base/process/process_handle_win.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/process/process_handle.h"
   6
   7 #include <windows.h>
   8
   9 #include "base/memory/scoped_ptr.h"
  10 #include "base/win/scoped_handle.h"
  11 #include "base/win/windows_version.h"
  12
  13 namespace base {
  14
  15 ProcessId GetCurrentProcId() {
  16   return ::GetCurrentProcessId();
  17 }
  18
  19 ProcessHandle GetCurrentProcessHandle() {
  20   return ::GetCurrentProcess();
  21 }
  22
  23 bool OpenProcessHandle(ProcessId pid, ProcessHandle* handle) {
  24   // We try to limit privileges granted to the handle. If you need this
  25   // for test code, consider using OpenPrivilegedProcessHandle instead of
  26   // adding more privileges here.
  27   ProcessHandle result = OpenProcess(PROCESS_TERMINATE |
  28                                      PROCESS_QUERY_INFORMATION |
  29                                      SYNCHRONIZE,
  30                                      FALSE, pid);
  31
  32   if (result == NULL)
  33     return false;
  34
  35   *handle = result;
  36   return true;
  37 }
  38
  39 bool OpenProcessHandleWithAccess(ProcessId pid,
  40                                  uint32 access_flags,
  41                                  ProcessHandle* handle) {
  42   ProcessHandle result = OpenProcess(access_flags, FALSE, pid);
  43
  44   if (result == NULL)
  45     return false;
  46
  47   *handle = result;
  48   return true;
  49 }
  50
  51 void CloseProcessHandle(ProcessHandle process) {
  52   CloseHandle(process);
  53 }
  54
  55 ProcessId GetProcId(ProcessHandle process) {
  56   // This returns 0 if we have insufficient rights to query the process handle.
  57   return GetProcessId(process);
  58 }
  59
  60 bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) {
  61   if (!level)
  62     return false;
  63
  64   if (win::GetVersion() < base::win::VERSION_VISTA)
  65     return false;
  66
  67   HANDLE process_token;
  68   if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE,
  69       &process_token))
  70     return false;
  71
  72   win::ScopedHandle scoped_process_token(process_token);
  73
  74   DWORD token_info_length = 0;
  75   if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
  76                           &token_info_length) ||
  77       GetLastError() != ERROR_INSUFFICIENT_BUFFER)
  78     return false;
  79
  80   scoped_ptr<char[]> token_label_bytes(new char[token_info_length]);
  81   if (!token_label_bytes.get())
  82     return false;
  83
  84   TOKEN_MANDATORY_LABEL* token_label =
  85       reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
  86   if (!token_label)
  87     return false;
  88
  89   if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
  90                            token_info_length, &token_info_length))
  91     return false;
  92
  93   DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid,
  94       (DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1));
  95
  96   if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) {
  97     *level = LOW_INTEGRITY;
  98   } else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
  99       integrity_level < SECURITY_MANDATORY_HIGH_RID) {
 100     *level = MEDIUM_INTEGRITY;
 101   } else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) {
 102     *level = HIGH_INTEGRITY;
 103   } else {
 104     NOTREACHED();
 105     return false;
 106   }
 107
 108   return true;
 109 }
 110
 111 }  // namespace base