// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_WIN_SRC_ACL_H_
#define SANDBOX_WIN_SRC_ACL_H_
#include "base/win/security_descriptor.h"
#include "base/win/windows_types.h"
#include "sandbox/win/src/security_level.h"
namespace sandbox {
// Returns the RID associated with a given IntegrityLevel value. This returns
// an empty value if `integrity_level` is set to INTEGRITY_LEVEL_LAST.
std::optional<DWORD> GetIntegrityLevelRid(IntegrityLevel integrity_level);
// Sets the integrity label on a object.
// `handle` should be an open handle with WRITE_OWNER access.
// `object_type` represents the kernel object type of the handle.
// `mandatory_policy` is the mandatory policy to use. This can be zero or more
// of the following bit flags:
// SYSTEM_MANDATORY_LABEL_NO_WRITE_UP - Block write access.
// SYSTEM_MANDATORY_LABEL_NO_READ_UP - Block read access.
// SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP - Block execute access.
// `integrity_level` is the level to set.
// If the function succeeds, the return value is ERROR_SUCCESS. If the
// function fails, the return value is the win32 error code corresponding to
// the error.
DWORD SetObjectIntegrityLabel(HANDLE handle,
base::win::SecurityObjectType object_type,
DWORD mandatory_policy,
IntegrityLevel integrity_level);
} // namespace sandbox
#endif // SANDBOX_WIN_SRC_ACL_H_
Codebase Browser
chromium