Enhanced Protected Mode support

src/shared/Communication.cpp

Index: src/shared/Communication.cpp
===================================================================
--- a/src/shared/Communication.cpp
+++ b/src/shared/Communication.cpp
@@ -1,10 +1,18 @@
 #include <Windows.h>

[Wladimir Palant, 2013/09/17 07:53:48]

From what I can tell, none of my comments in this file have been addressed.

 #include <Lmcons.h>
 #include <Sddl.h>
+#include <aclapi.h>
+#include <strsafe.h>
 
 #include "Communication.h"
 #include "Utils.h"
 
+#ifndef SECURITY_APP_PACKAGE_AUTHORITY
+#define SECURITY_APP_PACKAGE_AUTHORITY              {0,0,0,0,0,15}
+#endif
+
+std::wstring Communication::browserSID;
+
 namespace
 {
   const int bufferSize = 1024;
@@ -25,6 +33,130 @@
       throw std::runtime_error(AppendErrorCode("Failed to get the current user's name"));
     return std::wstring(buffer.get(), length);
   }
+
+  // See http://msdn.microsoft.com/en-us/library/windows/desktop/hh448493(v=vs.85).aspx
+  bool GetLogonSid (HANDLE hToken, PSID *ppsid) 
+  {
+    if (ppsid == NULL)
+      return false;
+
+    // Get required buffer size and allocate the TOKEN_GROUPS buffer.
+    DWORD dwLength = 0;
+    PTOKEN_GROUPS ptg = NULL;
+    if (!GetTokenInformation(hToken, TokenLogonSid, ptg, 0, &dwLength)) 
+    {
+      if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) 
+        return false;
+
+      ptg = (PTOKEN_GROUPS) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength);
+
+      if (ptg == NULL)
+        return false;
+    }
+
+    // Get the token group information from the access token.
+    if (!GetTokenInformation(hToken, TokenLogonSid, ptg, dwLength, &dwLength) || ptg->GroupCount != 1) 
+    {
+      HeapFree(GetProcessHeap(), 0, ptg);
+      return false;
+    }
+
+    // Found the logon SID; make a copy of it.
+    dwLength = GetLengthSid(ptg->Groups[0].Sid);
+    *ppsid = (PSID) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength);
+    if (*ppsid == NULL)
+    {
+      HeapFree(GetProcessHeap(), 0, ptg);
+      return false;
+    }
+    if (!CopySid(dwLength, *ppsid, ptg->Groups[0].Sid)) 
+    {
+      HeapFree(GetProcessHeap(), 0, ptg);
+      HeapFree(GetProcessHeap(), 0, *ppsid);
+      return false;
+    }
+
+    HeapFree(GetProcessHeap(), 0, ptg);
+    return true;
+  }
+
+  bool CreateObjectSecurityDescriptor(PSID pLogonSid, PSECURITY_DESCRIPTOR* ppSD)
+  {
+    BOOL bSuccess = FALSE;
+    DWORD dwRes;
+    PSID pBrowserSID = NULL;
+    PACL pACL = NULL;
+    PSECURITY_DESCRIPTOR pSD = NULL;
+    EXPLICIT_ACCESS ea[2];
+    SID_IDENTIFIER_AUTHORITY ApplicationAuthority = SECURITY_APP_PACKAGE_AUTHORITY;
+
+    ConvertStringSidToSid(Communication::browserSID.c_str(), &pBrowserSID);
+
+    // Initialize an EXPLICIT_ACCESS structure for an ACE.
+    // The ACE will allow LogonSid generic all access
+    ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
+    ea[0].grfAccessPermissions = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL;
+    ea[0].grfAccessMode = SET_ACCESS;
+    ea[0].grfInheritance= NO_INHERITANCE;
+    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
+    ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
+    ea[0].Trustee.ptstrName  = (LPTSTR) pLogonSid;
+
+    // Initialize an EXPLICIT_ACCESS structure for an ACE.
+    // The ACE will give the browser SID all permissions
+    ea[1].grfAccessPermissions = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL;
+    ea[1].grfAccessMode = SET_ACCESS;
+    ea[1].grfInheritance= NO_INHERITANCE;
+    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
+    ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
+    ea[1].Trustee.ptstrName  = (LPTSTR) pBrowserSID;
+
+    // Create a new ACL that contains the new ACEs.
+    dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);
+    if (ERROR_SUCCESS != dwRes) 
+    {
+      FreeSid(pBrowserSID);
+      return false;
+    }
+
+    // Initialize a security descriptor.  
+    pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); 
+    if (NULL == pSD) 
+    { 
+      FreeSid(pBrowserSID);
+      LocalFree(pACL);
+      return false;; 
+    } 
+
+    if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) 
+    {  
+      FreeSid(pBrowserSID);
+      LocalFree(pACL);
+      LocalFree((LPVOID)pSD);
+      return false;
+    } 
+
+    // Add the ACL to the security descriptor. 
+    if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE))   // not a default DACL 
+    {  
+      FreeSid(pBrowserSID);
+      LocalFree(pACL);
+      LocalFree((LPVOID)pSD);
+      return false;
+    } 
+
+    *ppSD = pSD;
+    pSD = NULL;
+
+    if (pBrowserSID) 
+      FreeSid(pBrowserSID);
+    if (pACL) 
+      LocalFree(pACL);
+
+    return true;
+  }
+
+
 }
 
 const std::wstring Communication::pipeName = L"\\\\.\\pipe\\adblockplusengine_" + GetUserName();
@@ -67,7 +199,6 @@
   : std::runtime_error("Pipe disconnected")
 {
 }
-
 Communication::Pipe::Pipe(const std::wstring& pipeName, Communication::Pipe::Mode mode)

[Wladimir Palant, 2013/09/17 07:53:48]

Not addressed: the empty line before this function should stay.

 {
   pipe = INVALID_HANDLE_VALUE;
@@ -76,25 +207,36 @@
     SECURITY_ATTRIBUTES sa;
     memset(&sa, 0, sizeof(SECURITY_ATTRIBUTES));
     sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+
+    HANDLE hToken = NULL;
+    OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken); 
+
+    if (browserSID.empty())
+    {
+      if (IsWindowsVistaOrLater())
+      {
+        // Low mandatory label. See http://msdn.microsoft.com/en-us/library/bb625958.aspx
+        LPCWSTR accessControlEntry = L"S:(ML;;NW;;;LW)";
+        ConvertStringSecurityDescriptorToSecurityDescriptorW(accessControlEntry, SDDL_REVISION_1, &securitydescriptor, 0);
+        sa.lpSecurityDescriptor = securitydescriptor;
+      }
 
-    PSECURITY_DESCRIPTOR securitydescriptor;
-    if (IsWindowsVistaOrLater())
-    {
-      // Low mandatory label. See http://msdn.microsoft.com/en-us/library/bb625958.aspx
-      LPCWSTR accessControlEntry = L"S:(ML;;NW;;;LW)";
-      ConvertStringSecurityDescriptorToSecurityDescriptorW(accessControlEntry, SDDL_REVISION_1, &securitydescriptor, 0);
-      sa.lpSecurityDescriptor = securitydescriptor;
-    }
-
-    sa.bInheritHandle = TRUE;
-
-    pipe = CreateNamedPipeW (pipeName.c_str(), PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
-                                  PIPE_UNLIMITED_INSTANCES, bufferSize, bufferSize, 0, &sa);
-    if (IsWindowsVistaOrLater() && securitydescriptor)
-    {
-        LocalFree(securitydescriptor);
-    }
-  }
+      sa.bInheritHandle = TRUE;
+    }
+    else  // IE is in AppContainer
+    {
+      PSID pLogonSid = NULL;
+      //Allowing LogonSid and IE's appcontainer. 
+      if (GetLogonSid(hToken, &pLogonSid) && CreateObjectSecurityDescriptor(pLogonSid, &securitydescriptor) )
+      {
+        sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+        sa.bInheritHandle = TRUE;
+        sa.lpSecurityDescriptor = securitydescriptor;                            
+      }
+    }
+    pipe = CreateNamedPipe(pipeName.c_str(),  PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
+                              PIPE_UNLIMITED_INSTANCES, bufferSize, bufferSize, 0, &sa);
+   }
   else
   {
     pipe = CreateFileW(pipeName.c_str(), GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
@@ -121,6 +263,9 @@
 Communication::Pipe::~Pipe()
 {
   CloseHandle(pipe);
+  if (securitydescriptor)
+    LocalFree(securitydescriptor);
+
 }
 
 Communication::InputBuffer Communication::Pipe::ReadMessage()