michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved.
michael@0: // Use of this source code is governed by a BSD-style license that can be
michael@0: // found in the LICENSE file.
michael@0: 
michael@0: #ifndef SANDBOX_SRC_ACL_H_
michael@0: #define SANDBOX_SRC_ACL_H_
michael@0: 
michael@0: #include <windows.h>
michael@0: 
michael@0: #include "base/memory/scoped_ptr.h"
michael@0: #include "sandbox/win/src/sid.h"
michael@0: 
michael@0: namespace sandbox {
michael@0: 
michael@0: // Returns the default dacl from the token passed in.
michael@0: bool GetDefaultDacl(HANDLE token,
michael@0:                     scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl);
michael@0: 
michael@0: // Appends an ACE represented by |sid| and |access| to |old_dacl|. If the
michael@0: // function succeeds, new_dacl contains the new dacl and must be freed using
michael@0: // LocalFree.
michael@0: bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access,
michael@0:                   ACL** new_dacl);
michael@0: 
michael@0: // Adds and ACE represented by |sid| and |access| to the default dacl present
michael@0: // in the token.
michael@0: bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access);
michael@0: 
michael@0: // Adds an ACE represented by the user sid and |access| to the default dacl
michael@0: // present in the token.
michael@0: bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access);
michael@0: 
michael@0: // Adds an ACE represented by |known_sid| and |access| to the dacl of the kernel
michael@0: // object referenced by |object|.
michael@0: bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid,
michael@0:                                ACCESS_MASK access);
michael@0: 
michael@0: }  // namespace sandbox
michael@0: 
michael@0: 
michael@0: #endif  // SANDBOX_SRC_ACL_H_