• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "chrome/installer/util/legacy_firewall_manager_win.h"
6 
7 #include "base/logging.h"
8 #include "base/strings/stringprintf.h"
9 #include "base/win/scoped_bstr.h"
10 
11 namespace installer {
12 
LegacyFirewallManager()13 LegacyFirewallManager::LegacyFirewallManager() {}
14 
~LegacyFirewallManager()15 LegacyFirewallManager::~LegacyFirewallManager() {}
16 
Init(const base::string16 & app_name,const base::FilePath & app_path)17 bool LegacyFirewallManager::Init(const base::string16& app_name,
18                                  const base::FilePath& app_path) {
19   base::win::ScopedComPtr<INetFwMgr> firewall_manager;
20   HRESULT hr = firewall_manager.CreateInstance(CLSID_NetFwMgr);
21   if (FAILED(hr)) {
22     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
23     return false;
24   }
25 
26   base::win::ScopedComPtr<INetFwPolicy> firewall_policy;
27   hr = firewall_manager->get_LocalPolicy(firewall_policy.Receive());
28   if (FAILED(hr)) {
29     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
30     return false;
31   }
32 
33   hr = firewall_policy->get_CurrentProfile(current_profile_.Receive());
34   if (FAILED(hr)) {
35     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
36     current_profile_ = NULL;
37     return false;
38   }
39 
40   app_name_ = app_name;
41   app_path_ = app_path;
42   return true;
43 }
44 
IsFirewallEnabled()45 bool LegacyFirewallManager::IsFirewallEnabled() {
46   VARIANT_BOOL is_enabled = VARIANT_TRUE;
47   HRESULT hr = current_profile_->get_FirewallEnabled(&is_enabled);
48   return SUCCEEDED(hr) && is_enabled != VARIANT_FALSE;
49 }
50 
GetAllowIncomingConnection(bool * value)51 bool LegacyFirewallManager::GetAllowIncomingConnection(bool* value) {
52   // Otherwise, check to see if there is a rule either allowing or disallowing
53   // this chrome.exe.
54   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
55       GetAuthorizedApplications());
56   if (!authorized_apps.get())
57     return false;
58 
59   base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
60   HRESULT hr = authorized_apps->Item(
61       base::win::ScopedBstr(app_path_.value().c_str()),
62       chrome_application.Receive());
63   if (FAILED(hr))
64     return false;
65   VARIANT_BOOL is_enabled = VARIANT_FALSE;
66   hr = chrome_application->get_Enabled(&is_enabled);
67   if (FAILED(hr))
68     return false;
69   if (value)
70     *value = (is_enabled == VARIANT_TRUE);
71   return true;
72 }
73 
74 // The SharedAccess service must be running.
SetAllowIncomingConnection(bool allow)75 bool LegacyFirewallManager::SetAllowIncomingConnection(bool allow) {
76   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
77       GetAuthorizedApplications());
78   if (!authorized_apps.get())
79     return false;
80 
81   // Authorize chrome.
82   base::win::ScopedComPtr<INetFwAuthorizedApplication> authorization =
83       CreateChromeAuthorization(allow);
84   if (!authorization.get())
85     return false;
86   HRESULT hr = authorized_apps->Add(authorization);
87   DLOG_IF(ERROR, FAILED(hr)) << logging::SystemErrorCodeToString(hr);
88   return SUCCEEDED(hr);
89 }
90 
DeleteRule()91 void LegacyFirewallManager::DeleteRule() {
92   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps(
93       GetAuthorizedApplications());
94   if (!authorized_apps.get())
95     return;
96   authorized_apps->Remove(base::win::ScopedBstr(app_path_.value().c_str()));
97 }
98 
99 base::win::ScopedComPtr<INetFwAuthorizedApplications>
GetAuthorizedApplications()100 LegacyFirewallManager::GetAuthorizedApplications() {
101   base::win::ScopedComPtr<INetFwAuthorizedApplications> authorized_apps;
102   HRESULT hr =
103       current_profile_->get_AuthorizedApplications(authorized_apps.Receive());
104   if (FAILED(hr)) {
105     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
106     return base::win::ScopedComPtr<INetFwAuthorizedApplications>();
107   }
108 
109   return authorized_apps;
110 }
111 
112 base::win::ScopedComPtr<INetFwAuthorizedApplication>
CreateChromeAuthorization(bool allow)113 LegacyFirewallManager::CreateChromeAuthorization(bool allow) {
114   base::win::ScopedComPtr<INetFwAuthorizedApplication> chrome_application;
115 
116   HRESULT hr =
117       chrome_application.CreateInstance(CLSID_NetFwAuthorizedApplication);
118   if (FAILED(hr)) {
119     DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
120     return base::win::ScopedComPtr<INetFwAuthorizedApplication>();
121   }
122 
123   chrome_application->put_Name(base::win::ScopedBstr(app_name_.c_str()));
124   chrome_application->put_ProcessImageFileName(
125       base::win::ScopedBstr(app_path_.value().c_str()));
126   // IpVersion defaults to NET_FW_IP_VERSION_ANY.
127   // Scope defaults to NET_FW_SCOPE_ALL.
128   // RemoteAddresses defaults to "*".
129   chrome_application->put_Enabled(allow ? VARIANT_TRUE : VARIANT_FALSE);
130 
131   return chrome_application;
132 }
133 
134 }  // namespace installer
135