• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Mutex to guarantee serialization of RLZ key accesses.
6 
7 #include "rlz/win/lib/lib_mutex.h"
8 
9 #include <windows.h>
10 #include <Sddl.h>    // For SDDL_REVISION_1, ConvertStringSecurityDescript..
11 #include <Aclapi.h>  // For SetSecurityInfo
12 
13 #include "base/logging.h"
14 #include "base/win/windows_version.h"
15 
16 namespace {
17 
18 const wchar_t kMutexName[] = L"{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}";
19 
20 }  // namespace anonymous
21 
22 namespace rlz_lib {
23 
24 // Needed to allow synchronization across integrity levels.
SetObjectToLowIntegrity(HANDLE object,SE_OBJECT_TYPE type=SE_KERNEL_OBJECT)25 static bool SetObjectToLowIntegrity(HANDLE object,
26     SE_OBJECT_TYPE type = SE_KERNEL_OBJECT) {
27   if (base::win::GetVersion() < base::win::VERSION_VISTA)
28     return true;  // Not needed on XP.
29 
30   // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity.
31   static const wchar_t kLowIntegritySddlSacl[] = L"S:(ML;;NW;;;LW)";
32 
33   bool result = false;
34   DWORD error = ERROR_SUCCESS;
35   PSECURITY_DESCRIPTOR security_descriptor = NULL;
36   PACL sacl = NULL;
37   BOOL sacl_present = FALSE;
38   BOOL sacl_defaulted = FALSE;
39 
40   if (ConvertStringSecurityDescriptorToSecurityDescriptorW(
41           kLowIntegritySddlSacl, SDDL_REVISION_1, &security_descriptor, NULL)) {
42     if (GetSecurityDescriptorSacl(security_descriptor, &sacl_present,
43             &sacl, &sacl_defaulted)) {
44       error = SetSecurityInfo(object, type, LABEL_SECURITY_INFORMATION,
45                               NULL, NULL, NULL, sacl);
46       result = (ERROR_SUCCESS == error);
47     }
48     LocalFree(security_descriptor);
49   }
50 
51   return result;
52 }
53 
LibMutex()54 LibMutex::LibMutex() : acquired_(false), mutex_(NULL) {
55   mutex_ = CreateMutex(NULL, false, kMutexName);
56   bool result = SetObjectToLowIntegrity(mutex_);
57   if (result) {
58     acquired_ = (WAIT_OBJECT_0 == WaitForSingleObject(mutex_, 5000L));
59   }
60 }
61 
~LibMutex()62 LibMutex::~LibMutex() {
63   if (acquired_) ReleaseMutex(mutex_);
64   CloseHandle(mutex_);
65 }
66 
67 }  // namespace rlz_lib
68