Home | History | Annotate | Download | only in lib 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 //
      5 // Mutex to guarantee serialization of RLZ key accesses.
      6 
      7 #include "rlz/win/lib/lib_mutex.h"
      8 
      9 #include <windows.h>
     10 #include <Sddl.h>    // For SDDL_REVISION_1, ConvertStringSecurityDescript..
     11 #include <Aclapi.h>  // For SetSecurityInfo
     12 
     13 #include "base/logging.h"
     14 #include "base/win/windows_version.h"
     15 
     16 namespace {
     17 
     18 const wchar_t kMutexName[] = L"{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}";
     19 
     20 }  // namespace anonymous
     21 
     22 namespace rlz_lib {
     23 
     24 // Needed to allow synchronization across integrity levels.
     25 static bool SetObjectToLowIntegrity(HANDLE object,
     26     SE_OBJECT_TYPE type = SE_KERNEL_OBJECT) {
     27   if (base::win::GetVersion() < base::win::VERSION_VISTA)
     28     return true;  // Not needed on XP.
     29 
     30   // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity.
     31   static const wchar_t kLowIntegritySddlSacl[] = L"S:(ML;;NW;;;LW)";
     32 
     33   bool result = false;
     34   DWORD error = ERROR_SUCCESS;
     35   PSECURITY_DESCRIPTOR security_descriptor = NULL;
     36   PACL sacl = NULL;
     37   BOOL sacl_present = FALSE;
     38   BOOL sacl_defaulted = FALSE;
     39 
     40   if (ConvertStringSecurityDescriptorToSecurityDescriptorW(
     41           kLowIntegritySddlSacl, SDDL_REVISION_1, &security_descriptor, NULL)) {
     42     if (GetSecurityDescriptorSacl(security_descriptor, &sacl_present,
     43             &sacl, &sacl_defaulted)) {
     44       error = SetSecurityInfo(object, type, LABEL_SECURITY_INFORMATION,
     45                               NULL, NULL, NULL, sacl);
     46       result = (ERROR_SUCCESS == error);
     47     }
     48     LocalFree(security_descriptor);
     49   }
     50 
     51   return result;
     52 }
     53 
     54 LibMutex::LibMutex() : acquired_(false), mutex_(NULL) {
     55   mutex_ = CreateMutex(NULL, false, kMutexName);
     56   bool result = SetObjectToLowIntegrity(mutex_);
     57   if (result) {
     58     acquired_ = (WAIT_OBJECT_0 == WaitForSingleObject(mutex_, 5000L));
     59   }
     60 }
     61 
     62 LibMutex::~LibMutex() {
     63   if (acquired_) ReleaseMutex(mutex_);
     64   CloseHandle(mutex_);
     65 }
     66 
     67 }  // namespace rlz_lib
     68