127 lines
3.6 KiB
C++
127 lines
3.6 KiB
C++
|
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style license that can be
|
||
|
// found in the LICENSE file.
|
||
|
|
||
|
#include "base/process/process_handle.h"
|
||
|
|
||
|
#include <windows.h>
|
||
|
|
||
|
#include "base/memory/scoped_ptr.h"
|
||
|
#include "base/win/scoped_handle.h"
|
||
|
#include "base/win/windows_version.h"
|
||
|
|
||
|
namespace base {
|
||
|
|
||
|
ProcessId GetCurrentProcId() {
|
||
|
return ::GetCurrentProcessId();
|
||
|
}
|
||
|
|
||
|
ProcessHandle GetCurrentProcessHandle() {
|
||
|
return ::GetCurrentProcess();
|
||
|
}
|
||
|
|
||
|
bool OpenProcessHandle(ProcessId pid, ProcessHandle* handle) {
|
||
|
// We try to limit privileges granted to the handle. If you need this
|
||
|
// for test code, consider using OpenPrivilegedProcessHandle instead of
|
||
|
// adding more privileges here.
|
||
|
ProcessHandle result = OpenProcess(PROCESS_TERMINATE |
|
||
|
PROCESS_QUERY_INFORMATION |
|
||
|
SYNCHRONIZE,
|
||
|
FALSE, pid);
|
||
|
|
||
|
if (result == NULL)
|
||
|
return false;
|
||
|
|
||
|
*handle = result;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
bool OpenPrivilegedProcessHandle(ProcessId pid, ProcessHandle* handle) {
|
||
|
ProcessHandle result = OpenProcess(PROCESS_DUP_HANDLE |
|
||
|
PROCESS_TERMINATE |
|
||
|
PROCESS_QUERY_INFORMATION |
|
||
|
PROCESS_VM_READ |
|
||
|
SYNCHRONIZE,
|
||
|
FALSE, pid);
|
||
|
|
||
|
if (result == NULL)
|
||
|
return false;
|
||
|
|
||
|
*handle = result;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
bool OpenProcessHandleWithAccess(ProcessId pid,
|
||
|
uint32 access_flags,
|
||
|
ProcessHandle* handle) {
|
||
|
ProcessHandle result = OpenProcess(access_flags, FALSE, pid);
|
||
|
|
||
|
if (result == NULL)
|
||
|
return false;
|
||
|
|
||
|
*handle = result;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
void CloseProcessHandle(ProcessHandle process) {
|
||
|
CloseHandle(process);
|
||
|
}
|
||
|
|
||
|
ProcessId GetProcId(ProcessHandle process) {
|
||
|
// This returns 0 if we have insufficient rights to query the process handle.
|
||
|
return GetProcessId(process);
|
||
|
}
|
||
|
|
||
|
bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) {
|
||
|
if (!level)
|
||
|
return false;
|
||
|
|
||
|
if (win::GetVersion() < base::win::VERSION_VISTA)
|
||
|
return false;
|
||
|
|
||
|
HANDLE process_token;
|
||
|
if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE,
|
||
|
&process_token))
|
||
|
return false;
|
||
|
|
||
|
win::ScopedHandle scoped_process_token(process_token);
|
||
|
|
||
|
DWORD token_info_length = 0;
|
||
|
if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
|
||
|
&token_info_length) ||
|
||
|
GetLastError() != ERROR_INSUFFICIENT_BUFFER)
|
||
|
return false;
|
||
|
|
||
|
scoped_ptr<char[]> token_label_bytes(new char[token_info_length]);
|
||
|
if (!token_label_bytes.get())
|
||
|
return false;
|
||
|
|
||
|
TOKEN_MANDATORY_LABEL* token_label =
|
||
|
reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
|
||
|
if (!token_label)
|
||
|
return false;
|
||
|
|
||
|
if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
|
||
|
token_info_length, &token_info_length))
|
||
|
return false;
|
||
|
|
||
|
DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid,
|
||
|
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1));
|
||
|
|
||
|
if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) {
|
||
|
*level = LOW_INTEGRITY;
|
||
|
} else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
|
||
|
integrity_level < SECURITY_MANDATORY_HIGH_RID) {
|
||
|
*level = MEDIUM_INTEGRITY;
|
||
|
} else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) {
|
||
|
*level = HIGH_INTEGRITY;
|
||
|
} else {
|
||
|
NOTREACHED();
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
} // namespace base
|