src/plugin/AdblockPlusClient.cpp - Issue 11756012: Enhanced Protected Mode support

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: src/plugin/AdblockPlusClient.cpp

Issue 11756012: Enhanced Protected Mode support (Closed)

Patch Set: Addressing comments Created Sept. 17, 2013, 2:51 a.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/plugin/AdblockPlusClient.cpp

===================================================================

--- a/src/plugin/AdblockPlusClient.cpp

+++ b/src/plugin/AdblockPlusClient.cpp

@@ -1,5 +1,4 @@

#include "PluginStdAfx.h"

#include "PluginSettings.h"

#include "PluginSystem.h"

#include "PluginFilter.h"

@@ -23,14 +22,50 @@

HANDLE token;

OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &token);

- HANDLE newToken;

- DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newToken);

- if (!CreateProcessAsUserW(newToken, engineExecutablePath.c_str(),

- params.GetBuffer(params.GetLength() + 1),

- 0, 0, 0, 0, 0, 0, &startupInfo, &processInformation))

+ TOKEN_APPCONTAINER_INFORMATION *acSid = NULL;

Wladimir Palant 2013/09/17 07:53:48 Nit: that variable name also uses the Hungarian no

+ DWORD length = 0;

+ // Get AppContainer SID

+ if (!GetTokenInformation(token, TokenAppContainerSid, acSid, 0, &length) && GetLastError() == ERROR_INSUFFICIENT_BUFFER)

+ {

+ acSid = (TOKEN_APPCONTAINER_INFORMATION*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, length);

+ if (acSid != NULL)

+ {

+ GetTokenInformation(token, TokenAppContainerSid, acSid, length, &length);

+ }

+ else

+ {

+ throw std::runtime_error("Out of memory");

+ }

+ BOOL createProcRes = 0;

+ // Running inside AppContainer?

+ if (acSid != NULL && acSid->TokenAppContainer != NULL)

+ {

+ // Launch with default security. Registry entry will eat the user prompt

+ // See http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_elebp

+ LPWSTR stringSid;

+ ConvertSidToStringSidW(acSid->TokenAppContainer, &stringSid);

+ params.Append(L" ");

+ params.Append(stringSid);

+ LocalFree(stringSid);

+ createProcRes = CreateProcessW(engineExecutablePath.c_str(), params.GetBuffer(params.GetLength() + 1),

+ 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);

+ }

+ else

{

- DWORD error = GetLastError();

+ // Launch with the same security token (Low Integrity) explicitly

+ HANDLE newToken;

+ DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newToken);

+ createProcRes = CreateProcessAsUser(newToken, engineExecutablePath.c_str(), params.GetBuffer(params.GetLength() + 1),

Wladimir Palant 2013/09/17 07:53:48 Nit: This should be changed into CreateProcessAsUs

+ 0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);

+ }

+ if (!createProcRes)

+ {

throw std::runtime_error("Failed to start Adblock Plus Engine");

}

« src/plugin/AdblockPlus.rgs ('K') | « src/plugin/AdblockPlus.rgs ('k') | src/plugin/PluginClass.cpp » ('j') | src/shared/Communication.h » ('J')