Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: src/plugin/AdblockPlusClient.cpp

Issue 11756012: Enhanced Protected Mode support (Closed)
Patch Set: Created Sept. 15, 2013, 1 a.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
OLDNEW
1 #include "PluginStdAfx.h" 1 #include "PluginStdAfx.h"
2 2
3 #include <Windows.h>
4 #include <Sddl.h>
Felix Dahlke 2013/09/16 16:30:12 Shouldn't these two includes go into PluginStdAfx?
5
6
3 #include "PluginSettings.h" 7 #include "PluginSettings.h"
4 #include "PluginSystem.h" 8 #include "PluginSystem.h"
5 #include "PluginFilter.h" 9 #include "PluginFilter.h"
6 #include "PluginClientFactory.h" 10 #include "PluginClientFactory.h"
7 #include "PluginMutex.h" 11 #include "PluginMutex.h"
8 #include "PluginClass.h" 12 #include "PluginClass.h"
9 13
10 #include "AdblockPlusClient.h" 14 #include "AdblockPlusClient.h"
11 15
12 #include "../shared/Utils.h" 16 #include "../shared/Utils.h"
13 17
14 namespace 18 namespace
15 { 19 {
16 void SpawnAdblockPlusEngine() 20 void SpawnAdblockPlusEngine()
17 { 21 {
18 std::wstring engineExecutablePath = GetDllDir() + L"AdblockPlusEngine.exe"; 22 std::wstring engineExecutablePath = GetDllDir() + L"AdblockPlusEngine.exe";
19 CString params = L"AdblockPlusEngine.exe " + CPluginSystem::GetInstance()->G etBrowserLanguage(); 23 CString params = L"AdblockPlusEngine.exe " + CPluginSystem::GetInstance()->G etBrowserLanguage();
20 24
21 STARTUPINFO startupInfo = {}; 25 STARTUPINFO startupInfo = {};
22 PROCESS_INFORMATION processInformation = {}; 26 PROCESS_INFORMATION processInformation = {};
23 27
24 HANDLE token; 28 HANDLE token;
25 OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &token); 29 OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &token);
26 HANDLE newToken;
27 DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newToken );
28 30
29 if (!CreateProcessAsUserW(newToken, engineExecutablePath.c_str(), 31 TOKEN_APPCONTAINER_INFORMATION *acSid = NULL;
30 params.GetBuffer(params.GetLength() + 1), 32 DWORD dwLength = 0;
Wladimir Palant 2013/09/16 13:45:07 Nit: Since when are we using Hungarian notation? I
31 0, 0, 0, 0, 0, 0, &startupInfo, &processInformatio n)) 33
34 // Get AppContainer SID
35 if (!GetTokenInformation(token, TokenAppContainerSid, (LPVOID) acSid, 0, &dw Length) && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
Wladimir Palant 2013/09/16 13:45:07 Nit: I think that the explicit cast to LPVOID here
32 { 36 {
33 DWORD error = GetLastError(); 37 acSid = (TOKEN_APPCONTAINER_INFORMATION*)HeapAlloc(GetProcessHeap(), HEA P_ZERO_MEMORY, dwLength);
Wladimir Palant 2013/09/16 13:45:07 Why are we using HeapAlloc() rather than "new" her
Felix Dahlke 2013/09/16 16:30:12 Nit: Space before HeapAlloc?
Oleksandr 2013/09/17 03:11:37 "new" isn't good here since in the specific exampl
Wladimir Palant 2013/09/17 07:53:48 What I actually meant: std::unique_ptr<char[]> si
38 if (acSid != NULL)
Felix Dahlke 2013/09/16 16:30:12 What if the allocation failed? Isn't that worth an
39 {
40 GetTokenInformation(token, TokenAppContainerSid, (LPVOID) acSid, dwLen gth, &dwLength);
41 }
42 }
43
44 BOOL createProcRes = 0;
45 // Running inside AppContainer?
46 if ((acSid != NULL) && (acSid->TokenAppContainer != NULL))
Wladimir Palant 2013/09/16 13:45:07 Nit: the extra parentheses are unnecessary.
47 {
48 // Launch with default security. Registry entry will eat the user prompt
49 // See http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_ elebp
50 LPWSTR stringSid;
51 ConvertSidToStringSidW(acSid->TokenAppContainer, &stringSid);
52 params.Append(L" ");
53 params.Append(stringSid);
54 LocalFree(stringSid);
55 createProcRes = CreateProcess(engineExecutablePath.c_str(), params.GetBuff er(params.GetLength() + 1),
56 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);
57 }
58 else
59 {
60 // Launch with the same security token (Low Integrity) explicitly
61 HANDLE newToken;
62 DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newTok en);
63
64 createProcRes = CreateProcessAsUser(newToken, engineExecutablePath.c_str() , params.GetBuffer(params.GetLength() + 1),
65 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);
66 }
67
68 if (!createProcRes)
69 {
34 throw std::runtime_error("Failed to start Adblock Plus Engine"); 70 throw std::runtime_error("Failed to start Adblock Plus Engine");
35 } 71 }
36 72
37 CloseHandle(processInformation.hProcess); 73 CloseHandle(processInformation.hProcess);
38 CloseHandle(processInformation.hThread); 74 CloseHandle(processInformation.hThread);
39 } 75 }
40 76
41 Communication::Pipe* OpenEnginePipe() 77 Communication::Pipe* OpenEnginePipe()
42 { 78 {
43 try 79 try
(...skipping 11 matching lines...) Expand all
55 try 91 try
56 { 92 {
57 return new Communication::Pipe(Communication::pipeName, Communication: :Pipe::MODE_CONNECT); 93 return new Communication::Pipe(Communication::pipeName, Communication: :Pipe::MODE_CONNECT);
58 } 94 }
59 catch (Communication::PipeConnectionError e) 95 catch (Communication::PipeConnectionError e)
60 { 96 {
61 } 97 }
62 } 98 }
63 throw std::runtime_error("Unable to open Adblock Plus Engine pipe"); 99 throw std::runtime_error("Unable to open Adblock Plus Engine pipe");
64 } 100 }
101 catch(...)
Wladimir Palant 2013/09/16 13:45:07 I don't really like seeing "catch all", what kind
102 {
103 SpawnAdblockPlusEngine();
104 }
65 } 105 }
66 106
67 std::vector<std::wstring> ReadStrings(Communication::InputBuffer& message) 107 std::vector<std::wstring> ReadStrings(Communication::InputBuffer& message)
68 { 108 {
69 int32_t count; 109 int32_t count;
70 message >> count; 110 message >> count;
71 111
72 std::vector<std::wstring> result; 112 std::vector<std::wstring> result;
73 for (int32_t i = 0; i < count; i++) 113 for (int32_t i = 0; i < count; i++)
74 { 114 {
(...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after
462 bool CAdblockPlusClient::TogglePluginEnabled() 502 bool CAdblockPlusClient::TogglePluginEnabled()
463 { 503 {
464 DEBUG_GENERAL("TogglePluginEnabled"); 504 DEBUG_GENERAL("TogglePluginEnabled");
465 Communication::InputBuffer response; 505 Communication::InputBuffer response;
466 if (!CallEngine(Communication::PROC_TOGGLE_PLUGIN_ENABLED, response)) 506 if (!CallEngine(Communication::PROC_TOGGLE_PLUGIN_ENABLED, response))
467 return false; 507 return false;
468 bool currentEnabledState; 508 bool currentEnabledState;
469 response >> currentEnabledState; 509 response >> currentEnabledState;
470 return currentEnabledState; 510 return currentEnabledState;
471 } 511 }
OLDNEW

Powered by Google App Engine
This is Rietveld