blob: 8125d706fb4addab8d9b43a5db37d723dd9cfaae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_
#define SANDBOX_WIN_SRC_APP_CONTAINER_H_
#include <windows.h>
#include <vector>
#include "base/memory/scoped_ptr.h"
#include "base/strings/string16.h"
#include "sandbox/win/src/sandbox_types.h"
namespace base {
namespace win {
class StartupInformation;
}
}
namespace sandbox {
// Maintains an attribute list to be used during creation of a new sandboxed
// process.
class AppContainerAttributes {
public:
AppContainerAttributes();
~AppContainerAttributes();
// Sets the AppContainer and capabilities to be used with the new process.
ResultCode SetAppContainer(const base::string16& app_container_sid,
const std::vector<base::string16>& capabilities);
// Updates the proc_thred attribute list of the provided startup_information
// with the app container related data.
// WARNING: startup_information just points back to our internal memory, so
// the lifetime of this object has to be greater than the lifetime of the
// provided startup_information.
ResultCode ShareForStartup(
base::win::StartupInformation* startup_information) const;
bool HasAppContainer() const;
private:
SECURITY_CAPABILITIES capabilities_;
std::vector<SID_AND_ATTRIBUTES> attributes_;
DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes);
};
// Creates a new AppContainer on the system. |sid| is the identifier of the new
// AppContainer, and |name| will be used as both the display name and moniker.
// This function fails if the OS doesn't support AppContainers, or if there is
// an AppContainer registered with the same id.
ResultCode CreateAppContainer(const base::string16& sid,
const base::string16& name);
// Deletes an AppContainer previously created with a successfull call to
// CreateAppContainer.
ResultCode DeleteAppContainer(const base::string16& sid);
// Retrieves the name associated with the provided AppContainer sid. Returns an
// empty string if the AppContainer is not registered with the system.
base::string16 LookupAppContainer(const base::string16& sid);
} // namespace sandbox
#endif // SANDBOX_WIN_SRC_APP_CONTAINER_H_
|
