Creates a way to launch the utility process with elevated privileges on Windows systems for the rare operations that require administrator access.

IPCs to the utility process will be filtered when it is running elevated.

BUG=331881

Review URL: https://codereview.chromium.org/98603007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@250409 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 46 insertions, 0 deletions

diff --git a/base/process/launch.h b/base/process/launch.h
index e11d1c0..c25a9be 100644
--- a/base/process/launch.h
+++ b/base/process/launch.h
@@ -159,6 +159,16 @@ BASE_EXPORT bool LaunchProcess(const string16& cmdline,
                                const LaunchOptions& options,
                                win::ScopedHandle* process_handle);
 
+// Launches a process with elevated privileges.  This does not behave exactly
+// like LaunchProcess as it uses ShellExecuteEx instead of CreateProcess to
+// create the process.  This means the process will have elevated privileges
+// and thus some common operations like OpenProcess will fail. The process will
+// be available through the |process_handle| argument.  Currently the only
+// supported LaunchOptions are |start_hidden| and |wait|.
+BASE_EXPORT bool LaunchElevatedProcess(const CommandLine& cmdline,
+                                       const LaunchOptions& options,
+                                       ProcessHandle* process_handle);
+
 #elif defined(OS_POSIX)
 // A POSIX-specific version of LaunchProcess that takes an argv array
 // instead of a CommandLine.  Useful for situations where you need to
diff --git a/base/process/launch_win.cc b/base/process/launch_win.cc
index 0c831cf..de05255 100644
--- a/base/process/launch_win.cc
+++ b/base/process/launch_win.cc
@@ -6,6 +6,7 @@
 
 #include <fcntl.h>
 #include <io.h>
+#include <shellapi.h>
 #include <windows.h>
 #include <userenv.h>
 #include <psapi.h>
@@ -239,6 +240,41 @@ bool LaunchProcess(const CommandLine& cmdline,
   return rv;
 }
 
+bool LaunchElevatedProcess(const CommandLine& cmdline,
+                           const LaunchOptions& options,
+                           ProcessHandle* process_handle) {
+  const string16 file = cmdline.GetProgram().value();
+  const string16 arguments = cmdline.GetArgumentsString();
+
+  SHELLEXECUTEINFO shex_info = {0};
+  shex_info.cbSize = sizeof(shex_info);
+  shex_info.fMask = SEE_MASK_NOCLOSEPROCESS;
+  shex_info.hwnd = GetActiveWindow();
+  shex_info.lpVerb = L"runas";
+  shex_info.lpFile = file.c_str();
+  shex_info.lpParameters = arguments.c_str();
+  shex_info.lpDirectory = NULL;
+  shex_info.nShow = options.start_hidden ? SW_HIDE : SW_SHOW;
+  shex_info.hInstApp = NULL;
+
+  if (!ShellExecuteEx(&shex_info)) {
+    DPLOG(ERROR);
+    return false;
+  }
+
+  if (options.wait)
+    WaitForSingleObject(shex_info.hProcess, INFINITE);
+
+  // If the caller wants the process handle give it to them, otherwise just
+  // close it.  Closing it does not terminate the process.
+  if (process_handle)
+    *process_handle = shex_info.hProcess;
+  else
+    CloseHandle(shex_info.hProcess);
+
+  return true;
+}
+
 bool SetJobObjectLimitFlags(HANDLE job_object, DWORD limit_flags) {
   JOBOBJECT_EXTENDED_LIMIT_INFORMATION limit_info = {0};
   limit_info.BasicLimitInformation.LimitFlags = limit_flags;