Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / remoting / host / win / com_security.cc
blob97e644b03415c19253f33d498b2ec2f133f3579a
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/host/win/com_security.h"
7 #include <objidl.h>
9 #include "base/basictypes.h"
10 #include "base/compiler_specific.h"
11 #include "base/logging.h"
12 #include "base/win/windows_version.h"
13 #include "remoting/host/win/security_descriptor.h"
15 namespace remoting {
17 bool InitializeComSecurity(const std::string& security_descriptor,
18 const std::string& mandatory_label,
19 bool activate_as_activator) {
20 std::string sddl = security_descriptor;
21 if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
22 sddl += mandatory_label;
25 // Convert the SDDL description into a security descriptor in absolute format.
26 ScopedSd relative_sd = ConvertSddlToSd(sddl);
27 if (!relative_sd) {
28 PLOG(ERROR) << "Failed to create a security descriptor";
29 return false;
31 ScopedSd absolute_sd;
32 ScopedAcl dacl;
33 ScopedSid group;
34 ScopedSid owner;
35 ScopedAcl sacl;
36 if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
37 &sacl)) {
38 PLOG(ERROR) << "MakeScopedAbsoluteSd() failed";
39 return false;
42 DWORD capabilities = EOAC_DYNAMIC_CLOAKING;
43 if (!activate_as_activator)
44 capabilities |= EOAC_DISABLE_AAA;
46 // Apply the security descriptor and default security settings. See
47 // InitializeComSecurity's declaration for details.
48 HRESULT result = CoInitializeSecurity(
49 absolute_sd.get(),
50 -1, // Let COM choose which authentication services to register.
51 nullptr, // See above.
52 nullptr, // Reserved, must be nullptr.
53 RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
54 RPC_C_IMP_LEVEL_IDENTIFY,
55 nullptr, // Default authentication information is not provided.
56 capabilities,
57 nullptr); /// Reserved, must be nullptr
58 if (FAILED(result)) {
59 LOG(ERROR) << "CoInitializeSecurity() failed, result=0x"
60 << std::hex << result << std::dec << ".";
61 return false;
64 return true;
67 } // namespace remoting