win/src/acl.h - chromium/src/sandbox - Git at Google

 // Copyright 2012 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SANDBOX_WIN_SRC_ACL_H_
 #define SANDBOX_WIN_SRC_ACL_H_

 #include "base/win/security_descriptor.h"
 #include "base/win/windows_types.h"
 #include "sandbox/win/src/security_level.h"

 namespace sandbox {

 // Returns the RID associated with a given IntegrityLevel value. This returns
 // an empty value if `integrity_level` is set to INTEGRITY_LEVEL_LAST.
 std::optional<DWORD> GetIntegrityLevelRid(IntegrityLevel integrity_level);

 // Sets the integrity label on a object.
 // `handle` should be an open handle with WRITE_OWNER access.
 // `object_type` represents the kernel object type of the handle.
 // `mandatory_policy` is the mandatory policy to use. This can be zero or more
 // of the following bit flags:
 // SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   - Block write access.
 // SYSTEM_MANDATORY_LABEL_NO_READ_UP    - Block read access.
 // SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP - Block execute access.
 // `integrity_level` is the level to set.
 // If the function succeeds, the return value is ERROR_SUCCESS. If the
 // function fails, the return value is the win32 error code corresponding to
 // the error.
 DWORD SetObjectIntegrityLabel(HANDLE handle,
                               base::win::SecurityObjectType object_type,
                               DWORD mandatory_policy,
                               IntegrityLevel integrity_level);

 }  // namespace sandbox

 #endif  // SANDBOX_WIN_SRC_ACL_H_
	// Copyright 2012 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SANDBOX_WIN_SRC_ACL_H_
	#define SANDBOX_WIN_SRC_ACL_H_

	#include "base/win/security_descriptor.h"
	#include "base/win/windows_types.h"
	#include "sandbox/win/src/security_level.h"

	namespace sandbox {

	// Returns the RID associated with a given IntegrityLevel value. This returns
	// an empty value if `integrity_level` is set to INTEGRITY_LEVEL_LAST.
	std::optional<DWORD> GetIntegrityLevelRid(IntegrityLevel integrity_level);

	// Sets the integrity label on a object.
	// `handle` should be an open handle with WRITE_OWNER access.
	// `object_type` represents the kernel object type of the handle.
	// `mandatory_policy` is the mandatory policy to use. This can be zero or more
	// of the following bit flags:
	// SYSTEM_MANDATORY_LABEL_NO_WRITE_UP - Block write access.
	// SYSTEM_MANDATORY_LABEL_NO_READ_UP - Block read access.
	// SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP - Block execute access.
	// `integrity_level` is the level to set.
	// If the function succeeds, the return value is ERROR_SUCCESS. If the
	// function fails, the return value is the win32 error code corresponding to
	// the error.
	DWORD SetObjectIntegrityLabel(HANDLE handle,
	base::win::SecurityObjectType object_type,
	DWORD mandatory_policy,
	IntegrityLevel integrity_level);

	} // namespace sandbox

	#endif // SANDBOX_WIN_SRC_ACL_H_