1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/app_container.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,68 @@
1.4 +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_
1.9 +#define SANDBOX_WIN_SRC_APP_CONTAINER_H_
1.10 +
1.11 +#include <windows.h>
1.12 +
1.13 +#include <vector>
1.14 +
1.15 +#include "base/memory/scoped_ptr.h"
1.16 +#include "base/strings/string16.h"
1.17 +#include "sandbox/win/src/sandbox_types.h"
1.18 +
1.19 +namespace base {
1.20 +namespace win {
1.21 +class StartupInformation;
1.22 +}
1.23 +}
1.24 +
1.25 +namespace sandbox {
1.26 +
1.27 +// Maintains an attribute list to be used during creation of a new sandboxed
1.28 +// process.
1.29 +class AppContainerAttributes {
1.30 + public:
1.31 + AppContainerAttributes();
1.32 + ~AppContainerAttributes();
1.33 +
1.34 + // Sets the AppContainer and capabilities to be used with the new process.
1.35 + ResultCode SetAppContainer(const string16& app_container_sid,
1.36 + const std::vector<string16>& capabilities);
1.37 +
1.38 + // Updates the proc_thred attribute list of the provided startup_information
1.39 + // with the app container related data.
1.40 + // WARNING: startup_information just points back to our internal memory, so
1.41 + // the lifetime of this object has to be greater than the lifetime of the
1.42 + // provided startup_information.
1.43 + ResultCode ShareForStartup(
1.44 + base::win::StartupInformation* startup_information) const;
1.45 +
1.46 + bool HasAppContainer() const;
1.47 +
1.48 + private:
1.49 + SECURITY_CAPABILITIES capabilities_;
1.50 + std::vector<SID_AND_ATTRIBUTES> attributes_;
1.51 +
1.52 + DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes);
1.53 +};
1.54 +
1.55 +// Creates a new AppContainer on the system. |sid| is the identifier of the new
1.56 +// AppContainer, and |name| will be used as both the display name and moniker.
1.57 +// This function fails if the OS doesn't support AppContainers, or if there is
1.58 +// an AppContainer registered with the same id.
1.59 +ResultCode CreateAppContainer(const string16& sid, const string16& name);
1.60 +
1.61 +// Deletes an AppContainer previously created with a successfull call to
1.62 +// CreateAppContainer.
1.63 +ResultCode DeleteAppContainer(const string16& sid);
1.64 +
1.65 +// Retrieves the name associated with the provided AppContainer sid. Returns an
1.66 +// empty string if the AppContainer is not registered with the system.
1.67 +string16 LookupAppContainer(const string16& sid);
1.68 +
1.69 +} // namespace sandbox
1.70 +
1.71 +#endif // SANDBOX_WIN_SRC_APP_CONTAINER_H_
