summaryrefslogtreecommitdiff
path: root/src/inc/securityutil.h
blob: 3a327203b108dbb142cf0331f29c82d59e1a7b92 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

//
// Copyright (c) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//


#ifndef SECURITYUTIL_H
#define SECURITYUTIL_H

#include "winnt.h"

// Security utility class. This is currently used by the debugger right-side and dbgshim to figure out the 
// SECURITY_ATTRIBUTES to use on various IPC objects (named events, etc.).
// This is pretty debugger specific, and so perhaps doesn't actually belong in utilcode (that's just the most
// convenient way to share it between mscordbi and dbgshim.dll).  This is also a pretty big mess.  All of 
// this ACL craziness is already gone in Arrowhead, so it's not a high priority to clean this up.
class SecurityUtil
{
public:

    //
    // This will generate ACL containing the current process and 
    // an allowed ACE on the target process of the given pid.
    //
    // Host should free returned *ppACL by calling FreeACL
    //
    static HRESULT GetACLOfPid(DWORD pid, PACL *ppACL);
    
    static void FreeACL(PACL pACL);

    static HRESULT GetMandatoryLabelFromProcess(HANDLE hProcess, LPBYTE * ppbLabel);
    static DWORD * GetIntegrityLevelFromMandatorySID(PSID psidIntegrityLevelLabel);

    // instance functions. SecurityUtil is used to minimized memory allocation when converting
    // pACL to SECURITY_ATTRIBUTES
    // The needed memory to hold SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR are embedded
    // in the SecurityUtil instance. 
    // 
    SecurityUtil(PACL pACL);
    ~SecurityUtil();
    HRESULT Init();
    HRESULT Init(HANDLE pid);
    HRESULT GetSA(SECURITY_ATTRIBUTES **PPSA);
private:
    HRESULT SetSecurityDescriptorMandatoryLabel(PSID psidIntegrityLevelLabel);
    SECURITY_ATTRIBUTES m_SA;
    SECURITY_DESCRIPTOR m_SD;
    PACL                m_pACL;
    // Saved by SetSecurityDescriptorMandatoryLabel so that the memory can be deleted properly
    PACL                m_pSacl;
    bool                m_fInitialized;
};

#endif // !SECURITYUTIL_H
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 14:26:49 +0000