/common/sandbox_init.h CONTENT_EXPORT scoped_ptr<sandbox::SandboxBPFPolicy> sandbox 17 content/public/common/sandboxed_process_launcher_delegate.h namespace sandbox { sandbox 49 content/public/common/sandboxed_process_launcher_delegate.h virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, sandbox 451 content/public/test/test_launcher.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 136 content/renderer/renderer_main_platform_delegate_win.cc sandbox::TargetServices* target_services = sandbox 154 content/renderer/renderer_main_platform_delegate_win.cc sandbox::TargetServices* target_services = sandbox 20 content/shell/app/shell_main.cc sandbox::SandboxInterfaceInfo sandbox_info = {0}; sandbox 78 content/utility/utility_main.cc sandbox::TargetServices* target_services = sandbox 35 content/worker/worker_main.cc sandbox::TargetServices* target_services = sandbox 359 content/zygote/zygote_main_linux.cc sandbox::CreateInitProcessReaper(&zygoteid_fd_closer); sandbox 369 content/zygote/zygote_main_linux.cc static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox) { sandbox 441 content/zygote/zygote_main_linux.cc sandbox::SetuidSandboxClient* setuid_sandbox = sandbox 452 content/zygote/zygote_main_linux.cc sandbox::InitLibcUrandomOverrides(); sandbox 84 remoting/host/win/unprivileged_process_delegate.cc sandbox::RestrictedToken restricted_token; sandbox 94 remoting/host/win/unprivileged_process_delegate.cc if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) sandbox 83 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ErrorCode EvaluateSyscallImpl(int fs_denied_errno, SandboxBPF* sandbox, sandbox 93 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, AF_UNIX, sandbox 95 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc sandbox->Trap(CrashSIGSYS_Handler, NULL)); sandbox 101 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return sandbox->Cond(2, ErrorCode::TP_32BIT, sandbox 109 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictMmapFlags(sandbox); sandbox 114 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictMmapFlags(sandbox); sandbox 118 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictMprotectFlags(sandbox); sandbox 121 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictFcntlCommands(sandbox); sandbox 125 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictFcntlCommands(sandbox); sandbox 146 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return RestrictSocketcallCommand(sandbox); sandbox 152 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return sandbox->Trap(CrashSIGSYS_Handler, NULL); sandbox 155 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return sandbox->Trap(CrashSIGSYS_Handler, NULL); sandbox 170 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ErrorCode BaselinePolicy::EvaluateSyscall(SandboxBPF* sandbox, sandbox 172 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc return EvaluateSyscallImpl(fs_denied_errno_, sandbox, sysno); sandbox 12 sandbox/linux/seccomp-bpf-helpers/baseline_policy.h namespace sandbox { sandbox 16 sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h namespace sandbox { sandbox 66 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { sandbox 69 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 74 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 78 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 81 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(SIGSYSCloneFailure, NULL)))); sandbox 87 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictPrctl(SandboxBPF* sandbox) { sandbox 90 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 92 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 94 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 96 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(SIGSYSPrctlFailure, NULL)))); sandbox 99 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictIoctl(SandboxBPF* sandbox) { sandbox 100 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, TCGETS, sandbox 102 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, FIONREAD, sandbox 104 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(SIGSYSIoctlFailure, NULL))); sandbox 107 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictMmapFlags(SandboxBPF* sandbox) { sandbox 116 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(3, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 118 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(CrashSIGSYS_Handler, NULL), sandbox 122 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictMprotectFlags(SandboxBPF* sandbox) { sandbox 128 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(2, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 130 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(CrashSIGSYS_Handler, NULL), sandbox 134 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { sandbox 155 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 158 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 160 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(2, mask_long_type, sandbox 162 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(CrashSIGSYS_Handler, NULL), sandbox 164 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 167 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 170 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 173 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 176 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 179 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 182 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(1, ErrorCode::TP_32BIT, sandbox 185 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); sandbox 189 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { sandbox 194 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 196 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 198 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 200 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 202 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 204 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 206 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 208 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 15 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h namespace sandbox { sandbox 25 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox); sandbox 29 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictPrctl(SandboxBPF* sandbox); sandbox 33 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictIoctl(SandboxBPF* sandbox); sandbox 39 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictMmapFlags(SandboxBPF* sandbox); sandbox 43 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictMprotectFlags(SandboxBPF* sandbox); sandbox 50 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox); sandbox 55 sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h SANDBOX_EXPORT ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox); sandbox 17 sandbox/linux/seccomp-bpf-helpers/syscall_sets.h namespace sandbox { sandbox 12 sandbox/linux/seccomp-bpf/basicblock.h namespace sandbox { sandbox 16 sandbox/linux/seccomp-bpf/bpf_tests.h namespace sandbox { sandbox 24 sandbox/linux/seccomp-bpf/bpf_tests.h void BPF_TEST_##test_name(sandbox::BPFTests<aux>::AuxType& BPF_AUX); \ sandbox 26 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::BPFTests<aux>::TestArgs arg(BPF_TEST_##test_name, policy); \ sandbox 27 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::BPFTests<aux>::RunTestInProcess( \ sandbox 28 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::BPFTests<aux>::TestWrapper, &arg, death); \ sandbox 30 sandbox/linux/seccomp-bpf/bpf_tests.h void BPF_TEST_##test_name(sandbox::BPFTests<aux>::AuxType& BPF_AUX) sandbox 58 sandbox/linux/seccomp-bpf/bpf_tests.h TestArgs(void (*t)(AuxType&), sandbox::SandboxBPF::EvaluateSyscall p) sandbox 62 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF::EvaluateSyscall policy() const { return policy_; } sandbox 68 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF::EvaluateSyscall policy_; sandbox 74 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::Die::EnableSimpleExit(); sandbox 75 sandbox/linux/seccomp-bpf/bpf_tests.h if (sandbox::SandboxBPF::SupportsSeccompSandbox(-1) == sandbox 76 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF::STATUS_AVAILABLE) { sandbox 80 sandbox/linux/seccomp-bpf/bpf_tests.h BPF_ASSERT(sandbox::SandboxBPF::SupportsSeccompSandbox(proc_fd) == sandbox 81 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF::STATUS_AVAILABLE); sandbox 84 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF sandbox; sandbox 85 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox.set_proc_fd(proc_fd); sandbox 86 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox.SetSandboxPolicyDeprecated(arg->policy(), &arg->aux_); sandbox 87 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox.SandboxBPF::StartSandbox(); sandbox 100 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF sandbox; sandbox 101 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox.SetSandboxPolicyDeprecated(arg->policy(), &arg->aux_); sandbox 102 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::SandboxBPF::Program* program = sandbox 103 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox.AssembleFilter(true /* force_verification */); sandbox 105 sandbox/linux/seccomp-bpf/bpf_tests.h sandbox::UnitTests::IgnoreThisTest(); sandbox 13 sandbox/linux/seccomp-bpf/codegen.cc void TraverseRecursively(std::set<sandbox::Instruction*>* visited, sandbox 14 sandbox/linux/seccomp-bpf/codegen.cc sandbox::Instruction* instruction) { sandbox 17 sandbox/linux/seccomp-bpf/codegen.h namespace sandbox { sandbox 33 sandbox/linux/seccomp-bpf/demo.cc using sandbox::ErrorCode; sandbox 34 sandbox/linux/seccomp-bpf/demo.cc using sandbox::SandboxBPF; sandbox 35 sandbox/linux/seccomp-bpf/demo.cc using sandbox::arch_seccomp_data; sandbox 240 sandbox/linux/seccomp-bpf/demo.cc ErrorCode Evaluator(SandboxBPF* sandbox, int sysno, void *) { sandbox 329 sandbox/linux/seccomp-bpf/demo.cc return sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 332 sandbox/linux/seccomp-bpf/demo.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 335 sandbox/linux/seccomp-bpf/demo.cc sandbox->Trap(DefaultHandler, NULL))); sandbox 370 sandbox/linux/seccomp-bpf/demo.cc return sandbox->Trap(DefaultHandler, NULL); sandbox 421 sandbox/linux/seccomp-bpf/demo.cc SandboxBPF sandbox; sandbox 422 sandbox/linux/seccomp-bpf/demo.cc sandbox.set_proc_fd(proc_fd); sandbox 423 sandbox/linux/seccomp-bpf/demo.cc sandbox.SetSandboxPolicyDeprecated(Evaluator, NULL); sandbox 424 sandbox/linux/seccomp-bpf/demo.cc sandbox.StartSandbox(); sandbox 11 sandbox/linux/seccomp-bpf/die.h namespace sandbox { sandbox 15 sandbox/linux/seccomp-bpf/die.h #define SANDBOX_DIE(m) sandbox::Die::SandboxDie(m, __FILE__, __LINE__) sandbox 19 sandbox/linux/seccomp-bpf/die.h #define RAW_SANDBOX_DIE(m) sandbox::Die::RawSandboxDie(m) sandbox 22 sandbox/linux/seccomp-bpf/die.h #define SANDBOX_INFO(m) sandbox::Die::SandboxInfo(m, __FILE__, __LINE__) sandbox 12 sandbox/linux/seccomp-bpf/errorcode.h namespace sandbox { sandbox 24 sandbox/linux/seccomp-bpf/errorcode_unittest.cc SandboxBPF sandbox; sandbox 25 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e3 = sandbox.Trap(NULL, NULL); sandbox 30 sandbox/linux/seccomp-bpf/errorcode_unittest.cc SandboxBPF sandbox; sandbox 31 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e0 = sandbox.Trap(NULL, "a"); sandbox 32 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e1 = sandbox.Trap(NULL, "b"); sandbox 36 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e2 = sandbox.Trap(NULL, "a"); sandbox 51 sandbox/linux/seccomp-bpf/errorcode_unittest.cc SandboxBPF sandbox; sandbox 52 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e4 = sandbox.Trap(NULL, "a"); sandbox 53 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e5 = sandbox.Trap(NULL, "b"); sandbox 54 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e6 = sandbox.Trap(NULL, "a"); sandbox 72 sandbox/linux/seccomp-bpf/errorcode_unittest.cc SandboxBPF sandbox; sandbox 73 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e4 = sandbox.Trap(NULL, "a"); sandbox 74 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e5 = sandbox.Trap(NULL, "b"); sandbox 75 sandbox/linux/seccomp-bpf/errorcode_unittest.cc ErrorCode e6 = sandbox.Trap(NULL, "a"); sandbox 10 sandbox/linux/seccomp-bpf/instruction.h namespace sandbox { sandbox 165 sandbox/linux/seccomp-bpf/sandbox_bpf.cc SandboxBPF* sandbox = static_cast<SandboxBPF*>(aux); sandbox 168 sandbox/linux/seccomp-bpf/sandbox_bpf.cc insn->k = sandbox->Trap(ReturnErrno, sandbox 411 sandbox/linux/seccomp-bpf/sandbox_bpf.cc SandboxBPF sandbox; sandbox 415 sandbox/linux/seccomp-bpf/sandbox_bpf.cc sandbox.quiet_ = true; sandbox 416 sandbox/linux/seccomp-bpf/sandbox_bpf.cc sandbox.set_proc_fd(proc_fd); sandbox 417 sandbox/linux/seccomp-bpf/sandbox_bpf.cc status_ = sandbox.KernelSupportSeccompBPF() ? STATUS_AVAILABLE sandbox 25 sandbox/linux/seccomp-bpf/sandbox_bpf.h namespace sandbox { sandbox 10 sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h namespace sandbox { sandbox 86 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode VerboseAPITestingPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 90 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Trap(FakeGetPid, aux); sandbox 98 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox::SandboxBPF::STATUS_AVAILABLE) { sandbox 100 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc SandboxBPF sandbox; sandbox 101 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox.SetSandboxPolicyDeprecated(VerboseAPITestingPolicy, &test_var); sandbox 102 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox.StartSandbox(); sandbox 172 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode BlacklistNanosleepPolicySigsys(SandboxBPF* sandbox, sandbox 182 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Trap(EnomemHandler, aux); sandbox 262 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc if (sandbox::IsAndroid() && setgid(0) != -1) { sandbox 281 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode StackingPolicyPartOne(SandboxBPF* sandbox, int sysno, void*) { sandbox 288 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, sandbox 299 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode StackingPolicyPartTwo(SandboxBPF* sandbox, int sysno, void*) { sandbox 306 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, sandbox 327 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc SandboxBPF sandbox; sandbox 328 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox.SetSandboxPolicyDeprecated(StackingPolicyPartTwo, NULL); sandbox 329 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox.StartSandbox(); sandbox 450 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode GreyListedPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 477 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->UnsafeTrap(CountSyscalls, aux); sandbox 523 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode PrctlPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 529 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->UnsafeTrap(PrctlHandler, NULL); sandbox 569 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode RedirectAllSyscallsPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 587 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->UnsafeTrap(AllowRedirectedSyscall, aux); sandbox 724 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode DenyOpenPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 737 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Trap(BrokerOpenTrapHandler, iob->broker_process())); sandbox 792 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode SimpleCondTestPolicy(SandboxBPF* sandbox, int sysno, void*) { sandbox 805 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(1, sandbox 814 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, sandbox 819 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, sandbox 884 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode Policy(SandboxBPF* sandbox, int sysno) { sandbox 897 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return ToErrorCode(sandbox, arg_values_[sysno]); sandbox 1044 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode ToErrorCode(SandboxBPF* sandbox, ArgValue* arg_value) { sandbox 1057 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc err = ToErrorCode(sandbox, arg_value->arg_value); sandbox 1069 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc matched = ToErrorCode(sandbox, arg_value->tests[n].arg_value); sandbox 1074 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc err = sandbox->Cond(arg_value->argno, sandbox 1145 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode EqualityStressTestPolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 1146 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return reinterpret_cast<EqualityStressTest*>(aux)->Policy(sandbox, sysno); sandbox 1156 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode EqualityArgumentWidthPolicy(SandboxBPF* sandbox, int sysno, void*) { sandbox 1161 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond( sandbox 1166 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, sandbox 1180 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, sandbox 1219 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode EqualityWithNegativeArgumentsPolicy(SandboxBPF* sandbox, sandbox 1226 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, sandbox 1256 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode AllBitTestPolicy(SandboxBPF* sandbox, int sysno, void *) { sandbox 1267 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 0, sandbox 1268 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1272 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 1, sandbox 1273 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1277 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 2, sandbox 1278 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1282 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 3, sandbox 1283 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1286 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 4, sandbox 1287 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1291 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 5, sandbox 1292 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1296 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 6, sandbox 1297 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1301 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 7, sandbox 1302 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1306 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 8, sandbox 1307 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1311 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 9, sandbox 1312 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1316 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 10, sandbox 1317 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1321 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Kill("Invalid test case number")))))))))))); sandbox 1452 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode AnyBitTestPolicy(SandboxBPF* sandbox, int sysno, void*) { sandbox 1463 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 0, sandbox 1464 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1468 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 1, sandbox 1469 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1473 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 2, sandbox 1474 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1478 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 3, sandbox 1479 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1485 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 4, sandbox 1486 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1490 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 5, sandbox 1491 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1495 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 6, sandbox 1496 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1500 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 7, sandbox 1501 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1505 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 8, sandbox 1506 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1510 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 9, sandbox 1511 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1515 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 10, sandbox 1516 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1520 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Kill("Invalid test case number")))))))))))); sandbox 1656 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 1681 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 1684 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 1687 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, sandbox 1690 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Trap(PthreadTrapHandler, "Unknown mask")))); sandbox 1696 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ErrorCode PthreadPolicyBitMask(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 1714 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1719 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Trap(PthreadTrapHandler, sandbox 1721 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1724 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS, sandbox 1727 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS, sandbox 1729 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Trap(PthreadTrapHandler, sandbox 1733 sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc sandbox->Trap(PthreadTrapHandler, sandbox 12 sandbox/linux/seccomp-bpf/syscall.h namespace sandbox { sandbox 13 sandbox/linux/seccomp-bpf/syscall_iterator.h namespace sandbox { sandbox 81 sandbox/linux/seccomp-bpf/syscall_unittest.cc ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, int sysno, void* aux) { sandbox 86 sandbox/linux/seccomp-bpf/syscall_unittest.cc return sandbox->Trap(CopySyscallArgsToAux, aux); sandbox 17 sandbox/linux/seccomp-bpf/trap.h namespace sandbox { sandbox 31 sandbox/linux/seccomp-bpf/verifier.cc uint32_t EvaluateErrorCode(SandboxBPF* sandbox, sandbox 42 sandbox/linux/seccomp-bpf/verifier.cc return sandbox->Unexpected64bitArgument().err(); sandbox 46 sandbox/linux/seccomp-bpf/verifier.cc return EvaluateErrorCode(sandbox, sandbox 54 sandbox/linux/seccomp-bpf/verifier.cc return EvaluateErrorCode(sandbox, sandbox 63 sandbox/linux/seccomp-bpf/verifier.cc return EvaluateErrorCode(sandbox, sandbox 79 sandbox/linux/seccomp-bpf/verifier.cc bool VerifyErrorCode(SandboxBPF* sandbox, sandbox 90 sandbox/linux/seccomp-bpf/verifier.cc } else if (computed_ret != EvaluateErrorCode(sandbox, root_code, *data)) { sandbox 112 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, *code.passed(), err)) { sandbox 120 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, *code.failed(), err)) { sandbox 138 sandbox/linux/seccomp-bpf/verifier.cc if (!VerifyErrorCode(sandbox, sandbox 142 sandbox/linux/seccomp-bpf/verifier.cc sandbox->Unexpected64bitArgument(), sandbox 155 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, *code.failed(), err)) { sandbox 196 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, passed, err)) { sandbox 201 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, passed, err)) { sandbox 206 sandbox/linux/seccomp-bpf/verifier.cc sandbox, program, data, root_code, failed, err)) { sandbox 363 sandbox/linux/seccomp-bpf/verifier.cc bool Verifier::VerifyBPF(SandboxBPF* sandbox, sandbox 390 sandbox/linux/seccomp-bpf/verifier.cc ErrorCode code = policy.EvaluateSyscall(sandbox, sysnum); sandbox 391 sandbox/linux/seccomp-bpf/verifier.cc if (!VerifyErrorCode(sandbox, program, &data, code, code, err)) { sandbox 13 sandbox/linux/seccomp-bpf/verifier.h namespace sandbox { sandbox 26 sandbox/linux/seccomp-bpf/verifier.h static bool VerifyBPF(SandboxBPF* sandbox, sandbox 17 sandbox/linux/services/broker_process.h namespace sandbox { sandbox 20 sandbox/linux/services/credentials.h namespace sandbox { sandbox 11 sandbox/linux/services/init_process_reaper.h namespace sandbox { sandbox 8 sandbox/linux/services/libc_urandom_override.h namespace sandbox { sandbox 13 sandbox/linux/services/scoped_process.h namespace sandbox { sandbox 13 sandbox/linux/services/thread_helpers.h namespace sandbox { sandbox 12 sandbox/linux/services/yama.h namespace sandbox { sandbox 25 sandbox/linux/suid/client/setuid_sandbox_client.cc env->SetVar(sandbox::kSandboxEnvironmentApiRequest, sandbox 26 sandbox/linux/suid/client/setuid_sandbox_client.cc base::IntToString(sandbox::kSUIDSandboxApiNumber)); sandbox 65 sandbox/linux/suid/client/setuid_sandbox_client.cc if (env->GetVar(sandbox::kSandboxEnvironmentApiProvides, &api_string) && sandbox 86 sandbox/linux/suid/client/setuid_sandbox_client.cc return EnvToInt(env, sandbox::kSandboxHelperPidEnvironmentVarName); sandbox 91 sandbox/linux/suid/client/setuid_sandbox_client.cc return EnvToInt(env, sandbox::kSandboxDescriptorEnvironmentVarName); sandbox 156 sandbox/linux/suid/client/setuid_sandbox_client.cc return sandbox::CreateInitProcessReaper(post_fork_parent_callback); sandbox 14 sandbox/linux/suid/client/setuid_sandbox_client.h namespace sandbox { sandbox 9 sandbox/linux/suid/common/sandbox.h namespace sandbox { sandbox 36 sandbox/linux/tests/main.cc sandbox::RunPostTestsChecks(); sandbox 10 sandbox/linux/tests/test_utils.h namespace sandbox { sandbox 12 sandbox/linux/tests/unit_tests.h namespace sandbox { sandbox 42 sandbox/linux/tests/unit_tests.h #define DEATH_SUCCESS() sandbox::UnitTests::DeathSuccess, NULL sandbox 44 sandbox/linux/tests/unit_tests.h sandbox::UnitTests::DeathMessage, \ sandbox 47 sandbox/linux/tests/unit_tests.h sandbox::UnitTests::DeathExitCode, \ sandbox 50 sandbox/linux/tests/unit_tests.h sandbox::UnitTests::DeathBySignal, \ sandbox 60 sandbox/linux/tests/unit_tests.h sandbox::UnitTests::RunTestInProcess(TEST_##test_name, NULL, death); \ sandbox 75 sandbox/linux/tests/unit_tests.h ((expr) ? static_cast<void>(0) : sandbox::UnitTests::AssertionFailure( \ sandbox 43 sandbox/win/sandbox_poc/main_ui_window.cc sandbox::BrokerServices* broker) { sandbox 508 sandbox/win/sandbox_poc/main_ui_window.cc sandbox::TargetPolicy* policy = broker_->CreatePolicy(); sandbox 509 sandbox/win/sandbox_poc/main_ui_window.cc policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0); sandbox 510 sandbox/win/sandbox_poc/main_ui_window.cc policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, sandbox 511 sandbox/win/sandbox_poc/main_ui_window.cc sandbox::USER_LOCKDOWN); sandbox 513 sandbox/win/sandbox_poc/main_ui_window.cc policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); sandbox 518 sandbox/win/sandbox_poc/main_ui_window.cc policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, sandbox 519 sandbox/win/sandbox_poc/main_ui_window.cc sandbox::TargetPolicy::FILES_ALLOW_ANY, dll_path_.c_str()); sandbox 521 sandbox/win/sandbox_poc/main_ui_window.cc sandbox::ResultCode result = broker_->SpawnTarget(spawn_target_.c_str(), sandbox 529 sandbox/win/sandbox_poc/main_ui_window.cc if (sandbox::SBOX_ALL_OK != result) { sandbox 556 sandbox/win/sandbox_poc/main_ui_window.cc if (!sandbox::AddKnownSidToObject(pipe_handle_, SE_KERNEL_OBJECT, sandbox 13 sandbox/win/sandbox_poc/main_ui_window.h namespace sandbox { sandbox 59 sandbox/win/sandbox_poc/main_ui_window.h sandbox::BrokerServices* broker); sandbox 161 sandbox/win/sandbox_poc/main_ui_window.h sandbox::BrokerServices* broker_; sandbox 54 sandbox/win/sandbox_poc/sandbox.cc sandbox::BrokerServices* broker_service = sandbox 55 sandbox/win/sandbox_poc/sandbox.cc sandbox::SandboxFactory::GetBrokerServices(); sandbox 56 sandbox/win/sandbox_poc/sandbox.cc sandbox::ResultCode result; sandbox 100 sandbox/win/sandbox_poc/sandbox.cc sandbox::TargetServices* target_service sandbox 101 sandbox/win/sandbox_poc/sandbox.cc = sandbox::SandboxFactory::GetTargetServices(); sandbox 122 sandbox/win/sandbox_poc/sandbox.cc if (sandbox::SBOX_ALL_OK != (result = target_service->Init())) { sandbox 13 sandbox/win/src/Wow64.h namespace sandbox { sandbox 14 sandbox/win/src/acl.h namespace sandbox { sandbox 28 sandbox/win/src/app_container.cc HMODULE module = GetModuleHandle(sandbox::kKerneldllName); sandbox 31 sandbox/win/src/app_container.cc module = GetModuleHandle(sandbox::kKernelBasedllName); sandbox 22 sandbox/win/src/app_container.h namespace sandbox { sandbox 34 sandbox/win/src/broker_services.cc sandbox::ResultCode SpawnCleanup(sandbox::TargetProcess* target, DWORD error) { sandbox 41 sandbox/win/src/broker_services.cc return sandbox::SBOX_ERROR_GENERIC; sandbox 57 sandbox/win/src/broker_services.cc sandbox::PolicyBase* policy; sandbox 58 sandbox/win/src/broker_services.cc JobTracker(HANDLE cjob, sandbox::PolicyBase* cpolicy) sandbox 28 sandbox/win/src/broker_services.h namespace sandbox { sandbox 39 sandbox/win/src/crosscall_client.h namespace sandbox { sandbox 45 sandbox/win/src/crosscall_params.h namespace sandbox { sandbox 20 sandbox/win/src/crosscall_server.cc const size_t kMaxBufferSize = sandbox::kIPCChannelSize; sandbox 44 sandbox/win/src/crosscall_server.h namespace sandbox { sandbox 12 sandbox/win/src/eat_resolver.h namespace sandbox { sandbox 13 sandbox/win/src/filesystem_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/filesystem_interception.h namespace sandbox { sandbox 43 sandbox/win/src/filesystem_policy.cc if (!sandbox::SameObject(local_handle, obj_attributes->ObjectName->Buffer)) { sandbox 17 sandbox/win/src/filesystem_policy.h namespace sandbox { sandbox 17 sandbox/win/src/handle_closer.h namespace sandbox { sandbox 13 sandbox/win/src/handle_closer_agent.h namespace sandbox { sandbox 111 sandbox/win/src/handle_closer_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 118 sandbox/win/src/handle_closer_test.cc CHECK(sandbox::GetHandleName(marker, &handle_name)); sandbox 131 sandbox/win/src/handle_closer_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 138 sandbox/win/src/handle_closer_test.cc CHECK(sandbox::GetHandleName(marker, &handle_name)); sandbox 186 sandbox/win/src/handle_closer_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 12 sandbox/win/src/handle_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/handle_interception.h namespace sandbox { sandbox 15 sandbox/win/src/handle_policy.h namespace sandbox { sandbox 15 sandbox/win/src/handle_table.h namespace sandbox { sandbox 20 sandbox/win/src/interception.h namespace sandbox { sandbox 238 sandbox/win/src/interception.h sandbox::INTERCEPTION_SERVICE_CALL, \ sandbox 251 sandbox/win/src/interception.h manager->AddToPatchedFunctions(dll, #function, sandbox::INTERCEPTION_EAT, \ sandbox 264 sandbox/win/src/interception.h sandbox::INTERCEPTION_SERVICE_CALL, \ sandbox 275 sandbox/win/src/interception.h manager->AddToPatchedFunctions(dll, #function, sandbox::INTERCEPTION_EAT, \ sandbox 16 sandbox/win/src/interception_agent.h namespace sandbox { sandbox 14 sandbox/win/src/interception_internal.h namespace sandbox { sandbox 12 sandbox/win/src/interceptors.h namespace sandbox { sandbox 11 sandbox/win/src/interceptors_64.h namespace sandbox { sandbox 8 sandbox/win/src/internal_types.h namespace sandbox { sandbox 8 sandbox/win/src/ipc_tags.h namespace sandbox { sandbox 625 sandbox/win/src/ipc_unittest.cc sandbox::SharedMemIPCServer::ServerControl srv_control = { sandbox 630 sandbox/win/src/ipc_unittest.cc sandbox::CrossCallReturn call_return = {0}; sandbox 11 sandbox/win/src/job.h namespace sandbox { sandbox 13 sandbox/win/src/named_pipe_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/named_pipe_interception.h namespace sandbox { sandbox 16 sandbox/win/src/named_pipe_policy.h namespace sandbox { sandbox 10 sandbox/win/src/policy_broker.h namespace sandbox { sandbox 46 sandbox/win/src/policy_engine_opcodes.h namespace sandbox { sandbox 17 sandbox/win/src/policy_engine_params.h namespace sandbox { sandbox 12 sandbox/win/src/policy_engine_processor.h namespace sandbox { sandbox 9 sandbox/win/src/policy_engine_unittest.cc #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { sandbox 10 sandbox/win/src/policy_engine_unittest.cc #define POLPARAM(p) sandbox::ParamPickerMake(p), sandbox 40 sandbox/win/src/policy_low_level.h namespace sandbox { sandbox 10 sandbox/win/src/policy_low_level_unittest.cc #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { sandbox 11 sandbox/win/src/policy_low_level_unittest.cc #define POLPARAM(p) sandbox::ParamPickerMake(p), sandbox 10 sandbox/win/src/policy_params.h namespace sandbox { sandbox 19 sandbox/win/src/policy_params.h typedef sandbox::ParameterSet type##Array [type::PolParamLast]; sandbox 11 sandbox/win/src/policy_target.h namespace sandbox { sandbox 13 sandbox/win/src/process_mitigations.h namespace sandbox { sandbox 121 sandbox/win/src/process_mitigations_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 123 sandbox/win/src/process_mitigations_test.cc sandbox::MitigationFlags mitigations = MITIGATION_DEP | sandbox 195 sandbox/win/src/process_mitigations_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 38 sandbox/win/src/process_policy_test.cc sandbox::SboxTestResult CreateProcessHelper(const base::string16& exe, sandbox 52 sandbox/win/src/process_policy_test.cc sandbox::SboxTestResult ret1 = sandbox::SBOX_TEST_FAILED; sandbox 57 sandbox/win/src/process_policy_test.cc ret1 = sandbox::SBOX_TEST_SUCCEEDED; sandbox 63 sandbox/win/src/process_policy_test.cc ret1 = sandbox::SBOX_TEST_DENIED; sandbox 65 sandbox/win/src/process_policy_test.cc ret1 = sandbox::SBOX_TEST_FAILED; sandbox 73 sandbox/win/src/process_policy_test.cc sandbox::SboxTestResult ret2 = sandbox::SBOX_TEST_FAILED; sandbox 83 sandbox/win/src/process_policy_test.cc ret2 = sandbox::SBOX_TEST_SUCCEEDED; sandbox 89 sandbox/win/src/process_policy_test.cc ret2 = sandbox::SBOX_TEST_DENIED; sandbox 91 sandbox/win/src/process_policy_test.cc ret2 = sandbox::SBOX_TEST_FAILED; sandbox 98 sandbox/win/src/process_policy_test.cc return sandbox::SBOX_TEST_FAILED; sandbox 13 sandbox/win/src/process_thread_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/process_thread_interception.h namespace sandbox { sandbox 17 sandbox/win/src/process_thread_policy.h namespace sandbox { sandbox 26 sandbox/win/src/registry_dispatcher.cc if (!sandbox::GetPathFromHandle(root, complete_name)) sandbox 13 sandbox/win/src/registry_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/registry_interception.h namespace sandbox { sandbox 17 sandbox/win/src/registry_policy.h namespace sandbox { sandbox 15 sandbox/win/src/resolver.h namespace sandbox { sandbox 25 sandbox/win/src/restricted_token.h namespace sandbox { sandbox 17 sandbox/win/src/restricted_token_utils.h namespace sandbox { sandbox 47 sandbox/win/src/sandbox.cc return sandbox::g_shared_section != NULL; sandbox 29 sandbox/win/src/sandbox.h namespace sandbox { sandbox 33 sandbox/win/src/sandbox_factory.h namespace sandbox { sandbox 10 sandbox/win/src/sandbox_nt_types.h namespace sandbox { sandbox 22 sandbox/win/src/sandbox_nt_util.cc using sandbox::g_nt; sandbox 76 sandbox/win/src/sandbox_nt_util.cc using sandbox::g_nt; sandbox 546 sandbox/win/src/sandbox_nt_util.cc void* operator new(size_t size, sandbox::AllocationType type, sandbox 548 sandbox/win/src/sandbox_nt_util.cc using namespace sandbox; sandbox 555 sandbox/win/src/sandbox_nt_util.cc return g_nt.RtlAllocateHeap(sandbox::g_heap, 0, size); sandbox 563 sandbox/win/src/sandbox_nt_util.cc void operator delete(void* memory, sandbox::AllocationType type) { sandbox 564 sandbox/win/src/sandbox_nt_util.cc using namespace sandbox; sandbox 568 sandbox/win/src/sandbox_nt_util.cc VERIFY(g_nt.RtlFreeHeap(sandbox::g_heap, 0, memory)); sandbox 579 sandbox/win/src/sandbox_nt_util.cc void operator delete(void* memory, sandbox::AllocationType type, sandbox 586 sandbox/win/src/sandbox_nt_util.cc sandbox::AllocationType type) { sandbox 593 sandbox/win/src/sandbox_nt_util.cc sandbox::AllocationType type) { sandbox 15 sandbox/win/src/sandbox_nt_util.h void* __cdecl operator new(size_t size, sandbox::AllocationType type, sandbox 17 sandbox/win/src/sandbox_nt_util.h void __cdecl operator delete(void* memory, sandbox::AllocationType type); sandbox 22 sandbox/win/src/sandbox_nt_util.h void __cdecl operator delete(void* memory, sandbox::AllocationType type, sandbox 27 sandbox/win/src/sandbox_nt_util.h sandbox::AllocationType type); sandbox 29 sandbox/win/src/sandbox_nt_util.h sandbox::AllocationType type); sandbox 52 sandbox/win/src/sandbox_nt_util.h namespace sandbox { sandbox 15 sandbox/win/src/sandbox_policy.h namespace sandbox { sandbox 44 sandbox/win/src/sandbox_policy_base.cc sandbox::PolicyGlobal* MakeBrokerPolicyMemory() { sandbox 46 sandbox/win/src/sandbox_policy_base.cc sandbox::PolicyGlobal* policy = static_cast<sandbox::PolicyGlobal*> sandbox 50 sandbox/win/src/sandbox_policy_base.cc policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); sandbox 24 sandbox/win/src/sandbox_policy_base.h namespace sandbox { sandbox 8 sandbox/win/src/sandbox_types.h namespace sandbox { sandbox 15 sandbox/win/src/sandbox_utils.h namespace sandbox { sandbox 10 sandbox/win/src/security_level.h namespace sandbox { sandbox 11 sandbox/win/src/service_resolver.h namespace sandbox { sandbox 58 sandbox/win/src/service_resolver_unittest.cc typedef ResolverThunkTest<sandbox::ServiceResolverThunk> WinXpResolverTest; sandbox 61 sandbox/win/src/service_resolver_unittest.cc typedef ResolverThunkTest<sandbox::Win2kResolverThunk> Win2kResolverTest; sandbox 62 sandbox/win/src/service_resolver_unittest.cc typedef ResolverThunkTest<sandbox::Win8ResolverThunk> Win8ResolverTest; sandbox 63 sandbox/win/src/service_resolver_unittest.cc typedef ResolverThunkTest<sandbox::Wow64ResolverThunk> Wow64ResolverTest; sandbox 64 sandbox/win/src/service_resolver_unittest.cc typedef ResolverThunkTest<sandbox::Wow64W8ResolverThunk> Wow64W8ResolverTest; sandbox 91 sandbox/win/src/service_resolver_unittest.cc sandbox::ServiceResolverThunk* resolver) { sandbox 133 sandbox/win/src/service_resolver_unittest.cc sandbox::ServiceResolverThunk* GetTestResolver(bool relaxed) { sandbox 144 sandbox/win/src/service_resolver_unittest.cc if (!sandbox::IsXPSP2OrLater()) sandbox 155 sandbox/win/src/service_resolver_unittest.cc sandbox::ServiceResolverThunk* resolver = GetTestResolver(relaxed); sandbox 210 sandbox/win/src/service_resolver_unittest.cc sandbox::ServiceResolverThunk* resolver = GetTestResolver(true); sandbox 230 sandbox/win/src/service_resolver_unittest.cc sandbox::ServiceResolverThunk* resolver = GetTestResolver(true); sandbox 18 sandbox/win/src/shared_handles.h namespace sandbox { sandbox 52 sandbox/win/src/sharedmem_ipc_client.h namespace sandbox { sandbox 32 sandbox/win/src/sharedmem_ipc_server.h namespace sandbox { sandbox 10 sandbox/win/src/sid.h namespace sandbox { sandbox 12 sandbox/win/src/sidestep_resolver.h namespace sandbox { sandbox 13 sandbox/win/src/sync_dispatcher.h namespace sandbox { sandbox 11 sandbox/win/src/sync_interception.h namespace sandbox { sandbox 17 sandbox/win/src/sync_policy.h namespace sandbox { sandbox 10 sandbox/win/src/sync_policy_test.h namespace sandbox { sandbox 11 sandbox/win/src/target_interceptions.h namespace sandbox { sandbox 24 sandbox/win/src/target_process.cc sandbox::PolicyGlobal* policy = sandbox 25 sandbox/win/src/target_process.cc reinterpret_cast<sandbox::PolicyGlobal*>(dest); sandbox 29 sandbox/win/src/target_process.cc for (size_t i = 0; i < sandbox::kMaxServiceCount; i++) { sandbox 33 sandbox/win/src/target_process.cc policy->entry[i] = reinterpret_cast<sandbox::PolicyBuffer*>(buffer); sandbox 25 sandbox/win/src/target_process.h namespace sandbox { sandbox 48 sandbox/win/src/target_services.cc if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) { sandbox 49 sandbox/win/src/target_services.cc sandbox::HandleCloserAgent handle_closer; sandbox 190 sandbox/win/src/target_services.cc return sandbox::DuplicateHandleProxy(source_handle, target_process_id, sandbox 12 sandbox/win/src/target_services.h namespace sandbox { sandbox 64 sandbox/win/src/unload_dll_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 75 sandbox/win/src/unload_dll_test.cc sandbox::TargetPolicy* policy = runner.GetPolicy(); sandbox 12 sandbox/win/src/win2k_threadpool.h namespace sandbox { sandbox 39 sandbox/win/src/win_utils.cc if (0 == path.compare(0, sandbox::kNTPrefixLen, sandbox::kNTPrefix)) sandbox 40 sandbox/win/src/win_utils.cc start = sandbox::kNTPrefixLen; sandbox 307 sandbox/win/src/win_utils.cc HMODULE ntdll_local = ::GetModuleHandle(sandbox::kNtdllName); sandbox 14 sandbox/win/src/win_utils.h namespace sandbox { sandbox 13 sandbox/win/src/win_utils_unittest.cc using sandbox::IsReparsePoint; sandbox 55 sandbox/win/src/win_utils_unittest.cc using sandbox::SameObject; sandbox 14 sandbox/win/src/window.h namespace sandbox { sandbox 15 sandbox/win/tests/common/controller.h namespace sandbox { sandbox 13 sandbox/win/tests/integration_tests/integration_tests.cc return sandbox::DispatchCall(argc, argv); sandbox 48 sandbox/win/tests/validation_tests/commands.cc return sandbox::SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; sandbox 61 sandbox/win/tests/validation_tests/commands.cc return sandbox::SBOX_TEST_SUCCEEDED; sandbox 64 sandbox/win/tests/validation_tests/commands.cc return sandbox::SBOX_TEST_DENIED; sandbox 66 sandbox/win/tests/validation_tests/commands.cc return sandbox::SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; sandbox 12 sandbox/win/tests/validation_tests/commands.h namespace sandbox { sandbox 19 sandbox/win/tests/validation_tests/suite.cc void TestProcessAccess(sandbox::TestRunner* runner, DWORD target) { sandbox 25 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 27 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 29 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 31 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 33 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 35 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 37 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 39 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 41 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 43 sandbox/win/tests/validation_tests/suite.cc EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); sandbox 11 sandbox/win/tests/validation_tests/unit_tests.cc return sandbox::DispatchCall(argc, argv); sandbox 24 sandbox/win/tools/finder/finder.cc DWORD Finder::Init(sandbox::TokenLevel token_type, sandbox 38 sandbox/win/tools/finder/finder.cc err_code = sandbox::CreateRestrictedToken(&token_handle_, token_type, sandbox 39 sandbox/win/tools/finder/finder.cc sandbox::INTEGRITY_LEVEL_LAST, sandbox 40 sandbox/win/tools/finder/finder.cc sandbox::PRIMARY); sandbox 57 sandbox/win/tools/finder/finder.h DWORD Init(sandbox::TokenLevel token_type, DWORD object_type, sandbox 32 sandbox/win/tools/finder/main.cc sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN; sandbox 48 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_LOCKDOWN; sandbox 50 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_RESTRICTED; sandbox 52 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_LIMITED; sandbox 54 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_INTERACTIVE; sandbox 56 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_NON_ADMIN; sandbox 58 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_RESTRICTED_SAME_ACCESS; sandbox 60 sandbox/win/tools/finder/main.cc token_type = sandbox::USER_UNPROTECTED; sandbox 27 sandbox/win/tools/launcher/launcher.cc sandbox::TokenLevel* level) { sandbox 29 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_LOCKDOWN; sandbox 31 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_RESTRICTED; sandbox 33 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_LIMITED; sandbox 35 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_INTERACTIVE; sandbox 37 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_NON_ADMIN; sandbox 39 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_RESTRICTED_SAME_ACCESS; sandbox 41 sandbox/win/tools/launcher/launcher.cc *level = sandbox::USER_UNPROTECTED; sandbox 49 sandbox/win/tools/launcher/launcher.cc bool GetJobLevelFromString(const wchar_t *param, sandbox::JobLevel* level) { sandbox 51 sandbox/win/tools/launcher/launcher.cc *level = sandbox::JOB_LOCKDOWN; sandbox 53 sandbox/win/tools/launcher/launcher.cc *level = sandbox::JOB_RESTRICTED; sandbox 55 sandbox/win/tools/launcher/launcher.cc *level = sandbox::JOB_LIMITED_USER; sandbox 57 sandbox/win/tools/launcher/launcher.cc *level = sandbox::JOB_INTERACTIVE; sandbox 62 sandbox/win/tools/launcher/launcher.cc *level = sandbox::JOB_UNPROTECTED; sandbox 85 sandbox/win/tools/launcher/launcher.cc sandbox::TokenLevel primary_level = sandbox::USER_LOCKDOWN; sandbox 86 sandbox/win/tools/launcher/launcher.cc sandbox::TokenLevel impersonation_level = sandbox 87 sandbox/win/tools/launcher/launcher.cc sandbox::USER_RESTRICTED_SAME_ACCESS; sandbox 88 sandbox/win/tools/launcher/launcher.cc sandbox::JobLevel job_level = sandbox::JOB_LOCKDOWN; sandbox 137 sandbox/win/tools/launcher/launcher.cc DWORD err_code = sandbox::StartRestrictedProcessInJob( sandbox 97 sandbox/win/wow_helper/service64_resolver.cc sandbox::PatchInfo patch_info; sandbox 135 sandbox/win/wow_helper/service64_resolver.cc NTSTATUS ResolveNtdll(sandbox::PatchInfo* patch_info) { sandbox 11 sandbox/win/wow_helper/service64_resolver.h namespace sandbox { sandbox 10 sandbox/win/wow_helper/target_code.h namespace sandbox { sandbox 85 sandbox/win/wow_helper/wow_helper.cc return sandbox::PatchNtdll(child, thunk, kPageSize); sandbox 22 ui/views/examples/content_client/examples_main.cc sandbox::SandboxInterfaceInfo sandbox_info = {0};