1*6777b538SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef BASE_WIN_ACCESS_TOKEN_H_ 6*6777b538SAndroid Build Coastguard Worker #define BASE_WIN_ACCESS_TOKEN_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <memory> 9*6777b538SAndroid Build Coastguard Worker #include <optional> 10*6777b538SAndroid Build Coastguard Worker #include <string> 11*6777b538SAndroid Build Coastguard Worker #include <vector> 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker #include "base/base_export.h" 14*6777b538SAndroid Build Coastguard Worker #include "base/win/access_control_list.h" 15*6777b538SAndroid Build Coastguard Worker #include "base/win/scoped_handle.h" 16*6777b538SAndroid Build Coastguard Worker #include "base/win/sid.h" 17*6777b538SAndroid Build Coastguard Worker #include "base/win/windows_types.h" 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker namespace base::win { 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // Impersonation level for the token. 22*6777b538SAndroid Build Coastguard Worker enum class SecurityImpersonationLevel { 23*6777b538SAndroid Build Coastguard Worker kAnonymous, 24*6777b538SAndroid Build Coastguard Worker kIdentification, 25*6777b538SAndroid Build Coastguard Worker kImpersonation, 26*6777b538SAndroid Build Coastguard Worker kDelegation 27*6777b538SAndroid Build Coastguard Worker }; 28*6777b538SAndroid Build Coastguard Worker 29*6777b538SAndroid Build Coastguard Worker // This class is used to access the information for a Windows access token. 30*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT AccessToken { 31*6777b538SAndroid Build Coastguard Worker public: 32*6777b538SAndroid Build Coastguard Worker // This class represents an access token group. 33*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT Group { 34*6777b538SAndroid Build Coastguard Worker public: 35*6777b538SAndroid Build Coastguard Worker // Get the group SID. GetSid()36*6777b538SAndroid Build Coastguard Worker const Sid& GetSid() const { return sid_; } 37*6777b538SAndroid Build Coastguard Worker // Get the group attribute flags. GetAttributes()38*6777b538SAndroid Build Coastguard Worker DWORD GetAttributes() const { return attributes_; } 39*6777b538SAndroid Build Coastguard Worker // Returns true if the group is an integrity level. 40*6777b538SAndroid Build Coastguard Worker bool IsIntegrity() const; 41*6777b538SAndroid Build Coastguard Worker // Returns true if the group is enabled. 42*6777b538SAndroid Build Coastguard Worker bool IsEnabled() const; 43*6777b538SAndroid Build Coastguard Worker // Returns true if the group is deny only. 44*6777b538SAndroid Build Coastguard Worker bool IsDenyOnly() const; 45*6777b538SAndroid Build Coastguard Worker // Returns true if the group is the logon ID. 46*6777b538SAndroid Build Coastguard Worker bool IsLogonId() const; 47*6777b538SAndroid Build Coastguard Worker 48*6777b538SAndroid Build Coastguard Worker Group(Sid&& sid, DWORD attributes); 49*6777b538SAndroid Build Coastguard Worker Group(Group&&); 50*6777b538SAndroid Build Coastguard Worker ~Group(); 51*6777b538SAndroid Build Coastguard Worker 52*6777b538SAndroid Build Coastguard Worker private: 53*6777b538SAndroid Build Coastguard Worker Sid sid_; 54*6777b538SAndroid Build Coastguard Worker DWORD attributes_; 55*6777b538SAndroid Build Coastguard Worker }; 56*6777b538SAndroid Build Coastguard Worker 57*6777b538SAndroid Build Coastguard Worker // This class represents an access token privilege. 58*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT Privilege { 59*6777b538SAndroid Build Coastguard Worker public: 60*6777b538SAndroid Build Coastguard Worker // Get the privilege LUID. GetLuid()61*6777b538SAndroid Build Coastguard Worker CHROME_LUID GetLuid() const { return luid_; } 62*6777b538SAndroid Build Coastguard Worker // Get the privilege attribute flags. GetAttributes()63*6777b538SAndroid Build Coastguard Worker DWORD GetAttributes() const { return attributes_; } 64*6777b538SAndroid Build Coastguard Worker // Get the name of the privilege. 65*6777b538SAndroid Build Coastguard Worker std::wstring GetName() const; 66*6777b538SAndroid Build Coastguard Worker // Returns true if the privilege is enabled. 67*6777b538SAndroid Build Coastguard Worker bool IsEnabled() const; 68*6777b538SAndroid Build Coastguard Worker 69*6777b538SAndroid Build Coastguard Worker Privilege(CHROME_LUID luid, DWORD attributes); 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Worker private: 72*6777b538SAndroid Build Coastguard Worker CHROME_LUID luid_; 73*6777b538SAndroid Build Coastguard Worker DWORD attributes_; 74*6777b538SAndroid Build Coastguard Worker }; 75*6777b538SAndroid Build Coastguard Worker 76*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object from a token handle. 77*6777b538SAndroid Build Coastguard Worker // |token| the token handle. This handle will be duplicated for TOKEN_QUERY 78*6777b538SAndroid Build Coastguard Worker // access, therefore the caller must be granted that access to the token 79*6777b538SAndroid Build Coastguard Worker // object. The AccessToken object owns its own copy of the token handle so 80*6777b538SAndroid Build Coastguard Worker // the original can be closed. 81*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 82*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 83*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromToken(HANDLE token, 84*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 85*6777b538SAndroid Build Coastguard Worker 86*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object from an existing token handle. 87*6777b538SAndroid Build Coastguard Worker // |token| the token handle. The AccessToken object will take ownership of 88*6777b538SAndroid Build Coastguard Worker // this handle without duplicating it. It must have been opened with at least 89*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY access to succeed. 90*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromToken(ScopedHandle&& token); 91*6777b538SAndroid Build Coastguard Worker 92*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object from a process handle. 93*6777b538SAndroid Build Coastguard Worker // |process| the process handle. The handle needs to have 94*6777b538SAndroid Build Coastguard Worker // PROCESS_QUERY_LIMITED_INFORMATION access to the handle and TOKEN_QUERY 95*6777b538SAndroid Build Coastguard Worker // access to the token object. 96*6777b538SAndroid Build Coastguard Worker // |impersonation| if true then the process token will be duplicated to an 97*6777b538SAndroid Build Coastguard Worker // impersonation token. This allows you to call the IsMember API which 98*6777b538SAndroid Build Coastguard Worker // requires an impersonation token. To duplicate TOKEN_DUPLICATE access is 99*6777b538SAndroid Build Coastguard Worker // required. 100*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 101*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 102*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromProcess(HANDLE process, 103*6777b538SAndroid Build Coastguard Worker bool impersonation = false, 104*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 105*6777b538SAndroid Build Coastguard Worker 106*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object for the current process. 107*6777b538SAndroid Build Coastguard Worker // |impersonation| if true then the process token will be duplicated to an 108*6777b538SAndroid Build Coastguard Worker // impersonation token. This allows you to call the IsMember API which 109*6777b538SAndroid Build Coastguard Worker // requires an impersonation token. To duplicate TOKEN_DUPLICATE access is 110*6777b538SAndroid Build Coastguard Worker // required. 111*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 112*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 113*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromCurrentProcess( 114*6777b538SAndroid Build Coastguard Worker bool impersonation = false, 115*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 116*6777b538SAndroid Build Coastguard Worker 117*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object from a thread handle. The thread must be 118*6777b538SAndroid Build Coastguard Worker // impersonating a token for this to succeed. 119*6777b538SAndroid Build Coastguard Worker // |thread| the thread handle. The handle needs to have 120*6777b538SAndroid Build Coastguard Worker // THREAD_QUERY_LIMITED_INFORMATION access and TOKEN_QUERY access to the 121*6777b538SAndroid Build Coastguard Worker // token object. 122*6777b538SAndroid Build Coastguard Worker // |open_as_self| open the token using the process token rather than the 123*6777b538SAndroid Build Coastguard Worker // current thread's impersonated token. 124*6777b538SAndroid Build Coastguard Worker // If the thread isn't impersonating it will return an empty value and the 125*6777b538SAndroid Build Coastguard Worker // Win32 last error code will be ERROR_NO_TOKEN. 126*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 127*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 128*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromThread(HANDLE thread, 129*6777b538SAndroid Build Coastguard Worker bool open_as_self = true, 130*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 131*6777b538SAndroid Build Coastguard Worker 132*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object from the current thread. The thread must be 133*6777b538SAndroid Build Coastguard Worker // impersonating a token for this to succeed. 134*6777b538SAndroid Build Coastguard Worker // |open_as_self| open the thread handle using the process token rather 135*6777b538SAndroid Build Coastguard Worker // than the current thread's impersonated token. 136*6777b538SAndroid Build Coastguard Worker // If the thread isn't impersonating it will return an empty value and the 137*6777b538SAndroid Build Coastguard Worker // Win32 last error code will be ERROR_NO_TOKEN. 138*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 139*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 140*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromCurrentThread( 141*6777b538SAndroid Build Coastguard Worker bool open_as_self = true, 142*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 143*6777b538SAndroid Build Coastguard Worker 144*6777b538SAndroid Build Coastguard Worker // Creates an AccessToken object for the current thread's effective token. 145*6777b538SAndroid Build Coastguard Worker // If the thread is impersonating then it'll try and open the thread token, 146*6777b538SAndroid Build Coastguard Worker // otherwise it'll open the process token. 147*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle, 148*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 149*6777b538SAndroid Build Coastguard Worker static std::optional<AccessToken> FromEffective( 150*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0); 151*6777b538SAndroid Build Coastguard Worker 152*6777b538SAndroid Build Coastguard Worker AccessToken(const AccessToken&) = delete; 153*6777b538SAndroid Build Coastguard Worker AccessToken& operator=(const AccessToken&) = delete; 154*6777b538SAndroid Build Coastguard Worker AccessToken(AccessToken&&); 155*6777b538SAndroid Build Coastguard Worker AccessToken& operator=(AccessToken&&); 156*6777b538SAndroid Build Coastguard Worker ~AccessToken(); 157*6777b538SAndroid Build Coastguard Worker 158*6777b538SAndroid Build Coastguard Worker // Get the token's user SID. 159*6777b538SAndroid Build Coastguard Worker Sid User() const; 160*6777b538SAndroid Build Coastguard Worker 161*6777b538SAndroid Build Coastguard Worker // Get the token's user group. 162*6777b538SAndroid Build Coastguard Worker Group UserGroup() const; 163*6777b538SAndroid Build Coastguard Worker 164*6777b538SAndroid Build Coastguard Worker // Get the token's owner SID. This can be different to the user SID, it's 165*6777b538SAndroid Build Coastguard Worker // used as the default owner for new secured objects. 166*6777b538SAndroid Build Coastguard Worker Sid Owner() const; 167*6777b538SAndroid Build Coastguard Worker 168*6777b538SAndroid Build Coastguard Worker // Get the token's primary group SID. 169*6777b538SAndroid Build Coastguard Worker Sid PrimaryGroup() const; 170*6777b538SAndroid Build Coastguard Worker 171*6777b538SAndroid Build Coastguard Worker // Get the token logon SID. Returns an empty value if the token doesn't have 172*6777b538SAndroid Build Coastguard Worker // a logon SID. If the logon SID doesn't exist then the Win32 last error code 173*6777b538SAndroid Build Coastguard Worker // will be ERROR_NOT_FOUND. 174*6777b538SAndroid Build Coastguard Worker std::optional<Sid> LogonId() const; 175*6777b538SAndroid Build Coastguard Worker 176*6777b538SAndroid Build Coastguard Worker // Get the token's integrity level. Returns MAXDWORD if the token doesn't 177*6777b538SAndroid Build Coastguard Worker // have an integrity level. 178*6777b538SAndroid Build Coastguard Worker DWORD IntegrityLevel() const; 179*6777b538SAndroid Build Coastguard Worker 180*6777b538SAndroid Build Coastguard Worker // Set the token's integrity level. Token needs to have been opened with 181*6777b538SAndroid Build Coastguard Worker // TOKEN_ADJUST_DEFAULT access. 182*6777b538SAndroid Build Coastguard Worker bool SetIntegrityLevel(DWORD integrity_level); 183*6777b538SAndroid Build Coastguard Worker 184*6777b538SAndroid Build Coastguard Worker // Get the token's session ID. Returns MAXDWORD if the token if the session 185*6777b538SAndroid Build Coastguard Worker // ID can't be queried. 186*6777b538SAndroid Build Coastguard Worker DWORD SessionId() const; 187*6777b538SAndroid Build Coastguard Worker 188*6777b538SAndroid Build Coastguard Worker // The token's group list. 189*6777b538SAndroid Build Coastguard Worker std::vector<Group> Groups() const; 190*6777b538SAndroid Build Coastguard Worker 191*6777b538SAndroid Build Coastguard Worker // Get whether the token is a restricted. 192*6777b538SAndroid Build Coastguard Worker bool IsRestricted() const; 193*6777b538SAndroid Build Coastguard Worker 194*6777b538SAndroid Build Coastguard Worker // The token's restricted SIDs list. If not a restricted token this will 195*6777b538SAndroid Build Coastguard Worker // return an empty vector. 196*6777b538SAndroid Build Coastguard Worker std::vector<Group> RestrictedSids() const; 197*6777b538SAndroid Build Coastguard Worker 198*6777b538SAndroid Build Coastguard Worker // Get whether the token is an appcontainer. 199*6777b538SAndroid Build Coastguard Worker bool IsAppContainer() const; 200*6777b538SAndroid Build Coastguard Worker 201*6777b538SAndroid Build Coastguard Worker // Get the token's appcontainer SID. If not an appcontainer token this will 202*6777b538SAndroid Build Coastguard Worker // return an empty value. 203*6777b538SAndroid Build Coastguard Worker std::optional<Sid> AppContainerSid() const; 204*6777b538SAndroid Build Coastguard Worker 205*6777b538SAndroid Build Coastguard Worker // The token's capabilities. If not an appcontainer token this will return an 206*6777b538SAndroid Build Coastguard Worker // empty vector. 207*6777b538SAndroid Build Coastguard Worker std::vector<Group> Capabilities() const; 208*6777b538SAndroid Build Coastguard Worker 209*6777b538SAndroid Build Coastguard Worker // Get the UAC linked token. 210*6777b538SAndroid Build Coastguard Worker std::optional<AccessToken> LinkedToken() const; 211*6777b538SAndroid Build Coastguard Worker 212*6777b538SAndroid Build Coastguard Worker // Get the default DACL for the token. Returns an empty value on error. 213*6777b538SAndroid Build Coastguard Worker std::optional<AccessControlList> DefaultDacl() const; 214*6777b538SAndroid Build Coastguard Worker 215*6777b538SAndroid Build Coastguard Worker // Set the default DACL of the token. Token needs to have been opened with 216*6777b538SAndroid Build Coastguard Worker // TOKEN_ADJUST_DEFAULT access. 217*6777b538SAndroid Build Coastguard Worker bool SetDefaultDacl(const AccessControlList& default_dacl); 218*6777b538SAndroid Build Coastguard Worker 219*6777b538SAndroid Build Coastguard Worker // Get the token's ID. 220*6777b538SAndroid Build Coastguard Worker CHROME_LUID Id() const; 221*6777b538SAndroid Build Coastguard Worker 222*6777b538SAndroid Build Coastguard Worker // Get the token's authentication ID. 223*6777b538SAndroid Build Coastguard Worker CHROME_LUID AuthenticationId() const; 224*6777b538SAndroid Build Coastguard Worker 225*6777b538SAndroid Build Coastguard Worker // Get the token's privileges. 226*6777b538SAndroid Build Coastguard Worker std::vector<Privilege> Privileges() const; 227*6777b538SAndroid Build Coastguard Worker 228*6777b538SAndroid Build Coastguard Worker // Get whether the token is elevated. 229*6777b538SAndroid Build Coastguard Worker bool IsElevated() const; 230*6777b538SAndroid Build Coastguard Worker 231*6777b538SAndroid Build Coastguard Worker // Checks if the sid is a member of the token's groups. The token must be 232*6777b538SAndroid Build Coastguard Worker // an impersonation token rather than a primary token. If the token is not an 233*6777b538SAndroid Build Coastguard Worker // impersonation token then it returns false and the Win32 last error will be 234*6777b538SAndroid Build Coastguard Worker // set to ERROR_NO_IMPERSONATION_TOKEN. 235*6777b538SAndroid Build Coastguard Worker bool IsMember(const Sid& sid) const; 236*6777b538SAndroid Build Coastguard Worker 237*6777b538SAndroid Build Coastguard Worker // Checks if the well known sid is a member of the token's groups. The token 238*6777b538SAndroid Build Coastguard Worker // must be an impersonation token rather than a primary token. If the token 239*6777b538SAndroid Build Coastguard Worker // is not an impersonation token then it returns false and the Win32 last 240*6777b538SAndroid Build Coastguard Worker // error will be set to ERROR_NO_IMPERSONATION_TOKEN. 241*6777b538SAndroid Build Coastguard Worker bool IsMember(WellKnownSid known_sid) const; 242*6777b538SAndroid Build Coastguard Worker 243*6777b538SAndroid Build Coastguard Worker // Checks if the token is an impersonation token. If false then it's a primary 244*6777b538SAndroid Build Coastguard Worker // token. 245*6777b538SAndroid Build Coastguard Worker bool IsImpersonation() const; 246*6777b538SAndroid Build Coastguard Worker 247*6777b538SAndroid Build Coastguard Worker // Checks if the token can only be used for identification. This is based on 248*6777b538SAndroid Build Coastguard Worker // the security impersonation level of the token. If the level is less than 249*6777b538SAndroid Build Coastguard Worker // or equal to SecurityIdentification this function returns true. Always 250*6777b538SAndroid Build Coastguard Worker // returns false for a primary token. 251*6777b538SAndroid Build Coastguard Worker bool IsIdentification() const; 252*6777b538SAndroid Build Coastguard Worker 253*6777b538SAndroid Build Coastguard Worker // Get the current impersonation level. If the token is a primary token 254*6777b538SAndroid Build Coastguard Worker // the function returns kImpersonation. 255*6777b538SAndroid Build Coastguard Worker SecurityImpersonationLevel ImpersonationLevel() const; 256*6777b538SAndroid Build Coastguard Worker 257*6777b538SAndroid Build Coastguard Worker // Duplicate the token to a new primary token. 258*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle. 259*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 260*6777b538SAndroid Build Coastguard Worker // The original token must have TOKEN_DUPLICATE access to successfully 261*6777b538SAndroid Build Coastguard Worker // duplicate the token. 262*6777b538SAndroid Build Coastguard Worker std::optional<AccessToken> DuplicatePrimary( 263*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0) const; 264*6777b538SAndroid Build Coastguard Worker 265*6777b538SAndroid Build Coastguard Worker // Duplicate the token to a new impersonation token. 266*6777b538SAndroid Build Coastguard Worker // |impersonation_level| specifies the impersonation level for the token. 267*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle. 268*6777b538SAndroid Build Coastguard Worker // TOKEN_QUERY will always be requested. 269*6777b538SAndroid Build Coastguard Worker // The original token must have TOKEN_DUPLICATE access to successfully 270*6777b538SAndroid Build Coastguard Worker // duplicate the token. 271*6777b538SAndroid Build Coastguard Worker std::optional<AccessToken> DuplicateImpersonation( 272*6777b538SAndroid Build Coastguard Worker SecurityImpersonationLevel impersonation_level = 273*6777b538SAndroid Build Coastguard Worker SecurityImpersonationLevel::kImpersonation, 274*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0) const; 275*6777b538SAndroid Build Coastguard Worker 276*6777b538SAndroid Build Coastguard Worker // Create a new restricted token from this token. 277*6777b538SAndroid Build Coastguard Worker // |flags| can be set to a combination of DISABLE_MAX_PRIVILEGE, 278*6777b538SAndroid Build Coastguard Worker // SANDBOX_INERT, LUA_TOKEN and WRITE_RESTRICTED. 279*6777b538SAndroid Build Coastguard Worker // |sids_to_disable| is the list of SIDs to disable in the token. 280*6777b538SAndroid Build Coastguard Worker // |privileges_to_delete| is the names of the privileges to delete. 281*6777b538SAndroid Build Coastguard Worker // |sids_to_restrict| is the list of SIDs to add as restricted SIDs. 282*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle. 283*6777b538SAndroid Build Coastguard Worker // The token needs to be opened with TOKEN_DUPLICATE access. 284*6777b538SAndroid Build Coastguard Worker std::optional<AccessToken> CreateRestricted( 285*6777b538SAndroid Build Coastguard Worker DWORD flags, 286*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& sids_to_disable, 287*6777b538SAndroid Build Coastguard Worker const std::vector<std::wstring>& privileges_to_delete, 288*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& sids_to_restrict, 289*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0) const; 290*6777b538SAndroid Build Coastguard Worker 291*6777b538SAndroid Build Coastguard Worker // Create a new AppContainer primary token from this token. 292*6777b538SAndroid Build Coastguard Worker // |app_container_sid| the AppContainer package SID. 293*6777b538SAndroid Build Coastguard Worker // |capabilities| the list of AppContainer capabilities. 294*6777b538SAndroid Build Coastguard Worker // |desired_access| specifies additional access for the token handle. 295*6777b538SAndroid Build Coastguard Worker // The token needs to be opened with TOKEN_DUPLICATE access. 296*6777b538SAndroid Build Coastguard Worker std::optional<AccessToken> CreateAppContainer( 297*6777b538SAndroid Build Coastguard Worker const Sid& appcontainer_sid, 298*6777b538SAndroid Build Coastguard Worker const std::vector<Sid>& capabilities, 299*6777b538SAndroid Build Coastguard Worker ACCESS_MASK desired_access = 0) const; 300*6777b538SAndroid Build Coastguard Worker 301*6777b538SAndroid Build Coastguard Worker // Enable or disable a privilege. 302*6777b538SAndroid Build Coastguard Worker // |name| the name of the privilege to change. 303*6777b538SAndroid Build Coastguard Worker // |enable| specify whether to enable or disable the privilege. 304*6777b538SAndroid Build Coastguard Worker // Returns the previous enable state of the privilege, or nullopt if failed. 305*6777b538SAndroid Build Coastguard Worker // The token must be opened with TOKEN_ADJUST_PRIVILEGES access. 306*6777b538SAndroid Build Coastguard Worker std::optional<bool> SetPrivilege(const std::wstring& name, bool enable); 307*6777b538SAndroid Build Coastguard Worker 308*6777b538SAndroid Build Coastguard Worker // Remove a privilege permanently from the token. 309*6777b538SAndroid Build Coastguard Worker // |name| the name of the privilege to remove. 310*6777b538SAndroid Build Coastguard Worker // Returns true if successfully removed the privilege. 311*6777b538SAndroid Build Coastguard Worker // The token must be opened with TOKEN_ADJUST_PRIVILEGES access. 312*6777b538SAndroid Build Coastguard Worker bool RemovePrivilege(const std::wstring& name); 313*6777b538SAndroid Build Coastguard Worker 314*6777b538SAndroid Build Coastguard Worker // Permanently remove all privileges from the token. 315*6777b538SAndroid Build Coastguard Worker // Returns true if the operation was successful. 316*6777b538SAndroid Build Coastguard Worker // The token must be opened with TOKEN_ADJUST_PRIVILEGES access. 317*6777b538SAndroid Build Coastguard Worker bool RemoveAllPrivileges(); 318*6777b538SAndroid Build Coastguard Worker 319*6777b538SAndroid Build Coastguard Worker // Indicates if the AccessToken object is valid. 320*6777b538SAndroid Build Coastguard Worker bool is_valid() const; 321*6777b538SAndroid Build Coastguard Worker 322*6777b538SAndroid Build Coastguard Worker // Get the underlying token handle. 323*6777b538SAndroid Build Coastguard Worker HANDLE get() const; 324*6777b538SAndroid Build Coastguard Worker 325*6777b538SAndroid Build Coastguard Worker // Take ownership of the underlying token handle. Once released no other 326*6777b538SAndroid Build Coastguard Worker // methods on this object should be called. 327*6777b538SAndroid Build Coastguard Worker ScopedHandle release(); 328*6777b538SAndroid Build Coastguard Worker 329*6777b538SAndroid Build Coastguard Worker private: 330*6777b538SAndroid Build Coastguard Worker explicit AccessToken(HANDLE token); 331*6777b538SAndroid Build Coastguard Worker ScopedHandle token_; 332*6777b538SAndroid Build Coastguard Worker }; 333*6777b538SAndroid Build Coastguard Worker 334*6777b538SAndroid Build Coastguard Worker } // namespace base::win 335*6777b538SAndroid Build Coastguard Worker 336*6777b538SAndroid Build Coastguard Worker #endif // BASE_WIN_ACCESS_TOKEN_H_ 337