17dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch// Copyright (c) 2013 The Chromium Authors. All rights reserved. 27dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch// Use of this source code is governed by a BSD-style license that can be 37dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch// found in the LICENSE file. 47dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 57dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "base/process/process_handle.h" 67dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 77dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include <windows.h> 87dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 97dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "base/memory/scoped_ptr.h" 107dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "base/win/scoped_handle.h" 117dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "base/win/windows_version.h" 127dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 137dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochnamespace base { 147dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 157dbb3d5cf0c15f500944d211057644d6a2f37371Ben MurdochProcessId GetCurrentProcId() { 167dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return ::GetCurrentProcessId(); 177dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 187dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 197dbb3d5cf0c15f500944d211057644d6a2f37371Ben MurdochProcessHandle GetCurrentProcessHandle() { 207dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return ::GetCurrentProcess(); 217dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 227dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 237dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochbool OpenProcessHandle(ProcessId pid, ProcessHandle* handle) { 247dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch // We try to limit privileges granted to the handle. If you need this 257dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch // for test code, consider using OpenPrivilegedProcessHandle instead of 267dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch // adding more privileges here. 277dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ProcessHandle result = OpenProcess(PROCESS_TERMINATE | 287dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch PROCESS_QUERY_INFORMATION | 297dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch SYNCHRONIZE, 307dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch FALSE, pid); 317dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 327dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (result == NULL) 337dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 347dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 357dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *handle = result; 367dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return true; 377dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 387dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 397dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochbool OpenPrivilegedProcessHandle(ProcessId pid, ProcessHandle* handle) { 407dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ProcessHandle result = OpenProcess(PROCESS_DUP_HANDLE | 417dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch PROCESS_TERMINATE | 427dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch PROCESS_QUERY_INFORMATION | 437dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch PROCESS_VM_READ | 447dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch SYNCHRONIZE, 457dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch FALSE, pid); 467dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 477dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (result == NULL) 487dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 497dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 507dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *handle = result; 517dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return true; 527dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 537dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 547dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochbool OpenProcessHandleWithAccess(ProcessId pid, 557dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch uint32 access_flags, 567dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ProcessHandle* handle) { 577dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch ProcessHandle result = OpenProcess(access_flags, FALSE, pid); 587dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 597dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (result == NULL) 607dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 617dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 627dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *handle = result; 637dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return true; 647dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 657dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 667dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochvoid CloseProcessHandle(ProcessHandle process) { 677dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch CloseHandle(process); 687dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 697dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 707dbb3d5cf0c15f500944d211057644d6a2f37371Ben MurdochProcessId GetProcId(ProcessHandle process) { 717dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch // This returns 0 if we have insufficient rights to query the process handle. 727dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return GetProcessId(process); 737dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 747dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 757dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochbool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) { 767dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (!level) 777dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 787dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 797dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (win::GetVersion() < base::win::VERSION_VISTA) 807dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 817dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 827dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch HANDLE process_token; 837dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE, 847dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch &process_token)) 857dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 867dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 877dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch win::ScopedHandle scoped_process_token(process_token); 887dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 897dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch DWORD token_info_length = 0; 907dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0, 917dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch &token_info_length) || 927dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch GetLastError() != ERROR_INSUFFICIENT_BUFFER) 937dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 947dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 957dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch scoped_ptr<char[]> token_label_bytes(new char[token_info_length]); 967dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (!token_label_bytes.get()) 977dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 987dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 997dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch TOKEN_MANDATORY_LABEL* token_label = 1007dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get()); 1017dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (!token_label) 1027dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 1037dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 1047dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label, 1057dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch token_info_length, &token_info_length)) 1067dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 1077dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 1087dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid, 1097dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch (DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1)); 1107dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 1117dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) { 1127dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *level = LOW_INTEGRITY; 1137dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch } else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID && 1147dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch integrity_level < SECURITY_MANDATORY_HIGH_RID) { 1157dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *level = MEDIUM_INTEGRITY; 1167dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch } else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) { 1177dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch *level = HIGH_INTEGRITY; 1187dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch } else { 1197dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch NOTREACHED(); 1207dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return false; 1217dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch } 1227dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 1237dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch return true; 1247dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 1257dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 1267dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} // namespace base 127