diff options
| -rw-r--r-- | base/process/process_handle.h | 17 | ||||
| -rw-r--r-- | base/process/process_handle_win.cc | 51 | ||||
| -rw-r--r-- | base/process/process_info.h | 25 | ||||
| -rw-r--r-- | base/process/process_info_win.cc | 56 | ||||
| -rw-r--r-- | chrome/installer/util/advanced_firewall_manager_win_unittest.cc | 6 | ||||
| -rw-r--r-- | chrome/installer/util/legacy_firewall_manager_win_unittest.cc | 6 | ||||
| -rw-r--r-- | cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc | 9 | ||||
| -rw-r--r-- | rlz/win/lib/process_info.cc | 15 | ||||
| -rw-r--r-- | rlz/win/lib/registry_util.cc | 13 | ||||
| -rw-r--r-- | win8/delegate_execute/command_execute_impl.cc | 4 | ||||
| -rw-r--r-- | win8/delegate_execute/command_execute_impl.h | 2 |
11 files changed, 98 insertions, 106 deletions
diff --git a/base/process/process_handle.h b/base/process/process_handle.h index 1556f03..77f2c58 100644 --- a/base/process/process_handle.h +++ b/base/process/process_handle.h @@ -40,27 +40,12 @@ BASE_EXPORT ProcessId GetCurrentProcId(); // Returns the ProcessHandle of the current process. BASE_EXPORT ProcessHandle GetCurrentProcessHandle(); - - // Returns the unique ID for the specified process. This is functionally the // same as Windows' GetProcessId(), but works on versions of Windows before // Win XP SP1 as well. +// DEPRECATED. New code should be using Process::Pid() instead. BASE_EXPORT ProcessId GetProcId(ProcessHandle process); -#if defined(OS_WIN) -enum IntegrityLevel { - INTEGRITY_UNKNOWN, - LOW_INTEGRITY, - MEDIUM_INTEGRITY, - HIGH_INTEGRITY, -}; -// Determine the integrity level of the specified process. Returns false -// if the system does not support integrity levels (pre-Vista) or in the case -// of an underlying system failure. -BASE_EXPORT bool GetProcessIntegrityLevel(ProcessHandle process, - IntegrityLevel* level); -#endif - #if defined(OS_POSIX) // Returns the path to the executable of the given process. BASE_EXPORT FilePath GetProcessExecutablePath(ProcessHandle process); diff --git a/base/process/process_handle_win.cc b/base/process/process_handle_win.cc index 656954d..f2ffff8 100644 --- a/base/process/process_handle_win.cc +++ b/base/process/process_handle_win.cc @@ -25,55 +25,4 @@ ProcessId GetProcId(ProcessHandle process) { return GetProcessId(process); } -bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) { - if (!level) - return false; - - if (win::GetVersion() < base::win::VERSION_VISTA) - return false; - - HANDLE process_token; - if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE, - &process_token)) - return false; - - win::ScopedHandle scoped_process_token(process_token); - - DWORD token_info_length = 0; - if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0, - &token_info_length) || - GetLastError() != ERROR_INSUFFICIENT_BUFFER) - return false; - - scoped_ptr<char[]> token_label_bytes(new char[token_info_length]); - if (!token_label_bytes.get()) - return false; - - TOKEN_MANDATORY_LABEL* token_label = - reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get()); - if (!token_label) - return false; - - if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label, - token_info_length, &token_info_length)) - return false; - - DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid, - (DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1)); - - if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) { - *level = LOW_INTEGRITY; - } else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID && - integrity_level < SECURITY_MANDATORY_HIGH_RID) { - *level = MEDIUM_INTEGRITY; - } else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) { - *level = HIGH_INTEGRITY; - } else { - NOTREACHED(); - return false; - } - - return true; -} - } // namespace base diff --git a/base/process/process_info.h b/base/process/process_info.h index e9e7b4e..85f204d 100644 --- a/base/process/process_info.h +++ b/base/process/process_info.h @@ -2,11 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef BASE_PROCESS_PROCESS_PROCESS_INFO_H_ -#define BASE_PROCESS_PROCESS_PROCESS_INFO_H_ +#ifndef BASE_PROCESS_PROCESS_INFO_H_ +#define BASE_PROCESS_PROCESS_INFO_H_ #include "base/base_export.h" #include "base/basictypes.h" +#include "build/build_config.h" namespace base { @@ -20,6 +21,24 @@ class BASE_EXPORT CurrentProcessInfo { static const Time CreationTime(); }; +#if defined(OS_WIN) + +enum IntegrityLevel { + INTEGRITY_UNKNOWN, + LOW_INTEGRITY, + MEDIUM_INTEGRITY, + HIGH_INTEGRITY, +}; + +// Returns the integrity level of the process. Returns INTEGRITY_UNKNOWN if the +// system does not support integrity levels (pre-Vista) or in the case of an +// underlying system failure. +BASE_EXPORT IntegrityLevel GetCurrentProcessIntegrityLevel(); + +#endif // defined(OS_WIN) + + + } // namespace base -#endif // BASE_PROCESS_PROCESS_PROCESS_INFO_H_ +#endif // BASE_PROCESS_PROCESS_INFO_H_ diff --git a/base/process/process_info_win.cc b/base/process/process_info_win.cc index b930ae6..2b9c406 100644 --- a/base/process/process_info_win.cc +++ b/base/process/process_info_win.cc @@ -7,11 +7,14 @@ #include <windows.h> #include "base/basictypes.h" +#include "base/memory/scoped_ptr.h" #include "base/time/time.h" +#include "base/win/scoped_handle.h" +#include "base/win/windows_version.h" namespace base { -//static +// static const Time CurrentProcessInfo::CreationTime() { FILETIME creation_time = {}; FILETIME ignore = {}; @@ -22,4 +25,55 @@ const Time CurrentProcessInfo::CreationTime() { return Time::FromFileTime(creation_time); } +IntegrityLevel GetCurrentProcessIntegrityLevel() { + if (win::GetVersion() < base::win::VERSION_VISTA) + return INTEGRITY_UNKNOWN; + + HANDLE process_token; + if (!::OpenProcessToken(::GetCurrentProcess(), + TOKEN_QUERY | TOKEN_QUERY_SOURCE, &process_token)) { + return INTEGRITY_UNKNOWN; + } + win::ScopedHandle scoped_process_token(process_token); + + DWORD token_info_length = 0; + if (::GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0, + &token_info_length) || + ::GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + return INTEGRITY_UNKNOWN; + } + + scoped_ptr<char[]> token_label_bytes(new char[token_info_length]); + if (!token_label_bytes.get()) + return INTEGRITY_UNKNOWN; + + TOKEN_MANDATORY_LABEL* token_label = + reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get()); + if (!token_label) + return INTEGRITY_UNKNOWN; + + if (!::GetTokenInformation(process_token, TokenIntegrityLevel, token_label, + token_info_length, &token_info_length)) { + return INTEGRITY_UNKNOWN; + } + + DWORD integrity_level = *::GetSidSubAuthority( + token_label->Label.Sid, + static_cast<DWORD>(*::GetSidSubAuthorityCount(token_label->Label.Sid)-1)); + + if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) + return LOW_INTEGRITY; + + if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID && + integrity_level < SECURITY_MANDATORY_HIGH_RID) { + return MEDIUM_INTEGRITY; + } + + if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) + return HIGH_INTEGRITY; + + NOTREACHED(); + return INTEGRITY_UNKNOWN; +} + } // namespace base diff --git a/chrome/installer/util/advanced_firewall_manager_win_unittest.cc b/chrome/installer/util/advanced_firewall_manager_win_unittest.cc index dc67e51..5920ea2 100644 --- a/chrome/installer/util/advanced_firewall_manager_win_unittest.cc +++ b/chrome/installer/util/advanced_firewall_manager_win_unittest.cc @@ -5,7 +5,7 @@ #include "chrome/installer/util/advanced_firewall_manager_win.h" #include "base/path_service.h" -#include "base/process/process_handle.h" +#include "base/process/process_info.h" #include "base/win/scoped_bstr.h" #include "testing/gtest/include/gtest/gtest.h" @@ -18,9 +18,7 @@ class AdvancedFirewallManagerTest : public ::testing::Test { protected: // Sets up the test fixture. virtual void SetUp() override { - base::IntegrityLevel level = base::INTEGRITY_UNKNOWN; - if (!GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level) || - level != base::HIGH_INTEGRITY) { + if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY) { LOG(WARNING) << "XP or not elevated. Skipping the test."; return; }; diff --git a/chrome/installer/util/legacy_firewall_manager_win_unittest.cc b/chrome/installer/util/legacy_firewall_manager_win_unittest.cc index 26df3b8..5fd4638 100644 --- a/chrome/installer/util/legacy_firewall_manager_win_unittest.cc +++ b/chrome/installer/util/legacy_firewall_manager_win_unittest.cc @@ -5,7 +5,7 @@ #include "chrome/installer/util/legacy_firewall_manager_win.h" #include "base/path_service.h" -#include "base/process/process_handle.h" +#include "base/process/process_info.h" #include "testing/gtest/include/gtest/gtest.h" namespace installer { @@ -17,9 +17,7 @@ class LegacyFirewallManagerTest : public ::testing::Test { protected: // Sets up the test fixture. virtual void SetUp() override { - base::IntegrityLevel level = base::INTEGRITY_UNKNOWN; - if (GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level) && - level != base::HIGH_INTEGRITY) { + if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY) { LOG(WARNING) << "Not elevated. Skipping the test."; return; }; diff --git a/cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc b/cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc index b5bb451..d2d1119 100644 --- a/cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc +++ b/cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc @@ -16,7 +16,7 @@ #include "base/command_line.h" #include "base/files/file_util.h" #include "base/logging.h" -#include "base/process/process.h" +#include "base/process/process_info.h" #include "base/strings/string16.h" #include "base/win/registry.h" #include "base/win/scoped_handle.h" @@ -55,13 +55,8 @@ bool CanRegister() { return false; } if (base::win::GetVersion() >= base::win::VERSION_VISTA) { - base::IntegrityLevel level = base::INTEGRITY_UNKNOWN; - if (!GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level)) { + if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY) return false; - } - if (level != base::HIGH_INTEGRITY) { - return false; - } } return true; } diff --git a/rlz/win/lib/process_info.cc b/rlz/win/lib/process_info.cc index 4b83f38..8fc5565 100644 --- a/rlz/win/lib/process_info.cc +++ b/rlz/win/lib/process_info.cc @@ -9,7 +9,7 @@ #include <windows.h> #include "base/memory/scoped_ptr.h" -#include "base/process/process_handle.h" +#include "base/process/process_info.h" #include "base/strings/string16.h" #include "base/win/scoped_handle.h" #include "base/win/win_util.h" @@ -100,12 +100,13 @@ bool ProcessInfo::HasAdminRights() { has_rights = true; } else if (base::win::GetVersion() >= base::win::VERSION_VISTA) { TOKEN_ELEVATION_TYPE elevation; - base::IntegrityLevel level; - - if (SUCCEEDED(GetElevationType(&elevation)) && - base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level)) - has_rights = (elevation == TokenElevationTypeFull) || - (level == base::HIGH_INTEGRITY); + if (SUCCEEDED(GetElevationType(&elevation))) { + base::IntegrityLevel level = base::GetCurrentProcessIntegrityLevel(); + if (level != base::INTEGRITY_UNKNOWN) { + has_rights = (elevation == TokenElevationTypeFull) || + (level == base::HIGH_INTEGRITY); + } + } } else { long group = 0; if (GetUserGroup(&group)) diff --git a/rlz/win/lib/registry_util.cc b/rlz/win/lib/registry_util.cc index 61197d2..8fba7dd 100644 --- a/rlz/win/lib/registry_util.cc +++ b/rlz/win/lib/registry_util.cc @@ -7,7 +7,7 @@ #include "rlz/win/lib/registry_util.h" -#include "base/process/process_handle.h" +#include "base/process/process_info.h" #include "base/strings/utf_string_conversions.h" #include "base/win/registry.h" #include "base/win/windows_version.h" @@ -58,15 +58,10 @@ bool HasUserKeyAccess(bool write_access) { } if (write_access) { - if (base::win::GetVersion() < base::win::VERSION_VISTA) return true; - base::ProcessHandle process_handle = base::GetCurrentProcessHandle(); - base::IntegrityLevel level = base::INTEGRITY_UNKNOWN; + if (base::win::GetVersion() < base::win::VERSION_VISTA) + return true; - if (!base::GetProcessIntegrityLevel(process_handle, &level)) { - ASSERT_STRING("UserKey::HasAccess: Cannot determine Integrity Level."); - return false; - } - if (level <= base::LOW_INTEGRITY) { + if (base::GetCurrentProcessIntegrityLevel() <= base::LOW_INTEGRITY) { ASSERT_STRING("UserKey::HasAccess: Cannot write from Low Integrity."); return false; } diff --git a/win8/delegate_execute/command_execute_impl.cc b/win8/delegate_execute/command_execute_impl.cc index d50037d..4b6636b 100644 --- a/win8/delegate_execute/command_execute_impl.cc +++ b/win8/delegate_execute/command_execute_impl.cc @@ -12,7 +12,6 @@ #include "base/files/file_util.h" #include "base/path_service.h" #include "base/process/launch.h" -#include "base/process/process_handle.h" #include "base/strings/utf_string_conversions.h" #include "base/win/message_window.h" #include "base/win/registry.h" @@ -287,8 +286,7 @@ STDMETHODIMP CommandExecuteImpl::Initialize(LPCWSTR name, verb_ = name; } - base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), - &integrity_level_); + integrity_level_ = base::GetCurrentProcessIntegrityLevel(); return S_OK; } diff --git a/win8/delegate_execute/command_execute_impl.h b/win8/delegate_execute/command_execute_impl.h index f45bcc9..d2486d4 100644 --- a/win8/delegate_execute/command_execute_impl.h +++ b/win8/delegate_execute/command_execute_impl.h @@ -12,7 +12,7 @@ #include "base/command_line.h" #include "base/files/file_path.h" -#include "base/process/process_handle.h" +#include "base/process/process_info.h" #include "win8/delegate_execute/resource.h" // main symbols EXTERN_C const GUID CLSID_CommandExecuteImpl; |