1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #include "base/process/process_info.h" 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker #include <windows.h> 8*6777b538SAndroid Build Coastguard Worker 9*6777b538SAndroid Build Coastguard Worker #include <optional> 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker #include "base/logging.h" 12*6777b538SAndroid Build Coastguard Worker #include "base/notreached.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/win/access_token.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace base { 16*6777b538SAndroid Build Coastguard Worker GetCurrentProcessIntegrityLevel()17*6777b538SAndroid Build Coastguard WorkerIntegrityLevel GetCurrentProcessIntegrityLevel() { 18*6777b538SAndroid Build Coastguard Worker std::optional<base::win::AccessToken> token = 19*6777b538SAndroid Build Coastguard Worker base::win::AccessToken::FromCurrentProcess(); 20*6777b538SAndroid Build Coastguard Worker if (!token) { 21*6777b538SAndroid Build Coastguard Worker PLOG(ERROR) << "AccessToken::FromCurrentProcess() failed"; 22*6777b538SAndroid Build Coastguard Worker return INTEGRITY_UNKNOWN; 23*6777b538SAndroid Build Coastguard Worker } 24*6777b538SAndroid Build Coastguard Worker DWORD integrity_level = token->IntegrityLevel(); 25*6777b538SAndroid Build Coastguard Worker 26*6777b538SAndroid Build Coastguard Worker if (integrity_level < SECURITY_MANDATORY_LOW_RID) 27*6777b538SAndroid Build Coastguard Worker return UNTRUSTED_INTEGRITY; 28*6777b538SAndroid Build Coastguard Worker 29*6777b538SAndroid Build Coastguard Worker if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) 30*6777b538SAndroid Build Coastguard Worker return LOW_INTEGRITY; 31*6777b538SAndroid Build Coastguard Worker 32*6777b538SAndroid Build Coastguard Worker if (integrity_level < SECURITY_MANDATORY_HIGH_RID) 33*6777b538SAndroid Build Coastguard Worker return MEDIUM_INTEGRITY; 34*6777b538SAndroid Build Coastguard Worker 35*6777b538SAndroid Build Coastguard Worker if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) 36*6777b538SAndroid Build Coastguard Worker return HIGH_INTEGRITY; 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker NOTREACHED(); 39*6777b538SAndroid Build Coastguard Worker return INTEGRITY_UNKNOWN; 40*6777b538SAndroid Build Coastguard Worker } 41*6777b538SAndroid Build Coastguard Worker IsCurrentProcessElevated()42*6777b538SAndroid Build Coastguard Workerbool IsCurrentProcessElevated() { 43*6777b538SAndroid Build Coastguard Worker std::optional<base::win::AccessToken> token = 44*6777b538SAndroid Build Coastguard Worker base::win::AccessToken::FromCurrentProcess(); 45*6777b538SAndroid Build Coastguard Worker if (!token) { 46*6777b538SAndroid Build Coastguard Worker PLOG(ERROR) << "AccessToken::FromCurrentProcess() failed"; 47*6777b538SAndroid Build Coastguard Worker return false; 48*6777b538SAndroid Build Coastguard Worker } 49*6777b538SAndroid Build Coastguard Worker return token->IsElevated(); 50*6777b538SAndroid Build Coastguard Worker } 51*6777b538SAndroid Build Coastguard Worker IsCurrentProcessInAppContainer()52*6777b538SAndroid Build Coastguard Workerbool IsCurrentProcessInAppContainer() { 53*6777b538SAndroid Build Coastguard Worker std::optional<base::win::AccessToken> token = 54*6777b538SAndroid Build Coastguard Worker base::win::AccessToken::FromCurrentProcess(); 55*6777b538SAndroid Build Coastguard Worker if (!token) { 56*6777b538SAndroid Build Coastguard Worker PLOG(ERROR) << "AccessToken::FromCurrentProcess() failed"; 57*6777b538SAndroid Build Coastguard Worker return false; 58*6777b538SAndroid Build Coastguard Worker } 59*6777b538SAndroid Build Coastguard Worker return token->IsAppContainer(); 60*6777b538SAndroid Build Coastguard Worker } 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker } // namespace base 63