1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_SRC_ACL_H_ 6 #define SANDBOX_SRC_ACL_H_ 7 8 #include <AccCtrl.h> 9 #include <windows.h> 10 11 #include "base/memory/scoped_ptr.h" 12 #include "sandbox/win/src/sid.h" 13 14 namespace sandbox { 15 16 // Returns the default dacl from the token passed in. 17 bool GetDefaultDacl( 18 HANDLE token, 19 scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter>* default_dacl); 20 21 // Appends an ACE represented by |sid|, |access_mode|, and |access| to 22 // |old_dacl|. If the function succeeds, new_dacl contains the new dacl and 23 // must be freed using LocalFree. 24 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MODE access_mode, 25 ACCESS_MASK access, ACL** new_dacl); 26 27 // Adds and ACE represented by |sid| and |access| to the default dacl present 28 // in the token. 29 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access); 30 31 // Adds an ACE represented by the user sid and |access| to the default dacl 32 // present in the token. 33 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access); 34 35 // Adds an ACE represented by |known_sid|, |access_mode|, and |access| to 36 // the dacl of the kernel object referenced by |object| and of |object_type|. 37 bool AddKnownSidToObject(HANDLE object, SE_OBJECT_TYPE object_type, 38 const Sid& sid, ACCESS_MODE access_mode, 39 ACCESS_MASK access); 40 41 } // namespace sandbox 42 43 44 #endif // SANDBOX_SRC_ACL_H_ 45
