1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SANDBOX_SRC_ACL_H_
6#define SANDBOX_SRC_ACL_H_
7
8#include <AccCtrl.h>
9#include <windows.h>
10
11#include "base/memory/scoped_ptr.h"
12#include "sandbox/win/src/sid.h"
13
14namespace sandbox {
15
16// Returns the default dacl from the token passed in.
17bool GetDefaultDacl(
18    HANDLE token,
19    scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter>* default_dacl);
20
21// Appends an ACE represented by |sid|, |access_mode|, and |access| to
22// |old_dacl|. If the function succeeds, new_dacl contains the new dacl and
23// must be freed using LocalFree.
24bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MODE access_mode,
25                  ACCESS_MASK access, ACL** new_dacl);
26
27// Adds and ACE represented by |sid| and |access| to the default dacl present
28// in the token.
29bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access);
30
31// Adds an ACE represented by the user sid and |access| to the default dacl
32// present in the token.
33bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access);
34
35// Adds an ACE represented by |known_sid|, |access_mode|, and |access| to
36// the dacl of the kernel object referenced by |object| and of |object_type|.
37bool AddKnownSidToObject(HANDLE object, SE_OBJECT_TYPE object_type,
38                         const Sid& sid, ACCESS_MODE access_mode,
39                         ACCESS_MASK access);
40
41}  // namespace sandbox
42
43
44#endif  // SANDBOX_SRC_ACL_H_
45