#define OPENCL_ICD_LOADER_VERSION_MAJOR 2
#define OPENCL_ICD_LOADER_VERSION_MINOR 2
-#define OPENCL_ICD_LOADER_VERSION_REV 3
+#define OPENCL_ICD_LOADER_VERSION_REV 4
#ifdef RC_INVOKED
* OpenCL is a trademark of Apple Inc. used under license by Khronos.
*/
+#include <icd.h>
+#include <stdbool.h>
#include <windows.h>
char *khrIcd_getenv(const char *name) {
return retVal;
}
+static bool khrIcd_IsHighIntegrityLevel()
+{
+ bool isHighIntegrityLevel = false;
+
+ HANDLE processToken;
+ if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &processToken)) {
+ // Maximum possible size of SID_AND_ATTRIBUTES is maximum size of a SID + size of attributes DWORD.
+ char mandatoryLabelBuffer[SECURITY_MAX_SID_SIZE + sizeof(DWORD)] = {0};
+ DWORD bufferSize;
+ if (GetTokenInformation(processToken, TokenIntegrityLevel, mandatoryLabelBuffer, sizeof(mandatoryLabelBuffer),
+ &bufferSize) != 0) {
+ const TOKEN_MANDATORY_LABEL* mandatoryLabel = (const TOKEN_MANDATORY_LABEL*)(mandatoryLabelBuffer);
+ const DWORD subAuthorityCount = *GetSidSubAuthorityCount(mandatoryLabel->Label.Sid);
+ const DWORD integrityLevel = *GetSidSubAuthority(mandatoryLabel->Label.Sid, subAuthorityCount - 1);
+
+ isHighIntegrityLevel = integrityLevel > SECURITY_MANDATORY_MEDIUM_RID;
+ }
+
+ CloseHandle(processToken);
+ }
+
+ return isHighIntegrityLevel;
+}
+
char *khrIcd_secure_getenv(const char *name) {
+ if (khrIcd_IsHighIntegrityLevel()) {
+ KHR_ICD_TRACE("Running at a high integrity level, so secure_getenv is returning NULL\n");
+ return NULL;
+ }
+
return khrIcd_getenv(name);
}
projects / platform / upstream / OpenCL-ICD-Loader.git / commitdiff