• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_WIN_SRC_APP_CONTAINER_H_
6 #define SANDBOX_WIN_SRC_APP_CONTAINER_H_
7 
8 #include <windows.h>
9 
10 #include <vector>
11 
12 #include "base/memory/scoped_ptr.h"
13 #include "base/strings/string16.h"
14 #include "sandbox/win/src/sandbox_types.h"
15 
16 namespace base {
17 namespace win {
18 class StartupInformation;
19 }
20 }
21 
22 namespace sandbox {
23 
24 // Maintains an attribute list to be used during creation of a new sandboxed
25 // process.
26 class AppContainerAttributes {
27  public:
28   AppContainerAttributes();
29   ~AppContainerAttributes();
30 
31   // Sets the AppContainer and capabilities to be used with the new process.
32   ResultCode SetAppContainer(const base::string16& app_container_sid,
33                              const std::vector<base::string16>& capabilities);
34 
35   // Updates the proc_thred attribute list of the provided startup_information
36   // with the app container related data.
37   // WARNING: startup_information just points back to our internal memory, so
38   // the lifetime of this object has to be greater than the lifetime of the
39   // provided startup_information.
40   ResultCode ShareForStartup(
41       base::win::StartupInformation* startup_information) const;
42 
43   bool HasAppContainer() const;
44 
45  private:
46   SECURITY_CAPABILITIES capabilities_;
47   std::vector<SID_AND_ATTRIBUTES> attributes_;
48 
49   DISALLOW_COPY_AND_ASSIGN(AppContainerAttributes);
50 };
51 
52 // Creates a new AppContainer on the system. |sid| is the identifier of the new
53 // AppContainer, and |name| will be used as both the display name and moniker.
54 // This function fails if the OS doesn't support AppContainers, or if there is
55 // an AppContainer registered with the same id.
56 ResultCode CreateAppContainer(const base::string16& sid,
57                               const base::string16& name);
58 
59 // Deletes an AppContainer previously created with a successfull call to
60 // CreateAppContainer.
61 ResultCode DeleteAppContainer(const base::string16& sid);
62 
63 // Retrieves the name associated with the provided AppContainer sid. Returns an
64 // empty string if the AppContainer is not registered with the system.
65 base::string16 LookupAppContainer(const base::string16& sid);
66 
67 }  // namespace sandbox
68 
69 #endif  // SANDBOX_WIN_SRC_APP_CONTAINER_H_
70