1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/installer/util/legacy_firewall_manager_win.h"
7 #include "base/logging.h"
8 #include "base/strings/stringprintf.h"
9 #include "base/win/scoped_bstr.h"
13 LegacyFirewallManager::LegacyFirewallManager() {}
15 LegacyFirewallManager::~LegacyFirewallManager() {}
17 bool LegacyFirewallManager::Init(const base::string16
& app_name
,
18 const base::FilePath
& app_path
) {
19 base::win::ScopedComPtr
<INetFwMgr
> firewall_manager
;
20 HRESULT hr
= firewall_manager
.CreateInstance(CLSID_NetFwMgr
);
22 DLOG(ERROR
) << logging::SystemErrorCodeToString(hr
);
26 base::win::ScopedComPtr
<INetFwPolicy
> firewall_policy
;
27 hr
= firewall_manager
->get_LocalPolicy(firewall_policy
.Receive());
29 DLOG(ERROR
) << logging::SystemErrorCodeToString(hr
);
33 hr
= firewall_policy
->get_CurrentProfile(current_profile_
.Receive());
35 DLOG(ERROR
) << logging::SystemErrorCodeToString(hr
);
36 current_profile_
= NULL
;
45 bool LegacyFirewallManager::IsFirewallEnabled() {
46 VARIANT_BOOL is_enabled
= VARIANT_TRUE
;
47 HRESULT hr
= current_profile_
->get_FirewallEnabled(&is_enabled
);
48 return SUCCEEDED(hr
) && is_enabled
!= VARIANT_FALSE
;
51 bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value
) {
52 // Otherwise, check to see if there is a rule either allowing or disallowing
54 base::win::ScopedComPtr
<INetFwAuthorizedApplications
> authorized_apps(
55 GetAuthorizedApplications());
56 if (!authorized_apps
.get())
59 base::win::ScopedComPtr
<INetFwAuthorizedApplication
> chrome_application
;
60 HRESULT hr
= authorized_apps
->Item(
61 base::win::ScopedBstr(app_path_
.value().c_str()),
62 chrome_application
.Receive());
65 VARIANT_BOOL is_enabled
= VARIANT_FALSE
;
66 hr
= chrome_application
->get_Enabled(&is_enabled
);
70 *value
= (is_enabled
== VARIANT_TRUE
);
74 // The SharedAccess service must be running.
75 bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow
) {
76 base::win::ScopedComPtr
<INetFwAuthorizedApplications
> authorized_apps(
77 GetAuthorizedApplications());
78 if (!authorized_apps
.get())
82 base::win::ScopedComPtr
<INetFwAuthorizedApplication
> authorization
=
83 CreateChromeAuthorization(allow
);
84 if (!authorization
.get())
86 HRESULT hr
= authorized_apps
->Add(authorization
.get());
87 DLOG_IF(ERROR
, FAILED(hr
)) << logging::SystemErrorCodeToString(hr
);
91 void LegacyFirewallManager::DeleteRule() {
92 base::win::ScopedComPtr
<INetFwAuthorizedApplications
> authorized_apps(
93 GetAuthorizedApplications());
94 if (!authorized_apps
.get())
96 authorized_apps
->Remove(base::win::ScopedBstr(app_path_
.value().c_str()));
99 base::win::ScopedComPtr
<INetFwAuthorizedApplications
>
100 LegacyFirewallManager::GetAuthorizedApplications() {
101 base::win::ScopedComPtr
<INetFwAuthorizedApplications
> authorized_apps
;
103 current_profile_
->get_AuthorizedApplications(authorized_apps
.Receive());
105 DLOG(ERROR
) << logging::SystemErrorCodeToString(hr
);
106 return base::win::ScopedComPtr
<INetFwAuthorizedApplications
>();
109 return authorized_apps
;
112 base::win::ScopedComPtr
<INetFwAuthorizedApplication
>
113 LegacyFirewallManager::CreateChromeAuthorization(bool allow
) {
114 base::win::ScopedComPtr
<INetFwAuthorizedApplication
> chrome_application
;
117 chrome_application
.CreateInstance(CLSID_NetFwAuthorizedApplication
);
119 DLOG(ERROR
) << logging::SystemErrorCodeToString(hr
);
120 return base::win::ScopedComPtr
<INetFwAuthorizedApplication
>();
123 chrome_application
->put_Name(base::win::ScopedBstr(app_name_
.c_str()));
124 chrome_application
->put_ProcessImageFileName(
125 base::win::ScopedBstr(app_path_
.value().c_str()));
126 // IpVersion defaults to NET_FW_IP_VERSION_ANY.
127 // Scope defaults to NET_FW_SCOPE_ALL.
128 // RemoteAddresses defaults to "*".
129 chrome_application
->put_Enabled(allow
? VARIANT_TRUE
: VARIANT_FALSE
);
131 return chrome_application
;
134 } // namespace installer
