1 files changed, 52 insertions, 0 deletions

diff --git a/base/process_util_win.cc b/base/process_util_win.cc
index 428fe25..fb7bdb8 100644
--- a/base/process_util_win.cc
+++ b/base/process_util_win.cc
@@ -18,6 +18,7 @@
 #include "base/logging.h"
 #include "base/scoped_handle_win.h"
 #include "base/scoped_ptr.h"
+#include "base/win_util.h"
 
 // userenv.dll is required for CreateEnvironmentBlock().
 #pragma comment(lib, "userenv.lib")
@@ -139,6 +140,57 @@ ProcessId GetProcId(ProcessHandle process) {
   return 0;
 }
 
+bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) {
+  if (!level)
+    return false;
+
+  if (win_util::GetWinVersion() < win_util::WINVERSION_VISTA)
+    return false;
+
+  HANDLE process_token;
+  if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE,
+      &process_token))
+    return false;
+
+  ScopedHandle scoped_process_token(process_token);
+
+  DWORD token_info_length = 0;
+  if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
+                          &token_info_length) ||
+      GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+    return false;
+
+  scoped_array<char> token_label_bytes(new char[token_info_length]);
+  if (!token_label_bytes.get())
+    return false;
+
+  TOKEN_MANDATORY_LABEL* token_label =
+      reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
+  if (!token_label)
+    return false;
+
+  if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
+                           token_info_length, &token_info_length))
+    return false;
+
+  DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid,
+      (DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1));
+
+  if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) {
+    *level = LOW_INTEGRITY;
+  } else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
+      integrity_level < SECURITY_MANDATORY_HIGH_RID) {
+    *level = MEDIUM_INTEGRITY;
+  } else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) {
+    *level = HIGH_INTEGRITY;
+  } else {
+    NOTREACHED();
+    return false;
+  }
+
+  return true;
+}
+
 bool LaunchApp(const std::wstring& cmdline,
                bool wait, bool start_hidden, ProcessHandle* process_handle) {
   STARTUPINFO startup_info = {0};