| Index: sandbox/win/src/restricted_token.h
|
| diff --git a/sandbox/win/src/restricted_token.h b/sandbox/win/src/restricted_token.h
|
| index d302f86da6b190a86ac43ac992ecc4160941333d..584cd3ad6dbb65123a2985574cabba63cd7721eb 100644
|
| --- a/sandbox/win/src/restricted_token.h
|
| +++ b/sandbox/win/src/restricted_token.h
|
| @@ -168,6 +168,10 @@ class RestrictedToken {
|
| // level cannot be higher than your current integrity level.
|
| DWORD SetIntegrityLevel(IntegrityLevel integrity_level);
|
|
|
| + // Set a flag which indicates the created token should have a locked down
|
| + // default DACL when created.
|
| + void SetLockdownDefaultDacl();
|
| +
|
| private:
|
| // The list of restricting sids in the restricted token.
|
| std::vector<Sid> sids_to_restrict_;
|
| @@ -181,6 +185,8 @@ class RestrictedToken {
|
| IntegrityLevel integrity_level_;
|
| // Tells if the object is initialized or not (if Init() has been called)
|
| bool init_;
|
| + // Lockdown the default DACL when creating new tokens.
|
| + bool lockdown_default_dacl_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(RestrictedToken);
|
| };
|
|
|