Home | History | Annotate | Download | only in src 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_
      6 #define SANDBOX_WIN_SRC_APP_CONTAINER_H_
      7 
      8 #include <windows.h>
      9 
     10 #include <vector>
     11 
     12 #include "base/memory/scoped_ptr.h"
     13 #include "base/strings/string16.h"
     14 #include "sandbox/win/src/sandbox_types.h"
     15 
     16 namespace base {
     17 namespace win {
     18 class StartupInformation;
     19 }
     20 }
     21 
     22 namespace sandbox {
     23 
     24 // Maintains an attribute list to be used during creation of a new sandboxed
     25 // process.
     26 class AppContainerAttributes {
     27  public:
     28   AppContainerAttributes();
     29   ~AppContainerAttributes();
     30 
     31   // Sets the AppContainer and capabilities to be used with the new process.
     32   ResultCode SetAppContainer(const base::string16& app_container_sid,
     33                              const std::vector<base::string16>& capabilities);
     34 
     35   // Updates the proc_thred attribute list of the provided startup_information
     36   // with the app container related data.
     37   // WARNING: startup_information just points back to our internal memory, so
     38   // the lifetime of this object has to be greater than the lifetime of the
     39   // provided startup_information.
     40   ResultCode ShareForStartup(
     41       base::win::StartupInformation* startup_information) const;
     42 
     43   bool HasAppContainer() const;
     44 
     45  private:
     46   SECURITY_CAPABILITIES capabilities_;
     47   std::vector<SID_AND_ATTRIBUTES> attributes_;
     48 
     49   DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes);
     50 };
     51 
     52 // Creates a new AppContainer on the system. |sid| is the identifier of the new
     53 // AppContainer, and |name| will be used as both the display name and moniker.
     54 // This function fails if the OS doesn't support AppContainers, or if there is
     55 // an AppContainer registered with the same id.
     56 ResultCode CreateAppContainer(const base::string16& sid,
     57                               const base::string16& name);
     58 
     59 // Deletes an AppContainer previously created with a successfull call to
     60 // CreateAppContainer.
     61 ResultCode DeleteAppContainer(const base::string16& sid);
     62 
     63 // Retrieves the name associated with the provided AppContainer sid. Returns an
     64 // empty string if the AppContainer is not registered with the system.
     65 base::string16 LookupAppContainer(const base::string16& sid);
     66 
     67 }  // namespace sandbox
     68 
     69 #endif  // SANDBOX_WIN_SRC_APP_CONTAINER_H_
     70