diff -r 000000000000 -r 6474c204b198 security/sandbox/win/src/app_container.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/sandbox/win/src/app_container.h Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,68 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_ +#define SANDBOX_WIN_SRC_APP_CONTAINER_H_ + +#include + +#include + +#include "base/memory/scoped_ptr.h" +#include "base/strings/string16.h" +#include "sandbox/win/src/sandbox_types.h" + +namespace base { +namespace win { +class StartupInformation; +} +} + +namespace sandbox { + +// Maintains an attribute list to be used during creation of a new sandboxed +// process. +class AppContainerAttributes { + public: + AppContainerAttributes(); + ~AppContainerAttributes(); + + // Sets the AppContainer and capabilities to be used with the new process. + ResultCode SetAppContainer(const string16& app_container_sid, + const std::vector& capabilities); + + // Updates the proc_thred attribute list of the provided startup_information + // with the app container related data. + // WARNING: startup_information just points back to our internal memory, so + // the lifetime of this object has to be greater than the lifetime of the + // provided startup_information. + ResultCode ShareForStartup( + base::win::StartupInformation* startup_information) const; + + bool HasAppContainer() const; + + private: + SECURITY_CAPABILITIES capabilities_; + std::vector attributes_; + + DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes); +}; + +// Creates a new AppContainer on the system. |sid| is the identifier of the new +// AppContainer, and |name| will be used as both the display name and moniker. +// This function fails if the OS doesn't support AppContainers, or if there is +// an AppContainer registered with the same id. +ResultCode CreateAppContainer(const string16& sid, const string16& name); + +// Deletes an AppContainer previously created with a successfull call to +// CreateAppContainer. +ResultCode DeleteAppContainer(const string16& sid); + +// Retrieves the name associated with the provided AppContainer sid. Returns an +// empty string if the AppContainer is not registered with the system. +string16 LookupAppContainer(const string16& sid); + +} // namespace sandbox + +#endif // SANDBOX_WIN_SRC_APP_CONTAINER_H_