// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef REMOTING_HOST_WIN_COM_SECURITY_H_
#define REMOTING_HOST_WIN_COM_SECURITY_H_
#include <string>
// Concatenates ACE type, permissions and sid given as SDDL strings into an ACE
// definition in SDDL form.
#define SDDL_ACE(type, permissions, sid) \
L"(" type L";;" permissions L";;;" sid L")"
// Text representation of COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL
// permission bits that is used in the SDDL definition below.
#define SDDL_COM_EXECUTE_LOCAL L"0x3"
namespace remoting {
// Initializes COM security of the process applying the passed security
// descriptor. The mandatory label is applied if mandatory integrity control is
// supported by the OS (i.e. on Vista and above). The function configures
// the following settings:
// - the server authenticates that all data received is from the expected
// client.
// - the server can impersonate clients to check their identity but cannot act
// on their behalf.
// - the caller's identity is verified on every call (Dynamic cloaking).
// - Unless |activate_as_activator| is true, activations where the server would
// run under this process's identity are prohibited.
bool InitializeComSecurity(const std::string& security_descriptor,
const std::string& mandatory_label,
bool activate_as_activator);
} // namespace remoting
#endif // REMOTING_HOST_WIN_COM_SECURITY_H_