Linux: add a Credentials class to handle Linux capabilities.

sandbox/linux/services/credentials.h

Index: sandbox/linux/services/credentials.h
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..3ea3cfc984ee1606ad4ac03041ee0d5a8f403d8e
--- /dev/null
+++ b/sandbox/linux/services/credentials.h
@@ -0,0 +1,46 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+
+#include "build/build_config.h"
+// Link errors are tedious to track, raise a compile-time error instead.
+#if defined(OS_ANDROID)
+#error "Android is not supported."
+#endif  // defined(OS_ANDROID).
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+
+namespace sandbox {
+
+// This class should be used to manipulate the current process' credentials.
+// It is currently a stub used to manipulate POSIX.1e capabilities as
+// implemented by the Linux kernel.
+class Credentials {
+ public:
+  Credentials();
+  ~Credentials();
+
+  // Drop all capabilities in the effective, inheritable and permitted sets for
+  // the current process.
+  void DropAllCapabilities();
+  // Return true iff there is any capability in any of the capabilities sets
+  // of the current process.
+  bool HasAnyCapability();
+  // Returns the capabilities of the current process in textual form, as
+  // documented in libcap2's cap_to_text(3). This is mostly useful for
+  // debugging and tests.
+  scoped_ptr<std::string> GetCurrentCapString();
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(Credentials);
+};
+
+}  // namespace sandbox.
+
+#endif  // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_