UDP firewall rules for Windows.

chrome/installer/util/legacy_firewall_manager_win.cc

Index: chrome/installer/util/legacy_firewall_manager_win.cc
diff --git a/chrome/installer/util/legacy_firewall_manager_win.cc b/chrome/installer/util/legacy_firewall_manager_win.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ed5e7d8215a9bdad0b2d7c3b321da35c5de3ceb9
--- /dev/null
+++ b/chrome/installer/util/legacy_firewall_manager_win.cc
@@ -0,0 +1,153 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/installer/util/legacy_firewall_manager_win.h"
+
+#include "base/logging.h"
+#include "base/strings/stringprintf.h"
+#include "base/win/scoped_bstr.h"
+#include "chrome/installer/util/browser_distribution.h"
+
+#include "installer_util_strings.h"  // NOLINT
+
+namespace installer {
+
+LegacyFirewallManager::LegacyFirewallManager() {}
+
+LegacyFirewallManager::~LegacyFirewallManager() {}
+
+bool LegacyFirewallManager::Init(BrowserDistribution* dist,
+                                 const base::FilePath& chrome_path) {
+  HRESULT hr = firewall_manager_.CreateInstance(CLSID_NetFwMgr);
+  if (FAILED(hr)) {
+    DLOG(ERROR) << base::StringPrintf("0x%X", hr);
+    return false;
+  }
+  distribution_ = dist;
+  chrome_path_ = chrome_path;
+  return true;
+}
+
+// The SharedAccess service must be running.
+bool LegacyFirewallManager::AddUDPFirewallRuleIfAbsent() {
+  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
+      GetAuthorizedApplications());
+  if (!authorized_apps.get())
+    return false;
+
+  // There is nothing to do if chrome is already authorized.
+  base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
+  HRESULT hr = authorized_apps->Item(
+      base::win::ScopedBstr(chrome_path_.value().c_str()),
+      chrome_application.Receive());
+  if (SUCCEEDED(hr))
+    return true;
+
+  // Authorize chrome.
+  chrome_application = CreateChromeAuthorization();
+  if (chrome_application.get()) {
+    hr = authorized_apps->Add(chrome_application);
+    DLOG_IF(ERROR, FAILED(hr)) << base::StringPrintf("0x%X", hr);
+  }
+
+  return SUCCEEDED(hr);
+}
+
+void LegacyFirewallManager::DeleteUDPFirewallRule() {
+  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
+      GetAuthorizedApplications());
+  if (!authorized_apps.get())
+    return;
+
+  HRESULT hr = authorized_apps->Remove(
+      base::win::ScopedBstr(chrome_path_.value().c_str()));
+  DLOG_IF(ERROR, FAILED(hr)) << base::StringPrintf("0x%X", hr);
+}
+
+bool LegacyFirewallManager::CanUseLocalUDPPort() {
+  // It's always safe to bind to a local port if the firewall is disabled.
+  base::win::ScopedComPtr<INetFwProfile> current_profile(GetCurrentProfile());
+  if (!current_profile.get())
+    return false;
+
+  VARIANT_BOOL is_enabled = VARIANT_TRUE;
+  HRESULT hr = current_profile->get_FirewallEnabled(&is_enabled);
+  if (SUCCEEDED(hr) && is_enabled == VARIANT_FALSE)
+    return true;
+
+  // Otherwise, check to see if there is a rule either allowing or disallowing
+  // this chrome.exe.
+  base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
+      GetAuthorizedApplications());
+  if (!authorized_apps.get())
+    return false;
+
+  base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
+  hr = authorized_apps->Item(
+      base::win::ScopedBstr(chrome_path_.value().c_str()),
+      chrome_application.Receive());
+  return SUCCEEDED(hr);
+}
+
+base::win::ScopedComPtr<INetFwProfile>
+LegacyFirewallManager::GetCurrentProfile() {
+  if (current_profile_.get())
+    return current_profile_;
+
+  base::win::ScopedComPtr<INetFwPolicy> firewall_policy;
+  HRESULT hr = firewall_manager_->get_LocalPolicy(firewall_policy.Receive());
+  if (FAILED(hr)) {
+    DLOG(ERROR) << base::StringPrintf("0x%X", hr);
+    return base::win::ScopedComPtr<INetFwProfile>();
+  }
+
+  hr = firewall_policy->get_CurrentProfile(current_profile_.Receive());
+  if (FAILED(hr)) {
+    DLOG(ERROR) << base::StringPrintf("0x%X", hr);
+    return base::win::ScopedComPtr<INetFwProfile>();
+  }
+
+  return current_profile_;
+}
+
+base::win::ScopedComPtr<INetFwAuthorizedApplications>
+LegacyFirewallManager::GetAuthorizedApplications() {
+  base::win::ScopedComPtr<INetFwProfile> current_profile(GetCurrentProfile());
+  if (!current_profile.get())
+    return base::win::ScopedComPtr<INetFwAuthorizedApplications>();
+
+  HRESULT hr = current_profile->get_AuthorizedApplications(
+      authorized_apps_.Receive());
+  if (FAILED(hr)) {
+    DLOG(ERROR) << base::StringPrintf("0x%X", hr);
+    return base::win::ScopedComPtr<INetFwAuthorizedApplications>();
+  }
+
+  return authorized_apps_;
+}
+
+base::win::ScopedComPtr<INetFwAuthorizedApplication>
+LegacyFirewallManager::CreateChromeAuthorization() {
+  base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
+
+  HRESULT hr =
+      chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication);
+  if (FAILED(hr)) {
+    DLOG(ERROR) << base::StringPrintf("0x%X", hr);
+    return base::win::ScopedComPtr<INetFwAuthorizedApplication>();
+  }
+
+  chrome_application->put_Name(
+      base::win::ScopedBstr(distribution_->GetDisplayName().c_str()));
+  chrome_application->put_ProcessImageFileName(
+      base::win::ScopedBstr(chrome_path_.value().c_str()));
+  // IpVersion defaults to NET_FW_IP_VERSION_ANY.
+  // Scope defaults to NET_FW_SCOPE_ALL.
+  // RemoteAddresses defaults to "*".
+  chrome_application->put_Enabled(VARIANT_FALSE);
+
+  return chrome_application;
+}
+
+}  // namespace installer