1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_SRC_ACL_H_ 6 #define SANDBOX_SRC_ACL_H_ 7 8 #include <AccCtrl.h> 9 #include <windows.h> 10 11 #include "base/memory/scoped_ptr.h" 12 #include "sandbox/win/src/sid.h" 13 14 namespace sandbox { 15 16 // Returns the default dacl from the token passed in. 17 bool GetDefaultDacl(HANDLE token, 18 scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl); 19 20 // Appends an ACE represented by |sid|, |access_mode|, and |access| to 21 // |old_dacl|. If the function succeeds, new_dacl contains the new dacl and 22 // must be freed using LocalFree. 23 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MODE access_mode, 24 ACCESS_MASK access, ACL** new_dacl); 25 26 // Adds and ACE represented by |sid| and |access| to the default dacl present 27 // in the token. 28 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access); 29 30 // Adds an ACE represented by the user sid and |access| to the default dacl 31 // present in the token. 32 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access); 33 34 // Adds an ACE represented by |known_sid|, |access_mode|, and |access| to 35 // the dacl of the kernel object referenced by |object| and of |object_type|. 36 bool AddKnownSidToObject(HANDLE object, SE_OBJECT_TYPE object_type, 37 const Sid& sid, ACCESS_MODE access_mode, 38 ACCESS_MASK access); 39 40 } // namespace sandbox 41 42 43 #endif // SANDBOX_SRC_ACL_H_ 44
