1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Mutex to guarantee serialization of RLZ key accesses.
6
7 #include "rlz/win/lib/lib_mutex.h"
8
9 #include <windows.h>
10 #include <Sddl.h> // For SDDL_REVISION_1, ConvertStringSecurityDescript..
11 #include <Aclapi.h> // For SetSecurityInfo
12
13 #include "base/logging.h"
14 #include "base/win/windows_version.h"
15
16 namespace {
17
18 const wchar_t kMutexName[] = L"{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}";
19
20 } // namespace anonymous
21
22 namespace rlz_lib {
23
24 // Needed to allow synchronization across integrity levels.
SetObjectToLowIntegrity(HANDLE object,SE_OBJECT_TYPE type=SE_KERNEL_OBJECT)25 static bool SetObjectToLowIntegrity(HANDLE object,
26 SE_OBJECT_TYPE type = SE_KERNEL_OBJECT) {
27 if (base::win::GetVersion() < base::win::VERSION_VISTA)
28 return true; // Not needed on XP.
29
30 // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity.
31 static const wchar_t kLowIntegritySddlSacl[] = L"S:(ML;;NW;;;LW)";
32
33 bool result = false;
34 DWORD error = ERROR_SUCCESS;
35 PSECURITY_DESCRIPTOR security_descriptor = NULL;
36 PACL sacl = NULL;
37 BOOL sacl_present = FALSE;
38 BOOL sacl_defaulted = FALSE;
39
40 if (ConvertStringSecurityDescriptorToSecurityDescriptorW(
41 kLowIntegritySddlSacl, SDDL_REVISION_1, &security_descriptor, NULL)) {
42 if (GetSecurityDescriptorSacl(security_descriptor, &sacl_present,
43 &sacl, &sacl_defaulted)) {
44 error = SetSecurityInfo(object, type, LABEL_SECURITY_INFORMATION,
45 NULL, NULL, NULL, sacl);
46 result = (ERROR_SUCCESS == error);
47 }
48 LocalFree(security_descriptor);
49 }
50
51 return result;
52 }
53
LibMutex()54 LibMutex::LibMutex() : acquired_(false), mutex_(NULL) {
55 mutex_ = CreateMutex(NULL, false, kMutexName);
56 bool result = SetObjectToLowIntegrity(mutex_);
57 if (result) {
58 acquired_ = (WAIT_OBJECT_0 == WaitForSingleObject(mutex_, 5000L));
59 }
60 }
61
~LibMutex()62 LibMutex::~LibMutex() {
63 if (acquired_) ReleaseMutex(mutex_);
64 CloseHandle(mutex_);
65 }
66
67 } // namespace rlz_lib
68