GetLastError());
}
lock_file = CreateFile(lock_filename,
- GENERIC_READ | GENERIC_WRITE,
- 0, // No share
- NULL,
- CREATE_ALWAYS,
- FILE_ATTRIBUTE_NORMAL | FILE_FLAG_DELETE_ON_CLOSE,
- NULL);
+ GENERIC_READ | GENERIC_WRITE,
+ 0, // No share
+ NULL,
+ CREATE_ALWAYS,
+ FILE_ATTRIBUTE_NORMAL | FILE_FLAG_DELETE_ON_CLOSE,
+ NULL);
if (lock_file == INVALID_HANDLE_VALUE) {
DWORD error = GetLastError();
// On Windows, the file opened by CreateFile has exclusive lock
fname = g_strdup_printf("%s.lck", sdcard);
h = CreateFile(fname,
- GENERIC_READ,
- 0, // No share
- NULL,
- CREATE_ALWAYS,
- FILE_ATTRIBUTE_NORMAL | FILE_FLAG_DELETE_ON_CLOSE,
- NULL);
+ GENERIC_READ,
+ 0, // No share
+ NULL,
+ CREATE_ALWAYS,
+ FILE_ATTRIBUTE_NORMAL | FILE_FLAG_DELETE_ON_CLOSE,
+ NULL);
if (h == INVALID_HANDLE_VALUE) {
LOG_WARNING("Failed to CreateFile a sdcard lock file: %d\n",
/* Opens above key to query the current version */
res = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
- strKey,
- 0,
- KEY_QUERY_VALUE |
- MY_KEY_WOW64_64KEY,
- &hKey);
+ strKey,
+ 0,
+ KEY_QUERY_VALUE |
+ MY_KEY_WOW64_64KEY,
+ &hKey);
if (res != ERROR_SUCCESS) {
LOG_WARNING("Java Runtime Environment key not found\n");
goto javahome_not_found;
/* Queries for the current version */
res = RegQueryValueEx(hKey,
- "CurrentVersion",
- NULL,
- NULL,
- (LPBYTE)strVersion,
- &dwBufLen);
+ "CurrentVersion",
+ NULL,
+ NULL,
+ (LPBYTE)strVersion,
+ &dwBufLen);
RegCloseKey(hKey);
if (res != ERROR_SUCCESS) {
LOG_WARNING("JRE CurrentVersion not found\n");
/* Opens above key to query the JavaHome */
res = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
- strKey,
- 0,
- KEY_QUERY_VALUE |
- MY_KEY_WOW64_64KEY,
- &hKey);
+ strKey,
+ 0,
+ KEY_QUERY_VALUE |
+ MY_KEY_WOW64_64KEY,
+ &hKey);
if (res == ERROR_SUCCESS) {
/* Queries for the JavaHome */
dwBufLen = PATH_MAX;
*java_path = current_java_path;
}
+
+bool check_integrity_level_and_respawn(void)
+{
+ BOOL bResult = false;
+ HANDLE hToken = NULL;
+ HANDLE hNewToken = NULL;
+ PSID pIntegritySid = NULL;
+ TOKEN_MANDATORY_LABEL TIL = { { 0, }, };
+ PTOKEN_MANDATORY_LABEL pTIL = NULL;
+ PROCESS_INFORMATION ProcInfo = { 0, };
+ STARTUPINFO StartupInfo = { 0, };
+ SID_IDENTIFIER_AUTHORITY
+ MLAuthority = { SECURITY_MANDATORY_LABEL_AUTHORITY };
+ DWORD dwIntegrityLevel, dwSize = 0;
+
+ if(!OpenProcessToken(GetCurrentProcess(),
+ TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY |
+ TOKEN_ASSIGN_PRIMARY, &hToken)) {
+ LOG_WARNING("OpenProcessToken Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize)) {
+ DWORD dwResult = GetLastError();
+ if (dwResult != ERROR_INSUFFICIENT_BUFFER) {
+ LOG_WARNING("GetTokenInformation Error %lu\n", dwResult);
+ goto CleanExit;
+ }
+ }
+
+ pTIL = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0, dwSize);
+ if (!pTIL) {
+ LOG_WARNING("LocalAlloc Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ if (!GetTokenInformation(hToken, TokenIntegrityLevel, pTIL,
+ dwSize, &dwSize)) {
+ LOG_WARNING("GetTokenInformation Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid,
+ (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid) - 1));
+
+ if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID &&
+ dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID) {
+ // We have medium integrity level. So keep going on.
+ goto CleanExit;
+ }
+
+ LOG_INFO("Running with elevated integrity level. Try to respawn.\n");
+
+ if (!DuplicateTokenEx(hToken, 0, NULL, SecurityImpersonation,
+ TokenPrimary, &hNewToken)) {
+ LOG_WARNING("DuplicateTokenEx Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ if (!AllocateAndInitializeSid(&MLAuthority, 1, SECURITY_MANDATORY_MEDIUM_RID,
+ 0, 0, 0, 0, 0, 0, 0, &pIntegritySid)) {
+ LOG_WARNING("AllocateAndInitializeSid Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ TIL.Label.Attributes = SE_GROUP_INTEGRITY;
+ TIL.Label.Sid = pIntegritySid;
+
+ if (!SetTokenInformation(hNewToken,
+ TokenIntegrityLevel,
+ &TIL,
+ sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid))) {
+ LOG_WARNING("SetTokenInformation Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ if (!CreateProcessAsUser(hNewToken, 0, GetCommandLine(),
+ NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcInfo)) {
+ LOG_WARNING( "CreateProcessAsUser Error %lu\n", GetLastError());
+ goto CleanExit;
+ }
+
+ LOG_INFO("Respawning success. Waiting for child process.\n");
+ bResult = true;
+ WaitForSingleObject(ProcInfo.hProcess, INFINITE);
+
+CleanExit:
+ if (ProcInfo.hProcess != NULL) {
+ CloseHandle(ProcInfo.hProcess);
+ }
+
+ if (ProcInfo.hThread != NULL) {
+ CloseHandle(ProcInfo.hThread);
+ }
+
+ if (pIntegritySid != NULL) {
+ LocalFree(pIntegritySid);
+ }
+
+ if (hNewToken != NULL) {
+ CloseHandle(hNewToken);
+ }
+
+ if (hToken != NULL) {
+ CloseHandle(hToken);
+ }
+
+ if (pTIL != NULL) {
+ LocalFree(pTIL);
+ }
+
+ return bResult;
+}
+