1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/acl.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,41 @@
1.4 +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_SRC_ACL_H_
1.9 +#define SANDBOX_SRC_ACL_H_
1.10 +
1.11 +#include <windows.h>
1.12 +
1.13 +#include "base/memory/scoped_ptr.h"
1.14 +#include "sandbox/win/src/sid.h"
1.15 +
1.16 +namespace sandbox {
1.17 +
1.18 +// Returns the default dacl from the token passed in.
1.19 +bool GetDefaultDacl(HANDLE token,
1.20 + scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl);
1.21 +
1.22 +// Appends an ACE represented by |sid| and |access| to |old_dacl|. If the
1.23 +// function succeeds, new_dacl contains the new dacl and must be freed using
1.24 +// LocalFree.
1.25 +bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access,
1.26 + ACL** new_dacl);
1.27 +
1.28 +// Adds and ACE represented by |sid| and |access| to the default dacl present
1.29 +// in the token.
1.30 +bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access);
1.31 +
1.32 +// Adds an ACE represented by the user sid and |access| to the default dacl
1.33 +// present in the token.
1.34 +bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access);
1.35 +
1.36 +// Adds an ACE represented by |known_sid| and |access| to the dacl of the kernel
1.37 +// object referenced by |object|.
1.38 +bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid,
1.39 + ACCESS_MASK access);
1.40 +
1.41 +} // namespace sandbox
1.42 +
1.43 +
1.44 +#endif // SANDBOX_SRC_ACL_H_
