Move Windows Sandbox, trybots version (don't commit me!)

sandbox/src/restricted_token_utils.h

-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
-#define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
-
-#include <accctrl.h>
-#include <windows.h>
-
-#include "sandbox/src/restricted_token.h"
-#include "sandbox/src/security_level.h"
-
-// Contains the utility functions to be able to create restricted tokens based
-// on a security profiles.
-
-namespace sandbox {
-
-// The type of the token returned by the CreateNakedToken.
-enum TokenType {
-  IMPERSONATION = 0,
-  PRIMARY
-};
-
-// Creates a restricted token based on the effective token of the current
-// process. The parameter security_level determines how much the token is
-// restricted. The token_type determines if the token will be used as a primary
-// token or impersonation token. The integrity level of the token is set to
-// |integrity level| on Vista only.
-// token_handle is the output value containing the handle of the
-// newly created restricted token.
-// If the function succeeds, the return value is ERROR_SUCCESS. If the
-// function fails, the return value is the win32 error code corresponding to
-// the error.
-DWORD CreateRestrictedToken(HANDLE *token_handle,
-                            TokenLevel security_level,
-                            IntegrityLevel integrity_level,
-                            TokenType token_type);
-
-// Starts the process described by the input parameter command_line in a job
-// with a restricted token. Also set the main thread of this newly created
-// process to impersonate a user with more rights so it can initialize
-// correctly.
-//
-// Parameters: primary_level is the security level of the primary token.
-// impersonation_level is the security level of the impersonation token used
-// to initialize the process. job_level is the security level of the job
-// object used to encapsulate the process.
-//
-// The output parameter job_handle is the handle to the job object. It has
-// to be closed with CloseHandle() when not needed. Closing this handle will
-// kill the process started.
-//
-// Note: The process started with this function has to call RevertToSelf() as
-// soon as possible to stop using the impersonation token and start being
-// secure.
-//
-// Note: The Unicode version of this function will fail if the command_line
-// parameter is a const string.
-DWORD StartRestrictedProcessInJob(wchar_t *command_line,
-                                  TokenLevel primary_level,
-                                  TokenLevel impersonation_level,
-                                  JobLevel job_level,
-                                  HANDLE *job_handle);
-
-// Sets the integrity label on a object handle.
-DWORD SetObjectIntegrityLabel(HANDLE handle, SE_OBJECT_TYPE type,
-                              const wchar_t* ace_access,
-                              const wchar_t* integrity_level_sid);
-
-// Sets the integrity level on a token. This is only valid on Vista. It returns
-// without failing on XP. If the integrity level that you specify is greater
-// than the current integrity level, the function will fail.
-DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level);
-
-// Sets the integrity level on the current process on Vista. It returns without
-// failing on XP. If the integrity level that you specify is greater than the
-// current integrity level, the function will fail.
-DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level);
-
-}  // namespace sandbox
-
-#endif  // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__