1*6777b538SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef BASE_WIN_SID_H_ 6*6777b538SAndroid Build Coastguard Worker #define BASE_WIN_SID_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <optional> 9*6777b538SAndroid Build Coastguard Worker #include <string> 10*6777b538SAndroid Build Coastguard Worker #include <vector> 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker #include "base/base_export.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/win/windows_types.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace base::win { 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker // Known capabilities defined in Windows 8. 18*6777b538SAndroid Build Coastguard Worker enum class WellKnownCapability { 19*6777b538SAndroid Build Coastguard Worker kInternetClient, 20*6777b538SAndroid Build Coastguard Worker kInternetClientServer, 21*6777b538SAndroid Build Coastguard Worker kPrivateNetworkClientServer, 22*6777b538SAndroid Build Coastguard Worker kPicturesLibrary, 23*6777b538SAndroid Build Coastguard Worker kVideosLibrary, 24*6777b538SAndroid Build Coastguard Worker kMusicLibrary, 25*6777b538SAndroid Build Coastguard Worker kDocumentsLibrary, 26*6777b538SAndroid Build Coastguard Worker kEnterpriseAuthentication, 27*6777b538SAndroid Build Coastguard Worker kSharedUserCertificates, 28*6777b538SAndroid Build Coastguard Worker kRemovableStorage, 29*6777b538SAndroid Build Coastguard Worker kAppointments, 30*6777b538SAndroid Build Coastguard Worker kContacts 31*6777b538SAndroid Build Coastguard Worker }; 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker // A subset of well known SIDs to create. 34*6777b538SAndroid Build Coastguard Worker enum class WellKnownSid { 35*6777b538SAndroid Build Coastguard Worker kNull, 36*6777b538SAndroid Build Coastguard Worker kWorld, 37*6777b538SAndroid Build Coastguard Worker kCreatorOwner, 38*6777b538SAndroid Build Coastguard Worker kNetwork, 39*6777b538SAndroid Build Coastguard Worker kBatch, 40*6777b538SAndroid Build Coastguard Worker kInteractive, 41*6777b538SAndroid Build Coastguard Worker kService, 42*6777b538SAndroid Build Coastguard Worker kAnonymous, 43*6777b538SAndroid Build Coastguard Worker kSelf, 44*6777b538SAndroid Build Coastguard Worker kAuthenticatedUser, 45*6777b538SAndroid Build Coastguard Worker kRestricted, 46*6777b538SAndroid Build Coastguard Worker kLocalSystem, 47*6777b538SAndroid Build Coastguard Worker kLocalService, 48*6777b538SAndroid Build Coastguard Worker kNetworkService, 49*6777b538SAndroid Build Coastguard Worker kBuiltinAdministrators, 50*6777b538SAndroid Build Coastguard Worker kBuiltinUsers, 51*6777b538SAndroid Build Coastguard Worker kBuiltinGuests, 52*6777b538SAndroid Build Coastguard Worker kUntrustedLabel, 53*6777b538SAndroid Build Coastguard Worker kLowLabel, 54*6777b538SAndroid Build Coastguard Worker kMediumLabel, 55*6777b538SAndroid Build Coastguard Worker kHighLabel, 56*6777b538SAndroid Build Coastguard Worker kSystemLabel, 57*6777b538SAndroid Build Coastguard Worker kWriteRestricted, 58*6777b538SAndroid Build Coastguard Worker kCreatorOwnerRights, 59*6777b538SAndroid Build Coastguard Worker kAllApplicationPackages, 60*6777b538SAndroid Build Coastguard Worker kAllRestrictedApplicationPackages 61*6777b538SAndroid Build Coastguard Worker }; 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker // This class is used to hold and generate SIDs. 64*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT Sid { 65*6777b538SAndroid Build Coastguard Worker public: 66*6777b538SAndroid Build Coastguard Worker // Create a Sid from an AppContainer capability name. The name can be 67*6777b538SAndroid Build Coastguard Worker // completely arbitrary. 68*6777b538SAndroid Build Coastguard Worker static Sid FromNamedCapability(const std::wstring& capability_name); 69*6777b538SAndroid Build Coastguard Worker 70*6777b538SAndroid Build Coastguard Worker // Create a Sid from a known capability enumeration value. The Sids 71*6777b538SAndroid Build Coastguard Worker // match with the list defined in Windows 8. 72*6777b538SAndroid Build Coastguard Worker static Sid FromKnownCapability(WellKnownCapability capability); 73*6777b538SAndroid Build Coastguard Worker 74*6777b538SAndroid Build Coastguard Worker // Create a SID from a well-known type. 75*6777b538SAndroid Build Coastguard Worker static Sid FromKnownSid(WellKnownSid type); 76*6777b538SAndroid Build Coastguard Worker 77*6777b538SAndroid Build Coastguard Worker // Create a Sid from a SDDL format string, such as S-1-1-0. 78*6777b538SAndroid Build Coastguard Worker static std::optional<Sid> FromSddlString(const std::wstring& sddl_sid); 79*6777b538SAndroid Build Coastguard Worker 80*6777b538SAndroid Build Coastguard Worker // Create a Sid from a PSID pointer. 81*6777b538SAndroid Build Coastguard Worker static std::optional<Sid> FromPSID(const PSID sid); 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker // Generate a random SID value. 84*6777b538SAndroid Build Coastguard Worker static Sid GenerateRandomSid(); 85*6777b538SAndroid Build Coastguard Worker 86*6777b538SAndroid Build Coastguard Worker // Create a SID for an integrity level RID. 87*6777b538SAndroid Build Coastguard Worker static Sid FromIntegrityLevel(DWORD integrity_level); 88*6777b538SAndroid Build Coastguard Worker 89*6777b538SAndroid Build Coastguard Worker // Create a vector of SIDs from a vector of SDDL format strings. 90*6777b538SAndroid Build Coastguard Worker static std::optional<std::vector<Sid>> FromSddlStringVector( 91*6777b538SAndroid Build Coastguard Worker const std::vector<std::wstring>& sddl_sids); 92*6777b538SAndroid Build Coastguard Worker 93*6777b538SAndroid Build Coastguard Worker // Create a vector of SIDs from a vector of capability names. 94*6777b538SAndroid Build Coastguard Worker static std::vector<Sid> FromNamedCapabilityVector( 95*6777b538SAndroid Build Coastguard Worker const std::vector<std::wstring>& capability_names); 96*6777b538SAndroid Build Coastguard Worker 97*6777b538SAndroid Build Coastguard Worker // Create a vector of SIDs from a vector of well-known capability. 98*6777b538SAndroid Build Coastguard Worker static std::vector<Sid> FromKnownCapabilityVector( 99*6777b538SAndroid Build Coastguard Worker const std::vector<WellKnownCapability>& capabilities); 100*6777b538SAndroid Build Coastguard Worker 101*6777b538SAndroid Build Coastguard Worker // Create a vector of SIDs from a vector of well-known sids. 102*6777b538SAndroid Build Coastguard Worker static std::vector<Sid> FromKnownSidVector( 103*6777b538SAndroid Build Coastguard Worker const std::vector<WellKnownSid>& known_sids); 104*6777b538SAndroid Build Coastguard Worker 105*6777b538SAndroid Build Coastguard Worker // Create a known SID. 106*6777b538SAndroid Build Coastguard Worker explicit Sid(WellKnownSid known_sid); 107*6777b538SAndroid Build Coastguard Worker // Create a known capability SID. 108*6777b538SAndroid Build Coastguard Worker explicit Sid(WellKnownCapability known_capability); 109*6777b538SAndroid Build Coastguard Worker Sid(const Sid&) = delete; 110*6777b538SAndroid Build Coastguard Worker Sid& operator=(const Sid&) = delete; 111*6777b538SAndroid Build Coastguard Worker Sid(Sid&& sid); 112*6777b538SAndroid Build Coastguard Worker Sid& operator=(Sid&&); 113*6777b538SAndroid Build Coastguard Worker ~Sid(); 114*6777b538SAndroid Build Coastguard Worker 115*6777b538SAndroid Build Coastguard Worker // Returns sid as a PSID. This should only be used temporarily while the Sid 116*6777b538SAndroid Build Coastguard Worker // is still within scope. 117*6777b538SAndroid Build Coastguard Worker PSID GetPSID() const; 118*6777b538SAndroid Build Coastguard Worker 119*6777b538SAndroid Build Coastguard Worker // Converts the SID to a SDDL format string. 120*6777b538SAndroid Build Coastguard Worker std::optional<std::wstring> ToSddlString() const; 121*6777b538SAndroid Build Coastguard Worker 122*6777b538SAndroid Build Coastguard Worker // Make a clone of the current Sid object. 123*6777b538SAndroid Build Coastguard Worker Sid Clone() const; 124*6777b538SAndroid Build Coastguard Worker 125*6777b538SAndroid Build Coastguard Worker // Is this Sid equal to another raw PSID? 126*6777b538SAndroid Build Coastguard Worker bool Equal(PSID sid) const; 127*6777b538SAndroid Build Coastguard Worker 128*6777b538SAndroid Build Coastguard Worker // Is this Sid equal to another Sid? 129*6777b538SAndroid Build Coastguard Worker bool operator==(const Sid& sid) const; 130*6777b538SAndroid Build Coastguard Worker 131*6777b538SAndroid Build Coastguard Worker // Is this Sid not equal to another Sid? 132*6777b538SAndroid Build Coastguard Worker bool operator!=(const Sid& sid) const; 133*6777b538SAndroid Build Coastguard Worker 134*6777b538SAndroid Build Coastguard Worker private: 135*6777b538SAndroid Build Coastguard Worker Sid(const void* sid, size_t length); 136*6777b538SAndroid Build Coastguard Worker std::vector<char> sid_; 137*6777b538SAndroid Build Coastguard Worker }; 138*6777b538SAndroid Build Coastguard Worker 139*6777b538SAndroid Build Coastguard Worker } // namespace base::win 140*6777b538SAndroid Build Coastguard Worker 141*6777b538SAndroid Build Coastguard Worker #endif // BASE_WIN_SID_H_ 142