win/src/acl.cc - chromium/src/sandbox - Git at Google

 // Copyright 2012 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "sandbox/win/src/acl.h"

 #include <windows.h>

 #include "base/notreached.h"

 namespace sandbox {

 std::optional<DWORD> GetIntegrityLevelRid(IntegrityLevel integrity_level) {
   switch (integrity_level) {
     case INTEGRITY_LEVEL_SYSTEM:
       return DWORD{SECURITY_MANDATORY_SYSTEM_RID};
     case INTEGRITY_LEVEL_HIGH:
       return DWORD{SECURITY_MANDATORY_HIGH_RID};
     case INTEGRITY_LEVEL_MEDIUM:
       return DWORD{SECURITY_MANDATORY_MEDIUM_RID};
     case INTEGRITY_LEVEL_MEDIUM_LOW:
       return DWORD{SECURITY_MANDATORY_MEDIUM_RID - 2048};
     case INTEGRITY_LEVEL_LOW:
       return DWORD{SECURITY_MANDATORY_LOW_RID};
     case INTEGRITY_LEVEL_BELOW_LOW:
       return DWORD{SECURITY_MANDATORY_LOW_RID - 2048};
     case INTEGRITY_LEVEL_UNTRUSTED:
       return DWORD{SECURITY_MANDATORY_UNTRUSTED_RID};
     case INTEGRITY_LEVEL_LAST:
       return std::nullopt;
   }

   NOTREACHED();
   return std::nullopt;
 }

 DWORD SetObjectIntegrityLabel(HANDLE handle,
                               base::win::SecurityObjectType object_type,
                               DWORD mandatory_policy,
                               IntegrityLevel integrity_level) {
   std::optional<DWORD> value = GetIntegrityLevelRid(integrity_level);
   if (!value) {
     return ERROR_INVALID_SID;
   }

   base::win::SecurityDescriptor sd;
   if (!sd.SetMandatoryLabel(*value, 0, mandatory_policy)) {
     return ::GetLastError();
   }

   if (!sd.WriteToHandle(handle, object_type, LABEL_SECURITY_INFORMATION)) {
     return ::GetLastError();
   }

   return ERROR_SUCCESS;
 }

 }  // namespace sandbox
	// Copyright 2012 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "sandbox/win/src/acl.h"

	#include <windows.h>

	#include "base/notreached.h"

	namespace sandbox {

	std::optional<DWORD> GetIntegrityLevelRid(IntegrityLevel integrity_level) {
	switch (integrity_level) {
	case INTEGRITY_LEVEL_SYSTEM:
	return DWORD{SECURITY_MANDATORY_SYSTEM_RID};
	case INTEGRITY_LEVEL_HIGH:
	return DWORD{SECURITY_MANDATORY_HIGH_RID};
	case INTEGRITY_LEVEL_MEDIUM:
	return DWORD{SECURITY_MANDATORY_MEDIUM_RID};
	case INTEGRITY_LEVEL_MEDIUM_LOW:
	return DWORD{SECURITY_MANDATORY_MEDIUM_RID - 2048};
	case INTEGRITY_LEVEL_LOW:
	return DWORD{SECURITY_MANDATORY_LOW_RID};
	case INTEGRITY_LEVEL_BELOW_LOW:
	return DWORD{SECURITY_MANDATORY_LOW_RID - 2048};
	case INTEGRITY_LEVEL_UNTRUSTED:
	return DWORD{SECURITY_MANDATORY_UNTRUSTED_RID};
	case INTEGRITY_LEVEL_LAST:
	return std::nullopt;
	}

	NOTREACHED();
	return std::nullopt;
	}

	DWORD SetObjectIntegrityLabel(HANDLE handle,
	base::win::SecurityObjectType object_type,
	DWORD mandatory_policy,
	IntegrityLevel integrity_level) {
	std::optional<DWORD> value = GetIntegrityLevelRid(integrity_level);
	if (!value) {
	return ERROR_INVALID_SID;
	}

	base::win::SecurityDescriptor sd;
	if (!sd.SetMandatoryLabel(*value, 0, mandatory_policy)) {
	return ::GetLastError();
	}

	if (!sd.WriteToHandle(handle, object_type, LABEL_SECURITY_INFORMATION)) {
	return ::GetLastError();
	}

	return ERROR_SUCCESS;
	}

	} // namespace sandbox