• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/process/process_info.h"
6 
7 #include <windows.h>
8 
9 #include <optional>
10 
11 #include "base/logging.h"
12 #include "base/notreached.h"
13 #include "base/process/process.h"
14 #include "base/win/access_token.h"
15 
16 namespace base {
17 
18 namespace {
19 
GetProcessIntegrityLevelInternal(std::optional<win::AccessToken> token)20 IntegrityLevel GetProcessIntegrityLevelInternal(
21     std::optional<win::AccessToken> token) {
22   if (!token) {
23     PLOG(ERROR) << "AccessToken `token` is invalid";
24     return INTEGRITY_UNKNOWN;
25   }
26   DWORD integrity_level = token->IntegrityLevel();
27 
28   if (integrity_level < SECURITY_MANDATORY_LOW_RID)
29     return UNTRUSTED_INTEGRITY;
30 
31   if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID)
32     return LOW_INTEGRITY;
33 
34   if (integrity_level < SECURITY_MANDATORY_HIGH_RID)
35     return MEDIUM_INTEGRITY;
36 
37   if (integrity_level >= SECURITY_MANDATORY_HIGH_RID)
38     return HIGH_INTEGRITY;
39 
40   NOTREACHED();
41 }
42 
43 }  // namespace
44 
GetProcessIntegrityLevel(ProcessId process_id)45 IntegrityLevel GetProcessIntegrityLevel(ProcessId process_id) {
46   auto process = Process::OpenWithAccess(process_id, PROCESS_QUERY_INFORMATION);
47   return process.IsValid()
48              ? GetProcessIntegrityLevelInternal(win::AccessToken::FromProcess(
49                    process.Handle(),
50                    /*impersonation=*/false, TOKEN_QUERY_SOURCE))
51              : INTEGRITY_UNKNOWN;
52 }
53 
GetCurrentProcessIntegrityLevel()54 IntegrityLevel GetCurrentProcessIntegrityLevel() {
55   return GetProcessIntegrityLevelInternal(
56       win::AccessToken::FromCurrentProcess());
57 }
58 
IsCurrentProcessElevated()59 bool IsCurrentProcessElevated() {
60   std::optional<win::AccessToken> token =
61       win::AccessToken::FromCurrentProcess();
62   if (!token) {
63     PLOG(ERROR) << "AccessToken::FromCurrentProcess() failed";
64     return false;
65   }
66   return token->IsElevated();
67 }
68 
IsCurrentProcessInAppContainer()69 bool IsCurrentProcessInAppContainer() {
70   std::optional<win::AccessToken> token =
71       win::AccessToken::FromCurrentProcess();
72   if (!token) {
73     PLOG(ERROR) << "AccessToken::FromCurrentProcess() failed";
74     return false;
75   }
76   return token->IsAppContainer();
77 }
78 
79 }  // namespace base
80