1*6777b538SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef BASE_WIN_SECURITY_UTIL_H_ 6*6777b538SAndroid Build Coastguard Worker #define BASE_WIN_SECURITY_UTIL_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <optional> 9*6777b538SAndroid Build Coastguard Worker #include <vector> 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker #include "base/base_export.h" 12*6777b538SAndroid Build Coastguard Worker #include "base/win/sid.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/win/windows_types.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace base { 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker class FilePath; 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker namespace win { 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // Adds allowed ACE entries to a file or directory |path| from a list of SIDs 22*6777b538SAndroid Build Coastguard Worker // with allowed |access_mask| and |inheritance| flags. If |path| is a directory 23*6777b538SAndroid Build Coastguard Worker // and |recursive| is true then any inheritable ACEs granted will be propagated 24*6777b538SAndroid Build Coastguard Worker // to its children. 25*6777b538SAndroid Build Coastguard Worker BASE_EXPORT bool GrantAccessToPath(const FilePath& path, 26*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& sids, 27*6777b538SAndroid Build Coastguard Worker DWORD access_mask, 28*6777b538SAndroid Build Coastguard Worker DWORD inheritance, 29*6777b538SAndroid Build Coastguard Worker bool recursive = true); 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker // Adds deny ACE entries to a file or directory |path| from a list of SIDs with 32*6777b538SAndroid Build Coastguard Worker // allowed |access_mask| and |inheritance| flags. If |path| is a directory and 33*6777b538SAndroid Build Coastguard Worker // |recursive| is true then any inheritable ACEs granted will be propagated to 34*6777b538SAndroid Build Coastguard Worker // its children. 35*6777b538SAndroid Build Coastguard Worker BASE_EXPORT bool DenyAccessToPath(const FilePath& path, 36*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& sids, 37*6777b538SAndroid Build Coastguard Worker DWORD access_mask, 38*6777b538SAndroid Build Coastguard Worker DWORD inheritance, 39*6777b538SAndroid Build Coastguard Worker bool recursive = true); 40*6777b538SAndroid Build Coastguard Worker 41*6777b538SAndroid Build Coastguard Worker // Clone a vector of Sids. 42*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::vector<Sid> CloneSidVector(const std::vector<Sid>& sids); 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker // Append a vector of Sids to an existing vector. 45*6777b538SAndroid Build Coastguard Worker BASE_EXPORT void AppendSidVector(std::vector<Sid>& base_sids, 46*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& append_sids); 47*6777b538SAndroid Build Coastguard Worker 48*6777b538SAndroid Build Coastguard Worker // Gets the granted access for an open handle. 49*6777b538SAndroid Build Coastguard Worker // |handle| specifies any kernel object handle to query. 50*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::optional<ACCESS_MASK> GetGrantedAccess(HANDLE handle); 51*6777b538SAndroid Build Coastguard Worker 52*6777b538SAndroid Build Coastguard Worker } // namespace win 53*6777b538SAndroid Build Coastguard Worker } // namespace base 54*6777b538SAndroid Build Coastguard Worker 55*6777b538SAndroid Build Coastguard Worker #endif // BASE_WIN_SECURITY_UTIL_H_ 56