Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(446)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/vistautil.h

Issue 624713003: Keep only base/extractor.[cc|h]. (Closed) Base URL: https://chromium.googlesource.com/external/omaha.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « base/vista_utils_unittest.cc ('k') | base/vistautil.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2006-2010 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 // ========================================================================
15
16 #ifndef OMAHA_BASE_VISTAUTIL_H_
17 #define OMAHA_BASE_VISTAUTIL_H_
18
19 #include <windows.h>
20 #include <tchar.h>
21 #include <accctrl.h>
22 #include <Aclapi.h>
23 #include <Sddl.h>
24 #include <WinNT.h>
25 #include <atlsecurity.h>
26
27 namespace omaha {
28
29 // SACLs are normally used for auditing, but Vista also uses them to
30 // determine integrity levels.
31 // For more info, http://www.google.com/search?q=SDDL+for+Mandatory+Labels
32 // S = SACL
33 // ML = Mandatory label (aka integrity level)
34 // NW = No write up (integrity levels less than low cannot gain access)
35 // LW = Low Integrity Level (What IE normally runs in)
36
37 // The LABEL_SECURITY_INFORMATION SDDL SACL for medium integrity.
38 // L"S:(ML;;NW;;;ME)"
39 #define MEDIUM_INTEGRITY_SDDL_SACL SDDL_SACL \
40 SDDL_DELIMINATOR \
41 SDDL_ACE_BEGIN \
42 SDDL_MANDATORY_LABEL \
43 SDDL_SEPERATOR \
44 SDDL_SEPERATOR \
45 SDDL_NO_WRITE_UP \
46 SDDL_SEPERATOR \
47 SDDL_SEPERATOR \
48 SDDL_SEPERATOR \
49 SDDL_ML_MEDIUM \
50 SDDL_ACE_END
51
52 // The LABEL_SECURITY_INFORMATION SDDL SACL for low integrity.
53 // L"S:(ML;;NW;;;LW)"
54 #define LOW_INTEGRITY_SDDL_SACL SDDL_SACL \
55 SDDL_DELIMINATOR \
56 SDDL_ACE_BEGIN \
57 SDDL_MANDATORY_LABEL \
58 SDDL_SEPERATOR \
59 SDDL_SEPERATOR \
60 SDDL_NO_WRITE_UP \
61 SDDL_SEPERATOR \
62 SDDL_SEPERATOR \
63 SDDL_SEPERATOR \
64 SDDL_ML_LOW \
65 SDDL_ACE_END
66
67 namespace vista_util {
68
69 // This is fast, since it caches the answer after first run.
70 bool IsVistaOrLater();
71
72 // Is the user running on Vista or later with a split-token.
73 HRESULT IsUserRunningSplitToken(bool* is_split_token);
74
75 // Returns true if the user has a split token, or if the EnableLUA key is set
76 // to 1. EnableLUA is only really effective after a reboot, and the value there
77 // may not reflect the exact state of the running machine. So this function
78 // needs to be used with care.
79 bool IsUACMaybeOn();
80
81 // Returns true if running at High integrity with UAC possibly enabled. As the
82 // name indicates, UAC being on or off is not 100% accurate. So this function
83 // needs to be used with care.
84 bool IsElevatedWithUACMaybeOn();
85
86 // Returns true if the process is running under credentials of an user
87 // belonging to the admin group in case of pre-Vista and in case Vista
88 // returns true if the user is running as an elevated admin.
89 bool IsUserAdmin();
90
91 // Returns true if the user is running as a non-elevated admin in case of
92 // Vista. In case of XP always returns false.
93 bool IsUserNonElevatedAdmin();
94
95 // Determine the mandatory level of a process
96 // processID, the process to query, or (0) to use the current process
97 // On Vista, level should alwys be filled in with either
98 // MandatoryLevelLow (IE)
99 // MandatoryLevelMedium(user), or
100 // MandatoryLevelHigh( Elevated Admin)
101 // On error, level remains unchanged
102 HRESULT GetProcessIntegrityLevel(DWORD processID, MANDATORY_LEVEL* level);
103
104 // Elevated processes need to be careful how they launch child processes
105 // to avoid having them inherit too many credentials or not being able to
106 // elevate their own IE processes normally. Microsoft's advice from
107 // http://msdn.microsoft.com/library/en-us/ietechcol/dnwebgen/protectedmode.asp
108 // will launch a low integrity IE, but that IE cannot elevate properly since
109 // it was running from the wrong token. The best method I can gather is to find
110 // an existing process on the machine running at normal user rights, and launch
111 // this process impersonating that token rather than trying to adjust token
112 // privileges of the elevated token. TODO(omaha): Implement and test this.
113 HRESULT CreateProcessAsNormalUserFromElevatedAdmin(const TCHAR* commandline,
114 STARTUPINFO* startup_info, PROCESS_INFORMATION* process_info);
115
116 // Starts a new elevated process. file_path specifies the program to be run.
117 // If exit_code is not null, the function waits until the spawned process has
118 // completed. The exit code of the process is returned therein.
119 // If exit_code is null, the function will return after spawning the program
120 // and will not wait for completion.
121 // show_window is one of the SW_* constants to specify how the window is
122 // opened.
123 HRESULT RunElevated(const TCHAR* file_path, const TCHAR* parameters,
124 int show_window, DWORD* exit_code);
125
126 // If there is no specific integrity level defined, return S_FALSE (1) and set
127 // level to MandatoryLevelMedium (the Vista default)
128 HRESULT GetFileOrFolderIntegrityLevel(const TCHAR* file,
129 MANDATORY_LEVEL* level, bool* and_children);
130
131 // A level of MandatoryLevelUntrusted (0) will remove the integrity level for
132 // this file and all children
133 HRESULT SetFileOrFolderIntegrityLevel(const TCHAR* file,
134 MANDATORY_LEVEL level, bool and_children);
135
136 // If there is no specific integrity level defined, return S_FALSE (1) and set
137 // level to MandatoryLevelMedium (the Vista default)
138 // root must be one of the 4 pre-defined roots: HKLM, HKCU, HKCR, HCU
139 HRESULT GetRegKeyIntegrityLevel(HKEY root, const TCHAR* subkey,
140 MANDATORY_LEVEL* level, bool* and_children);
141
142 // A level of MandatoryLevelUntrusted (0) will remove the integrity label
143 // root must be one of the 4 pre-defined roots: HKLM, HKCU, HKCR, HCU
144 HRESULT SetRegKeyIntegrityLevel(HKEY root, const TCHAR* subkey,
145 MANDATORY_LEVEL level, bool and_children);
146
147 // Creates a security descriptor that can be used to make an object accessible
148 // from the specified integrity level. When not running on Windows Vista or
149 // in case of errors, the function returns NULL, which results in using
150 // the default security descriptor.
151 // The caller must take ownership of the returned security descriptor.
152 // Mask will be added as an allowed ACE of the DACL.
153 // For example, use MUTEX_ALL_ACCESS for shared mutexes.
154 CSecurityDesc* CreateLowIntegritySecurityDesc(ACCESS_MASK mask);
155 CSecurityDesc* CreateMediumIntegritySecurityDesc(ACCESS_MASK mask);
156
157 // For Vista or later, add the low integrity SACL to an existing CSecurityDesc.
158 HRESULT AddLowIntegritySaclToExistingDesc(CSecurityDesc* sd);
159
160 } // namespace vista_util
161
162 } // namespace omaha
163
164 #endif // OMAHA_BASE_VISTAUTIL_H_
165
OLDNEW
« no previous file with comments | « base/vista_utils_unittest.cc ('k') | base/vistautil.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698