mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-24 12:34:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/sandbox/bindings.rs
Vikram Auradkar 44a07970cb sandbox: upstream sandbox 
The crate depends on a prebuilt library.

BUG=b:213170185
TEST=presubmit

Change-Id: I810baa14afa53e88f6b2a739481a6d3656efc2e5
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3784338
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2022-10-12 21:05:39 +00:00

448 lines
14 KiB
Rust
Raw Blame History

// Copyright 2022 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// If this file changes, update this file upstream and update windows pre-built libraries
// that upstream uses.
//
// TODO(b/239836957): Add how to generate and update pre-built library.
#![allow(deref_nullptr)]
/* automatically generated by rust-bindgen 0.56.0 */
pub const JOB_OBJECT_UILIMIT_NONE: u32 = 0;
pub const JOB_OBJECT_UILIMIT_HANDLES: u32 = 1;
pub const JOB_OBJECT_UILIMIT_READCLIPBOARD: u32 = 2;
pub const JOB_OBJECT_UILIMIT_WRITECLIPBOARD: u32 = 4;
pub const JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS: u32 = 8;
pub const JOB_OBJECT_UILIMIT_DISPLAYSETTINGS: u32 = 16;
pub const JOB_OBJECT_UILIMIT_GLOBALATOMS: u32 = 32;
pub const JOB_OBJECT_UILIMIT_DESKTOP: u32 = 64;
pub const JOB_OBJECT_UILIMIT_EXITWINDOWS: u32 = 128;
pub const JOB_OBJECT_UILIMIT_ALL: u32 = 255;
pub type size_t = ::std::os::raw::c_ulonglong;
pub type wchar_t = ::std::os::raw::c_ushort;
pub type DWORD = ::std::os::raw::c_ulong;
pub type HANDLE = *mut ::std::os::raw::c_void;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct _PROCESS_INFORMATION {
pub hProcess: HANDLE,
pub hThread: HANDLE,
pub dwProcessId: DWORD,
pub dwThreadId: DWORD,
}
#[test]
fn bindgen_test_layout__PROCESS_INFORMATION() {
assert_eq!(
::std::mem::size_of::<_PROCESS_INFORMATION>(),
24usize,
concat!("Size of: ", stringify!(_PROCESS_INFORMATION))
);
assert_eq!(
::std::mem::align_of::<_PROCESS_INFORMATION>(),
8usize,
concat!("Alignment of ", stringify!(_PROCESS_INFORMATION))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).hProcess as *const _ as usize },
0usize,
concat!(
"Offset of field: ",
stringify!(_PROCESS_INFORMATION),
"::",
stringify!(hProcess)
)
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).hThread as *const _ as usize },
8usize,
concat!(
"Offset of field: ",
stringify!(_PROCESS_INFORMATION),
"::",
stringify!(hThread)
)
);
assert_eq!(
unsafe {
&(*(::std::ptr::null::<_PROCESS_INFORMATION>())).dwProcessId as *const _ as usize
},
16usize,
concat!(
"Offset of field: ",
stringify!(_PROCESS_INFORMATION),
"::",
stringify!(dwProcessId)
)
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<_PROCESS_INFORMATION>())).dwThreadId as *const _ as usize },
20usize,
concat!(
"Offset of field: ",
stringify!(_PROCESS_INFORMATION),
"::",
stringify!(dwThreadId)
)
);
}
pub type PROCESS_INFORMATION = _PROCESS_INFORMATION;
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum ResultCode {
SBOX_ALL_OK = 0,
SBOX_ERROR_GENERIC = 1,
SBOX_ERROR_BAD_PARAMS = 2,
SBOX_ERROR_UNSUPPORTED = 3,
SBOX_ERROR_NO_SPACE = 4,
SBOX_ERROR_INVALID_IPC = 5,
SBOX_ERROR_FAILED_IPC = 6,
SBOX_ERROR_NO_HANDLE = 7,
SBOX_ERROR_UNEXPECTED_CALL = 8,
SBOX_ERROR_WAIT_ALREADY_CALLED = 9,
SBOX_ERROR_CHANNEL_ERROR = 10,
SBOX_ERROR_CANNOT_CREATE_DESKTOP = 11,
SBOX_ERROR_CANNOT_CREATE_WINSTATION = 12,
SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION = 13,
SBOX_ERROR_INVALID_APP_CONTAINER = 14,
SBOX_ERROR_INVALID_CAPABILITY = 15,
SBOX_ERROR_CANNOT_INIT_APPCONTAINER = 16,
SBOX_ERROR_PROC_THREAD_ATTRIBUTES = 17,
SBOX_ERROR_CREATE_PROCESS = 18,
SBOX_ERROR_DELEGATE_PRE_SPAWN = 19,
SBOX_ERROR_ASSIGN_PROCESS_TO_JOB_OBJECT = 20,
SBOX_ERROR_SET_THREAD_TOKEN = 21,
SBOX_ERROR_GET_THREAD_CONTEXT = 22,
SBOX_ERROR_DUPLICATE_TARGET_INFO = 23,
SBOX_ERROR_SET_LOW_BOX_TOKEN = 24,
SBOX_ERROR_CREATE_FILE_MAPPING = 25,
SBOX_ERROR_DUPLICATE_SHARED_SECTION = 26,
SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION = 27,
SBOX_ERROR_APPLY_ASLR_MITIGATIONS = 28,
SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS = 29,
SBOX_ERROR_SETUP_INTERCEPTION_SERVICE = 30,
SBOX_ERROR_INITIALIZE_INTERCEPTIONS = 31,
SBOX_ERROR_SETUP_NTDLL_IMPORTS = 32,
SBOX_ERROR_SETUP_HANDLE_CLOSER = 33,
SBOX_ERROR_CANNOT_GET_WINSTATION = 34,
SBOX_ERROR_CANNOT_QUERY_WINSTATION_SECURITY = 35,
SBOX_ERROR_CANNOT_GET_DESKTOP = 36,
SBOX_ERROR_CANNOT_QUERY_DESKTOP_SECURITY = 37,
SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_CONFIG_BUFFER = 38,
SBOX_ERROR_CANNOT_COPY_DATA_TO_CHILD = 39,
SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_THUNK = 40,
SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41,
SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42,
SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS = 43,
SBOX_ERROR_CREATE_APPCONTAINER = 44,
SBOX_ERROR_CREATE_APPCONTAINER_ACCESS_CHECK = 45,
SBOX_ERROR_CREATE_APPCONTAINER_CAPABILITY = 46,
SBOX_ERROR_CANNOT_INIT_JOB = 47,
SBOX_ERROR_INVALID_LOWBOX_SID = 48,
SBOX_ERROR_CANNOT_CREATE_RESTRICTED_TOKEN = 49,
SBOX_ERROR_CANNOT_SET_DESKTOP_INTEGRITY = 50,
SBOX_ERROR_CANNOT_CREATE_LOWBOX_TOKEN = 51,
SBOX_ERROR_CANNOT_MODIFY_LOWBOX_TOKEN_DACL = 52,
SBOX_ERROR_CANNOT_CREATE_RESTRICTED_IMP_TOKEN = 53,
SBOX_ERROR_CANNOT_DUPLICATE_PROCESS_HANDLE = 54,
SBOX_ERROR_CANNOT_LOADLIBRARY_EXECUTABLE = 55,
SBOX_ERROR_CANNOT_FIND_VARIABLE_ADDRESS = 56,
SBOX_ERROR_CANNOT_WRITE_VARIABLE_VALUE = 57,
SBOX_ERROR_INVALID_WRITE_VARIABLE_SIZE = 58,
SBOX_ERROR_CANNOT_INIT_BROKERSERVICES = 59,
SBOX_ERROR_CANNOT_UPDATE_JOB_PROCESS_LIMIT = 60,
SBOX_ERROR_CANNOT_CREATE_LOWBOX_IMPERSONATION_TOKEN = 61,
SBOX_ERROR_UNSANDBOXED_PROCESS = 62,
SBOX_ERROR_LAST = 63,
}
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum IntegrityLevel {
INTEGRITY_LEVEL_SYSTEM = 0,
INTEGRITY_LEVEL_HIGH = 1,
INTEGRITY_LEVEL_MEDIUM = 2,
INTEGRITY_LEVEL_MEDIUM_LOW = 3,
INTEGRITY_LEVEL_LOW = 4,
INTEGRITY_LEVEL_BELOW_LOW = 5,
INTEGRITY_LEVEL_UNTRUSTED = 6,
INTEGRITY_LEVEL_LAST = 7,
}
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum TokenLevel {
USER_LOCKDOWN = 0,
USER_RESTRICTED = 1,
USER_LIMITED = 2,
USER_INTERACTIVE = 3,
USER_RESTRICTED_NON_ADMIN = 4,
USER_NON_ADMIN = 5,
USER_RESTRICTED_SAME_ACCESS = 6,
USER_UNPROTECTED = 7,
USER_LAST = 8,
}
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum JobLevel {
JOB_LOCKDOWN = 0,
JOB_RESTRICTED = 1,
JOB_LIMITED_USER = 2,
JOB_INTERACTIVE = 3,
JOB_UNPROTECTED = 4,
JOB_NONE = 5,
}
pub type MitigationFlags = u64;
pub const MITIGATION_DEP: MitigationFlags = 1;
pub const MITIGATION_DEP_NO_ATL_THUNK: MitigationFlags = 2;
pub const MITIGATION_SEHOP: MitigationFlags = 4;
pub const MITIGATION_RELOCATE_IMAGE: MitigationFlags = 8;
pub const MITIGATION_RELOCATE_IMAGE_REQUIRED: MitigationFlags = 16;
pub const MITIGATION_HEAP_TERMINATE: MitigationFlags = 32;
pub const MITIGATION_BOTTOM_UP_ASLR: MitigationFlags = 64;
pub const MITIGATION_HIGH_ENTROPY_ASLR: MitigationFlags = 128;
pub const MITIGATION_STRICT_HANDLE_CHECKS: MitigationFlags = 256;
pub const MITIGATION_DLL_SEARCH_ORDER: MitigationFlags = 512;
pub const MITIGATION_HARDEN_TOKEN_IL_POLICY: MitigationFlags = 1024;
pub const MITIGATION_WIN32K_DISABLE: MitigationFlags = 2048;
pub const MITIGATION_EXTENSION_POINT_DISABLE: MitigationFlags = 4096;
pub const MITIGATION_DYNAMIC_CODE_DISABLE: MitigationFlags = 8192;
pub const MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT: MitigationFlags = 16384;
pub const MITIGATION_DYNAMIC_CODE_OPT_OUT_THIS_THREAD: MitigationFlags = 32768;
pub const MITIGATION_NONSYSTEM_FONT_DISABLE: MitigationFlags = 65536;
pub const MITIGATION_FORCE_MS_SIGNED_BINS: MitigationFlags = 131072;
pub const MITIGATION_IMAGE_LOAD_NO_REMOTE: MitigationFlags = 262144;
pub const MITIGATION_IMAGE_LOAD_NO_LOW_LABEL: MitigationFlags = 524288;
pub const MITIGATION_IMAGE_LOAD_PREFER_SYS32: MitigationFlags = 1048576;
pub const MITIGATION_RESTRICT_INDIRECT_BRANCH_PREDICTION: MitigationFlags = 2097152;
pub const MITIGATION_CET_DISABLED: MitigationFlags = 4194304;
pub const MITIGATION_KTM_COMPONENT: MitigationFlags = 8388608;
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum SubSystem {
SUBSYS_FILES = 0,
SUBSYS_NAMED_PIPES = 1,
SUBSYS_PROCESS = 2,
SUBSYS_REGISTRY = 3,
SUBSYS_SYNC = 4,
SUBSYS_WIN32K_LOCKDOWN = 5,
SUBSYS_SIGNED_BINARY = 6,
SUBSYS_SOCKET = 7,
}
#[repr(i32)]
#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
pub enum Semantics {
FILES_ALLOW_ANY = 0,
FILES_ALLOW_READONLY = 1,
FILES_ALLOW_QUERY = 2,
FILES_ALLOW_DIR_ANY = 3,
NAMEDPIPES_ALLOW_ANY = 4,
PROCESS_MIN_EXEC = 5,
PROCESS_ALL_EXEC = 6,
EVENTS_ALLOW_ANY = 7,
EVENTS_ALLOW_READONLY = 8,
REG_ALLOW_READONLY = 9,
REG_ALLOW_ANY = 10,
FAKE_USER_GDI_INIT = 11,
SIGNED_ALLOW_LOAD = 12,
SOCKET_ALLOW_BROKER = 13,
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct BrokerServices {
_unused: [u8; 0],
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct TargetServices {
_unused: [u8; 0],
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct ProcessState {
_unused: [u8; 0],
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct TargetPolicy {
_unused: [u8; 0],
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct PolicyInfo {
_unused: [u8; 0],
}
extern "C" {
pub fn sbox_broker_init(broker: *mut BrokerServices) -> ResultCode;
}
extern "C" {
pub fn sbox_create_policy(broker: *mut BrokerServices) -> *mut TargetPolicy;
}
extern "C" {
pub fn sbox_release_policy(policy: *mut TargetPolicy);
}
extern "C" {
pub fn sbox_spawn_target(
broker: *mut BrokerServices,
exe_path: *const wchar_t,
command_line: *const wchar_t,
policy: *mut TargetPolicy,
last_warning: *mut ResultCode,
last_error: *mut DWORD,
target: *mut PROCESS_INFORMATION,
) -> ResultCode;
}
extern "C" {
pub fn sbox_wait_for_all_targets(broker: *mut BrokerServices) -> ResultCode;
}
extern "C" {
pub fn sbox_target_init(target: *mut TargetServices) -> ResultCode;
}
extern "C" {
pub fn sbox_lower_token(target: *mut TargetServices);
}
extern "C" {
pub fn sbox_get_state(target: *mut TargetServices) -> *mut ProcessState;
}
extern "C" {
pub fn get_broker_services() -> *mut BrokerServices;
}
extern "C" {
pub fn get_target_services() -> *mut TargetServices;
}
extern "C" {
pub fn sbox_set_token_level(
policy: *mut TargetPolicy,
initial: TokenLevel,
lockdown: TokenLevel,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_initial_token_level(policy: *mut TargetPolicy) -> TokenLevel;
}
extern "C" {
pub fn sbox_get_lockdown_token_level(policy: *mut TargetPolicy) -> TokenLevel;
}
extern "C" {
pub fn sbox_set_job_level(
policy: *mut TargetPolicy,
job_level: JobLevel,
ui_exceptions: u32,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_job_level(policy: *mut TargetPolicy) -> JobLevel;
}
extern "C" {
pub fn sbox_set_job_memory_limit(policy: *mut TargetPolicy, memory_limit: size_t)
-> ResultCode;
}
extern "C" {
pub fn sbox_set_integrity_level(policy: *mut TargetPolicy, level: IntegrityLevel)
-> ResultCode;
}
extern "C" {
pub fn sbox_set_delayed_integrity_level(
policy: *mut TargetPolicy,
level: IntegrityLevel,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_integrity_level(policy: *mut TargetPolicy) -> IntegrityLevel;
}
extern "C" {
pub fn sbox_set_alternate_desktop(
policy: *mut TargetPolicy,
alternate_winstation: bool,
) -> ResultCode;
}
extern "C" {
pub fn sbox_create_alternate_desktop(
policy: *mut TargetPolicy,
alternate_winstation: bool,
) -> ResultCode;
}
extern "C" {
pub fn sbox_destroy_alternate_desktop(policy: *mut TargetPolicy);
}
extern "C" {
pub fn sbox_set_lowbox(policy: *mut TargetPolicy, sid: *const wchar_t) -> ResultCode;
}
extern "C" {
pub fn sbox_set_process_mitigations(
policy: *mut TargetPolicy,
flags: MitigationFlags,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_process_mitigations(policy: *mut TargetPolicy) -> MitigationFlags;
}
extern "C" {
pub fn sbox_set_delayed_process_mitigations(
policy: *mut TargetPolicy,
flags: MitigationFlags,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_delayed_process_mitigations(policy: *mut TargetPolicy) -> MitigationFlags;
}
extern "C" {
pub fn sbox_set_disconnect_csrss(policy: *mut TargetPolicy) -> ResultCode;
}
extern "C" {
pub fn sbox_set_strict_interceptions(policy: *mut TargetPolicy);
}
extern "C" {
pub fn sbox_set_stdout_handle(policy: *mut TargetPolicy, handle: HANDLE) -> ResultCode;
}
extern "C" {
pub fn sbox_set_stderr_handle(policy: *mut TargetPolicy, handle: HANDLE) -> ResultCode;
}
extern "C" {
pub fn sbox_add_rule(
policy: *mut TargetPolicy,
subsystem: SubSystem,
semantics: Semantics,
pattern: *const wchar_t,
) -> ResultCode;
}
extern "C" {
pub fn sbox_add_dll_to_unload(
policy: *mut TargetPolicy,
dll_name: *const wchar_t,
) -> ResultCode;
}
extern "C" {
pub fn sbox_add_kernel_object_to_close(
policy: *mut TargetPolicy,
handle_type: *const wchar_t,
handle_name: *const wchar_t,
) -> ResultCode;
}
extern "C" {
pub fn sbox_add_handle_to_share(policy: *mut TargetPolicy, handle: HANDLE);
}
extern "C" {
pub fn sbox_set_lockdown_default_dacl(policy: *mut TargetPolicy);
}
extern "C" {
pub fn sbox_add_restricting_random_sid(policy: *mut TargetPolicy);
}
extern "C" {
pub fn sbox_add_app_container_profile(
policy: *mut TargetPolicy,
package_name: *const wchar_t,
create_profile: bool,
) -> ResultCode;
}
extern "C" {
pub fn sbox_get_policy_info(policy: *mut TargetPolicy) -> *mut PolicyInfo;
}
extern "C" {
pub fn sbox_release_policy_info(policy_info: *mut PolicyInfo);
}
extern "C" {
pub fn sbox_policy_info_json_string(
policy_info: *mut PolicyInfo,
) -> *const ::std::os::raw::c_char;
}
Reference in a new issue View git blame Copy permalink