1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_SRC_ACL_H_ 6 #define SANDBOX_SRC_ACL_H_ 7 8 #include <windows.h> 9 10 #include "base/memory/scoped_ptr.h" 11 #include "sandbox/win/src/sid.h" 12 13 namespace sandbox { 14 15 // Returns the default dacl from the token passed in. 16 bool GetDefaultDacl(HANDLE token, 17 scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl); 18 19 // Appends an ACE represented by |sid| and |access| to |old_dacl|. If the 20 // function succeeds, new_dacl contains the new dacl and must be freed using 21 // LocalFree. 22 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access, 23 ACL** new_dacl); 24 25 // Adds and ACE represented by |sid| and |access| to the default dacl present 26 // in the token. 27 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access); 28 29 // Adds an ACE represented by the user sid and |access| to the default dacl 30 // present in the token. 31 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access); 32 33 // Adds an ACE represented by |known_sid| and |access| to the dacl of the kernel 34 // object referenced by |object|. 35 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, 36 ACCESS_MASK access); 37 38 } // namespace sandbox 39 40 41 #endif // SANDBOX_SRC_ACL_H_ 42