security_util.h (2065B)
1 // Copyright 2021 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_WIN_SECURITY_UTIL_H_ 6 #define BASE_WIN_SECURITY_UTIL_H_ 7 8 #include <vector> 9 10 #include "base/base_export.h" 11 #include "base/win/sid.h" 12 #include "base/win/windows_types.h" 13 #include "third_party/abseil-cpp/absl/types/optional.h" 14 15 namespace base { 16 17 class FilePath; 18 19 namespace win { 20 21 // Adds allowed ACE entries to a file or directory |path| from a list of SIDs 22 // with allowed |access_mask| and |inheritance| flags. If |path| is a directory 23 // and |recursive| is true then any inheritable ACEs granted will be propagated 24 // to its children. 25 BASE_EXPORT bool GrantAccessToPath(const FilePath& path, 26 const std::vector<Sid>& sids, 27 DWORD access_mask, 28 DWORD inheritance, 29 bool recursive = true); 30 31 // Adds deny ACE entries to a file or directory |path| from a list of SIDs with 32 // allowed |access_mask| and |inheritance| flags. If |path| is a directory and 33 // |recursive| is true then any inheritable ACEs granted will be propagated to 34 // its children. 35 BASE_EXPORT bool DenyAccessToPath(const FilePath& path, 36 const std::vector<Sid>& sids, 37 DWORD access_mask, 38 DWORD inheritance, 39 bool recursive = true); 40 41 // Clone a vector of Sids. 42 BASE_EXPORT std::vector<Sid> CloneSidVector(const std::vector<Sid>& sids); 43 44 // Append a vector of Sids to an existing vector. 45 BASE_EXPORT void AppendSidVector(std::vector<Sid>& base_sids, 46 const std::vector<Sid>& append_sids); 47 48 // Gets the granted access for an open handle. 49 // |handle| specifies any kernel object handle to query. 50 BASE_EXPORT absl::optional<ACCESS_MASK> GetGrantedAccess(HANDLE handle); 51 52 } // namespace win 53 } // namespace base 54 55 #endif // BASE_WIN_SECURITY_UTIL_H_