michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_ michael@0: #define SANDBOX_WIN_SRC_APP_CONTAINER_H_ michael@0: michael@0: #include michael@0: michael@0: #include michael@0: michael@0: #include "base/memory/scoped_ptr.h" michael@0: #include "base/strings/string16.h" michael@0: #include "sandbox/win/src/sandbox_types.h" michael@0: michael@0: namespace base { michael@0: namespace win { michael@0: class StartupInformation; michael@0: } michael@0: } michael@0: michael@0: namespace sandbox { michael@0: michael@0: // Maintains an attribute list to be used during creation of a new sandboxed michael@0: // process. michael@0: class AppContainerAttributes { michael@0: public: michael@0: AppContainerAttributes(); michael@0: ~AppContainerAttributes(); michael@0: michael@0: // Sets the AppContainer and capabilities to be used with the new process. michael@0: ResultCode SetAppContainer(const string16& app_container_sid, michael@0: const std::vector& capabilities); michael@0: michael@0: // Updates the proc_thred attribute list of the provided startup_information michael@0: // with the app container related data. michael@0: // WARNING: startup_information just points back to our internal memory, so michael@0: // the lifetime of this object has to be greater than the lifetime of the michael@0: // provided startup_information. michael@0: ResultCode ShareForStartup( michael@0: base::win::StartupInformation* startup_information) const; michael@0: michael@0: bool HasAppContainer() const; michael@0: michael@0: private: michael@0: SECURITY_CAPABILITIES capabilities_; michael@0: std::vector attributes_; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes); michael@0: }; michael@0: michael@0: // Creates a new AppContainer on the system. |sid| is the identifier of the new michael@0: // AppContainer, and |name| will be used as both the display name and moniker. michael@0: // This function fails if the OS doesn't support AppContainers, or if there is michael@0: // an AppContainer registered with the same id. michael@0: ResultCode CreateAppContainer(const string16& sid, const string16& name); michael@0: michael@0: // Deletes an AppContainer previously created with a successfull call to michael@0: // CreateAppContainer. michael@0: ResultCode DeleteAppContainer(const string16& sid); michael@0: michael@0: // Retrieves the name associated with the provided AppContainer sid. Returns an michael@0: // empty string if the AppContainer is not registered with the system. michael@0: string16 LookupAppContainer(const string16& sid); michael@0: michael@0: } // namespace sandbox michael@0: michael@0: #endif // SANDBOX_WIN_SRC_APP_CONTAINER_H_