Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / remoting / host / win / com_security.h
blob846450c1467d3d3622dbd177b309e6fc28cfdf3d
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef REMOTING_HOST_WIN_COM_SECURITY_H_
6 #define REMOTING_HOST_WIN_COM_SECURITY_H_
8 #include <string>
10 // Concatenates ACE type, permissions and sid given as SDDL strings into an ACE
11 // definition in SDDL form.
12 #define SDDL_ACE(type, permissions, sid) \
13 L"(" type L";;" permissions L";;;" sid L")"
15 // Text representation of COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL
16 // permission bits that is used in the SDDL definition below.
17 #define SDDL_COM_EXECUTE_LOCAL L"0x3"
19 namespace remoting {
21 // Initializes COM security of the process applying the passed security
22 // descriptor. The mandatory label is applied if mandatory integrity control is
23 // supported by the OS (i.e. on Vista and above). The function configures
24 // the following settings:
25 // - the server authenticates that all data received is from the expected
26 // client.
27 // - the server can impersonate clients to check their identity but cannot act
28 // on their behalf.
29 // - the caller's identity is verified on every call (Dynamic cloaking).
30 // - Unless |activate_as_activator| is true, activations where the server would
31 // run under this process's identity are prohibited.
32 bool InitializeComSecurity(const std::string& security_descriptor,
33 const std::string& mandatory_label,
34 bool activate_as_activator);
36 } // namespace remoting
38 #endif // REMOTING_HOST_WIN_COM_SECURITY_H_