chrome/installer/util/legacy_firewall_manager_win.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/installer/util/legacy_firewall_manager_win.h"

#include "base/logging.h"
#include "base/strings/stringprintf.h"
#include "base/win/scoped_bstr.h"

namespace installer {

LegacyFirewallManager::LegacyFirewallManager() {}

LegacyFirewallManager::~LegacyFirewallManager() {}

bool LegacyFirewallManager::Init(const base::string16& app_name,
                                 const base::FilePath& app_path) {
  base::win::ScopedComPtr<INetFwMgr> firewall_manager;
  HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr);
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    return false;
  }

  base::win::ScopedComPtr<INetFwPolicy> firewall_policy;
  hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive());
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    return false;
  }

  hr = firewall_policy->get_CurrentProfile(current_profile_.Receive());
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    current_profile_ = NULL;
    return false;
  }

  app_name_ = app_name;
  app_path_ = app_path;
  return true;
}

bool LegacyFirewallManager::IsFirewallEnabled() {
  VARIANT_BOOL is_enabled = VARIANT_TRUE;
  HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled);
  return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE;
}

bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) {
  // Otherwise, check to see if there is a rule either allowing or disallowing
  // this chrome.exe.
  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
      GetAuthorizedApplications());
  if (!authorized_apps.get())
    return false;

  base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
  HRESULT hr = authorized_apps->Item(
      base::win::ScopedBstr(app_path_.value().c_str()),
      chrome_application.Receive());
  if (FAILED(hr))
    return false;
  VARIANT_BOOL is_enabled = VARIANT_FALSE;
  hr = chrome_application->get_Enabled(&is_enabled);
  if (FAILED(hr))
    return false;
  if (value)
    *value = (is_enabled == VARIANT_TRUE);
  return true;
}

// The SharedAccess service must be running.
bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) {
  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
      GetAuthorizedApplications());
  if (!authorized_apps.get())
    return false;

  // Authorize chrome.
  base::win::ScopedComPtr<INetFwAuthorizedApplication> authorization =
      CreateChromeAuthorization(allow);
  if (!authorization.get())
    return false;
  HRESULT hr = authorized_apps->Add(authorization);
  DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr);
  return SUCCEEDED(hr);
}

void LegacyFirewallManager::DeleteRule() {
  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
      GetAuthorizedApplications());
  if (!authorized_apps.get())
    return;
  authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str()));
}

base::win::ScopedComPtr<INetFwAuthorizedApplications>
LegacyFirewallManager::GetAuthorizedApplications() {
  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps;
  HRESULT hr =
      current_profile_->get_AuthorizedApplications(authorized_apps.Receive());
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    return base::win::ScopedComPtr<INetFwAuthorizedApplications>();
  }

  return authorized_apps;
}

base::win::ScopedComPtr<INetFwAuthorizedApplication>
LegacyFirewallManager::CreateChromeAuthorization(bool allow) {
  base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;

  HRESULT hr =
      chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication);
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    return base::win::ScopedComPtr<INetFwAuthorizedApplication>();
  }

  chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str()));
  chrome_application->put_ProcessImageFileName(
      base::win::ScopedBstr(app_path_.value().c_str()));
  // IpVersion defaults to NET_FW_IP_VERSION_ANY.
  // Scope defaults to NET_FW_SCOPE_ALL.
  // RemoteAddresses defaults to "*".
  chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE);

  return chrome_application;
}

}  // namespace installer