security/sandbox/win/src/app_container.h@6474c204b198 (annotated)
security/sandbox/win/src/app_container.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_ |
| michael@0 | 6 | #define SANDBOX_WIN_SRC_APP_CONTAINER_H_ |
| michael@0 | 7 | |
| michael@0 | 8 | #include <windows.h> |
| michael@0 | 9 | |
| michael@0 | 10 | #include <vector> |
| michael@0 | 11 | |
| michael@0 | 12 | #include "base/memory/scoped_ptr.h" |
| michael@0 | 13 | #include "base/strings/string16.h" |
| michael@0 | 14 | #include "sandbox/win/src/sandbox_types.h" |
| michael@0 | 15 | |
| michael@0 | 16 | namespace base { |
| michael@0 | 17 | namespace win { |
| michael@0 | 18 | class StartupInformation; |
| michael@0 | 19 | } |
| michael@0 | 20 | } |
| michael@0 | 21 | |
| michael@0 | 22 | namespace sandbox { |
| michael@0 | 23 | |
| michael@0 | 24 | // Maintains an attribute list to be used during creation of a new sandboxed |
| michael@0 | 25 | // process. |
| michael@0 | 26 | class AppContainerAttributes { |
| michael@0 | 27 | public: |
| michael@0 | 28 | AppContainerAttributes(); |
| michael@0 | 29 | ~AppContainerAttributes(); |
| michael@0 | 30 | |
| michael@0 | 31 | // Sets the AppContainer and capabilities to be used with the new process. |
| michael@0 | 32 | ResultCode SetAppContainer(const string16& app_container_sid, |
| michael@0 | 33 | const std::vector<string16>& capabilities); |
| michael@0 | 34 | |
| michael@0 | 35 | // Updates the proc_thred attribute list of the provided startup_information |
| michael@0 | 36 | // with the app container related data. |
| michael@0 | 37 | // WARNING: startup_information just points back to our internal memory, so |
| michael@0 | 38 | // the lifetime of this object has to be greater than the lifetime of the |
| michael@0 | 39 | // provided startup_information. |
| michael@0 | 40 | ResultCode ShareForStartup( |
| michael@0 | 41 | base::win::StartupInformation* startup_information) const; |
| michael@0 | 42 | |
| michael@0 | 43 | bool HasAppContainer() const; |
| michael@0 | 44 | |
| michael@0 | 45 | private: |
| michael@0 | 46 | SECURITY_CAPABILITIES capabilities_; |
| michael@0 | 47 | std::vector<SID_AND_ATTRIBUTES> attributes_; |
| michael@0 | 48 | |
| michael@0 | 49 | DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes); |
| michael@0 | 50 | }; |
| michael@0 | 51 | |
| michael@0 | 52 | // Creates a new AppContainer on the system. |sid| is the identifier of the new |
| michael@0 | 53 | // AppContainer, and |name| will be used as both the display name and moniker. |
| michael@0 | 54 | // This function fails if the OS doesn't support AppContainers, or if there is |
| michael@0 | 55 | // an AppContainer registered with the same id. |
| michael@0 | 56 | ResultCode CreateAppContainer(const string16& sid, const string16& name); |
| michael@0 | 57 | |
| michael@0 | 58 | // Deletes an AppContainer previously created with a successfull call to |
| michael@0 | 59 | // CreateAppContainer. |
| michael@0 | 60 | ResultCode DeleteAppContainer(const string16& sid); |
| michael@0 | 61 | |
| michael@0 | 62 | // Retrieves the name associated with the provided AppContainer sid. Returns an |
| michael@0 | 63 | // empty string if the AppContainer is not registered with the system. |
| michael@0 | 64 | string16 LookupAppContainer(const string16& sid); |
| michael@0 | 65 | |
| michael@0 | 66 | } // namespace sandbox |
| michael@0 | 67 | |
| michael@0 | 68 | #endif // SANDBOX_WIN_SRC_APP_CONTAINER_H_ |
