shaka-packager/base/process/process_handle_win.cc

127 lines
3.6 KiB
C++
Raw Normal View History

// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/process/process_handle.h"
#include <windows.h>
#include "base/memory/scoped_ptr.h"
#include "base/win/scoped_handle.h"
#include "base/win/windows_version.h"
namespace base {
ProcessId GetCurrentProcId() {
return ::GetCurrentProcessId();
}
ProcessHandle GetCurrentProcessHandle() {
return ::GetCurrentProcess();
}
bool OpenProcessHandle(ProcessId pid, ProcessHandle* handle) {
// We try to limit privileges granted to the handle. If you need this
// for test code, consider using OpenPrivilegedProcessHandle instead of
// adding more privileges here.
ProcessHandle result = OpenProcess(PROCESS_TERMINATE |
PROCESS_QUERY_INFORMATION |
SYNCHRONIZE,
FALSE, pid);
if (result == NULL)
return false;
*handle = result;
return true;
}
bool OpenPrivilegedProcessHandle(ProcessId pid, ProcessHandle* handle) {
ProcessHandle result = OpenProcess(PROCESS_DUP_HANDLE |
PROCESS_TERMINATE |
PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ |
SYNCHRONIZE,
FALSE, pid);
if (result == NULL)
return false;
*handle = result;
return true;
}
bool OpenProcessHandleWithAccess(ProcessId pid,
uint32 access_flags,
ProcessHandle* handle) {
ProcessHandle result = OpenProcess(access_flags, FALSE, pid);
if (result == NULL)
return false;
*handle = result;
return true;
}
void CloseProcessHandle(ProcessHandle process) {
CloseHandle(process);
}
ProcessId GetProcId(ProcessHandle process) {
// This returns 0 if we have insufficient rights to query the process handle.
return GetProcessId(process);
}
bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) {
if (!level)
return false;
if (win::GetVersion() < base::win::VERSION_VISTA)
return false;
HANDLE process_token;
if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE,
&process_token))
return false;
win::ScopedHandle scoped_process_token(process_token);
DWORD token_info_length = 0;
if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
&token_info_length) ||
GetLastError() != ERROR_INSUFFICIENT_BUFFER)
return false;
scoped_ptr<char[]> token_label_bytes(new char[token_info_length]);
if (!token_label_bytes.get())
return false;
TOKEN_MANDATORY_LABEL* token_label =
reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
if (!token_label)
return false;
if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
token_info_length, &token_info_length))
return false;
DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1));
if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) {
*level = LOW_INTEGRITY;
} else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
integrity_level < SECURITY_MANDATORY_HIGH_RID) {
*level = MEDIUM_INTEGRITY;
} else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) {
*level = HIGH_INTEGRITY;
} else {
NOTREACHED();
return false;
}
return true;
}
} // namespace base