Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(502)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/installer/util/advanced_security_firewall_manager_win.cc

Issue 149023010: UDP firewall rules for Windows. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: more xp code Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/installer/util/advanced_security_firewall_manager_win.h ('k') | chrome/installer/util/firewall_manager.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/installer/util/advanced_security_firewall_manager_win.h"
6
7 #include "base/logging.h"
8 #include "base/strings/stringprintf.h"
9 #include "base/win/scoped_bstr.h"
10 #include "chrome/installer/util/browser_distribution.h"
11 #include "chrome/installer/util/install_util.h"
12 #include "chrome/installer/util/l10n_string_util.h"
13
14 #include "installer_util_strings.h" // NOLINT
15
16 namespace installer {
17
18 AdvancedSecurityFirewallManager::AdvancedSecurityFirewallManager() {}
19
20 AdvancedSecurityFirewallManager::~AdvancedSecurityFirewallManager() {}
21
22 bool AdvancedSecurityFirewallManager::Init(BrowserDistribution* dist,
23 const base::FilePath& chrome_path) {
24 HRESULT hr = firewall_policy_.CreateInstance(CLSID_NetFwPolicy2);
25 if (FAILED(hr)) {
26 DLOG(ERROR) << base::StringPrintf("0x%X", hr);
27 return false;
28 }
29 distribution_ = dist;
30 chrome_path_ = chrome_path;
31 return true;
32 }
33
34 bool AdvancedSecurityFirewallManager::AddUDPFirewallRuleIfAbsent() {
35 base::win::ScopedComPtr<INetFwRules> rules;
36 HRESULT hr = firewall_policy_->get_Rules(rules.Receive());
37 if (FAILED(hr)) {
38 DLOG(ERROR) << base::StringPrintf("0x%X", hr);
39 return false;
40 }
41
42 // First, check if the rule is already present. If so, there is no work to do.
43 base::win::ScopedComPtr<INetFwRule> udp_rule;
44 hr = rules->Item(base::win::ScopedBstr(GetUDPRuleName().c_str()),
45 udp_rule.Receive());
46 if (SUCCEEDED(hr))
47 return true;
48
49 // Create the rule and add it to the rule set (only succeeds if elevated).
50 udp_rule = CreateUDPRule();
51 if (udp_rule.get())
52 hr = rules->Add(udp_rule);
53
54 return SUCCEEDED(hr);
55 }
56
57 void AdvancedSecurityFirewallManager::DeleteUDPFirewallRule() {
58 base::win::ScopedComPtr<INetFwRules> rules;
59 HRESULT hr = firewall_policy_->get_Rules(rules.Receive());
60 if (FAILED(hr)) {
61 DLOG(ERROR) << base::StringPrintf("0x%X", hr);
62 return;
63 }
64
65 hr = rules->Remove(base::win::ScopedBstr(GetUDPRuleName().c_str()));
66 DLOG_IF(ERROR, FAILED(hr)) << base::StringPrintf("0x%X", hr);
67 }
68
69 bool AdvancedSecurityFirewallManager::CanUseLocalUDPPort() {
70 // Determine if the firewall is enabled for the currently active profiles. If
71 // it isn't, it is safe to use a local UDP port without user annoyance.
72 long current_profile_types = 0;
73 HRESULT hr = firewall_policy_->get_CurrentProfileTypes(
74 &current_profile_types);
75 if (SUCCEEDED(hr)) {
76 // The most-restrictive active profile takes precedence.
77 const NET_FW_PROFILE_TYPE2 kProfileTypes[] = {
78 NET_FW_PROFILE2_PUBLIC,
79 NET_FW_PROFILE2_PRIVATE,
80 NET_FW_PROFILE2_DOMAIN
81 };
82 bool has_enabled_profile = false;
83 for (size_t i = 0; !has_enabled_profile && i < arraysize(kProfileTypes);
84 ++i) {
85 if ((current_profile_types & kProfileTypes[i]) != 0) {
86 VARIANT_BOOL enabled = VARIANT_TRUE;
87 hr = firewall_policy_->get_FirewallEnabled(kProfileTypes[i], &enabled);
88 // Assume the firewall is enabled if we can't determine.
89 if (FAILED(hr) || enabled != VARIANT_FALSE)
90 has_enabled_profile = true;
91 }
92 }
93 if (!has_enabled_profile)
94 return true;
95 }
96
97 // See if the rule is in place for Chrome.
98 base::win::ScopedComPtr<INetFwRules> rules;
99 hr = firewall_policy_->get_Rules(rules.Receive());
100 if (FAILED(hr)) {
101 DLOG(ERROR) << base::StringPrintf("0x%X", hr);
102 return false;
103 }
104
105 base::win::ScopedComPtr<INetFwRule> udp_rule;
106 hr = rules->Item(base::win::ScopedBstr(GetUDPRuleName().c_str()),
107 udp_rule.Receive());
108 if (SUCCEEDED(hr))
109 return true;
110
111 return false;
112 }
113
114 base::string16 AdvancedSecurityFirewallManager::GetUDPRuleName() {
115 #if defined(GOOGLE_CHROME_BUILD)
116 if (InstallUtil::IsChromeSxSProcess())
117 return GetLocalizedString(IDS_INBOUND_UDP_RULE_NAME_SXS_BASE);
118 #endif
119 return GetLocalizedString(IDS_INBOUND_UDP_RULE_NAME_BASE);
120 }
121
122 base::string16 AdvancedSecurityFirewallManager::GetUDPRuleDescription() {
123 #if defined(GOOGLE_CHROME_BUILD)
124 if (InstallUtil::IsChromeSxSProcess())
125 return GetLocalizedString(IDS_INBOUND_UDP_RULE_DESCRIPTION_SXS_BASE);
126 #endif
127 return GetLocalizedString(IDS_INBOUND_UDP_RULE_DESCRIPTION_BASE);
128 }
129
130 base::win::ScopedComPtr<INetFwRule>
131 AdvancedSecurityFirewallManager::CreateUDPRule() {
132 base::win::ScopedComPtr<INetFwRule> udp_rule;
133
134 HRESULT hr = udp_rule.CreateInstance(CLSID_NetFwRule);
135 if (FAILED(hr)) {
136 DLOG(ERROR) << base::StringPrintf("0x%X", hr);
137 return base::win::ScopedComPtr<INetFwRule>();
138 }
139
140 const base::string16 display_name(distribution_->GetDisplayName());
141
142 // TODO(grt): http://crbug.com/75152 Use references to localized resources.
143 udp_rule->put_Name(base::win::ScopedBstr(GetUDPRuleName().c_str()));
144 udp_rule->put_Description(base::win::ScopedBstr(
145 GetUDPRuleDescription().c_str()));
146 udp_rule->put_ApplicationName(base::win::ScopedBstr(
147 chrome_path_.value().c_str()));
148 udp_rule->put_Protocol(NET_FW_IP_PROTOCOL_UDP);
149 udp_rule->put_Direction(NET_FW_RULE_DIR_IN);
150 udp_rule->put_Enabled(VARIANT_TRUE);
151 udp_rule->put_Grouping(base::win::ScopedBstr(display_name.c_str()));
152 udp_rule->put_Profiles(NET_FW_PROFILE2_ALL);
153 udp_rule->put_Action(NET_FW_ACTION_BLOCK);
154
155 return udp_rule;
156 }
157
158 } // namespace installer
OLDNEW
« no previous file with comments | « chrome/installer/util/advanced_security_firewall_manager_win.h ('k') | chrome/installer/util/firewall_manager.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698