sandbox/win/src/acl.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_SRC_ACL_H_
   6 #define SANDBOX_SRC_ACL_H_
   7
   8 #include <windows.h>
   9
  10 #include "base/memory/scoped_ptr.h"
  11 #include "sandbox/win/src/sid.h"
  12
  13 namespace sandbox {
  14
  15 // Returns the default dacl from the token passed in.
  16 bool GetDefaultDacl(HANDLE token,
  17                     scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl);
  18
  19 // Appends an ACE represented by |sid| and |access| to |old_dacl|. If the
  20 // function succeeds, new_dacl contains the new dacl and must be freed using
  21 // LocalFree.
  22 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access,
  23                   ACL** new_dacl);
  24
  25 // Adds and ACE represented by |sid| and |access| to the default dacl present
  26 // in the token.
  27 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access);
  28
  29 // Adds an ACE represented by the user sid and |access| to the default dacl
  30 // present in the token.
  31 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access);
  32
  33 // Adds an ACE represented by |known_sid| and |access| to the dacl of the kernel
  34 // object referenced by |object|.
  35 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid,
  36                                ACCESS_MASK access);
  37
  38 }  // namespace sandbox
  39
  40
  41 #endif  // SANDBOX_SRC_ACL_H_