Move GetProcessIntegrityLevel to file_info.h and remove the handle ar…

…gument.

BUG=417532

Review URL: https://codereview.chromium.org/921913002

Cr-Commit-Position: refs/heads/master@{#316242}

base/process/process_handle.h

@@ -40,27 +40,12 @@ BASE_EXPORT ProcessId GetCurrentProcId();
 // Returns the ProcessHandle of the current process.
 BASE_EXPORT ProcessHandle GetCurrentProcessHandle();
 
-
-
 // Returns the unique ID for the specified process. This is functionally the
 // same as Windows' GetProcessId(), but works on versions of Windows before
 // Win XP SP1 as well.
+// DEPRECATED. New code should be using Process::Pid() instead.
 BASE_EXPORT ProcessId GetProcId(ProcessHandle process);
 
-#if defined(OS_WIN)
-enum IntegrityLevel {
-  INTEGRITY_UNKNOWN,
-  LOW_INTEGRITY,
-  MEDIUM_INTEGRITY,
-  HIGH_INTEGRITY,
-};
-// Determine the integrity level of the specified process. Returns false
-// if the system does not support integrity levels (pre-Vista) or in the case
-// of an underlying system failure.
-BASE_EXPORT bool GetProcessIntegrityLevel(ProcessHandle process,
-                                          IntegrityLevel* level);
-#endif
-
 #if defined(OS_POSIX)
 // Returns the path to the executable of the given process.
 BASE_EXPORT FilePath GetProcessExecutablePath(ProcessHandle process);

base/process/process_handle_win.cc

@@ -25,55 +25,4 @@ ProcessId GetProcId(ProcessHandle process) {
   return GetProcessId(process);
 }
 
-bool GetProcessIntegrityLevel(ProcessHandle process, IntegrityLevel *level) {
-  if (!level)
-    return false;
-
-  if (win::GetVersion() < base::win::VERSION_VISTA)
-    return false;
-
-  HANDLE process_token;
-  if (!OpenProcessToken(process, TOKEN_QUERY | TOKEN_QUERY_SOURCE,
-      &process_token))
-    return false;
-
-  win::ScopedHandle scoped_process_token(process_token);
-
-  DWORD token_info_length = 0;
-  if (GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
-                          &token_info_length) ||
-      GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-    return false;
-
-  scoped_ptr<char[]> token_label_bytes(new char[token_info_length]);
-  if (!token_label_bytes.get())
-    return false;
-
-  TOKEN_MANDATORY_LABEL* token_label =
-      reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
-  if (!token_label)
-    return false;
-
-  if (!GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
-                           token_info_length, &token_info_length))
-    return false;
-
-  DWORD integrity_level = *GetSidSubAuthority(token_label->Label.Sid,
-      (DWORD)(UCHAR)(*GetSidSubAuthorityCount(token_label->Label.Sid)-1));
-
-  if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID) {
-    *level = LOW_INTEGRITY;
-  } else if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
-      integrity_level < SECURITY_MANDATORY_HIGH_RID) {
-    *level = MEDIUM_INTEGRITY;
-  } else if (integrity_level >= SECURITY_MANDATORY_HIGH_RID) {
-    *level = HIGH_INTEGRITY;
-  } else {
-    NOTREACHED();
-    return false;
-  }
-
-  return true;
-}
-
 }  // namespace base

base/process/process_info.h

@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef BASE_PROCESS_PROCESS_PROCESS_INFO_H_
-#define BASE_PROCESS_PROCESS_PROCESS_INFO_H_
+#ifndef BASE_PROCESS_PROCESS_INFO_H_
+#define BASE_PROCESS_PROCESS_INFO_H_
 
 #include "base/base_export.h"
 #include "base/basictypes.h"
+#include "build/build_config.h"
 
 namespace base {
 
@@ -20,6 +21,24 @@ class BASE_EXPORT CurrentProcessInfo {
   static const Time CreationTime();
 };
 
+#if defined(OS_WIN)
+
+enum IntegrityLevel {
+  INTEGRITY_UNKNOWN,
+  LOW_INTEGRITY,
+  MEDIUM_INTEGRITY,
+  HIGH_INTEGRITY,
+};
+
+// Returns the integrity level of the process. Returns INTEGRITY_UNKNOWN if the
+// system does not support integrity levels (pre-Vista) or in the case of an
+// underlying system failure.
+BASE_EXPORT IntegrityLevel GetCurrentProcessIntegrityLevel();
+
+#endif  // defined(OS_WIN)
+
+
+
 }  // namespace base
 
-#endif  // BASE_PROCESS_PROCESS_PROCESS_INFO_H_
+#endif  // BASE_PROCESS_PROCESS_INFO_H_

base/process/process_info_win.cc

@@ -7,11 +7,14 @@
 #include <windows.h>
 
 #include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
+#include "base/win/scoped_handle.h"
+#include "base/win/windows_version.h"
 
 namespace base {
 
-//static
+// static
 const Time CurrentProcessInfo::CreationTime() {
   FILETIME creation_time = {};
   FILETIME ignore = {};
@@ -22,4 +25,55 @@ const Time CurrentProcessInfo::CreationTime() {
   return Time::FromFileTime(creation_time);
 }
 
+IntegrityLevel GetCurrentProcessIntegrityLevel() {
+  if (win::GetVersion() < base::win::VERSION_VISTA)
+    return INTEGRITY_UNKNOWN;
+
+  HANDLE process_token;
+  if (!::OpenProcessToken(::GetCurrentProcess(),
+                          TOKEN_QUERY | TOKEN_QUERY_SOURCE, &process_token)) {
+    return INTEGRITY_UNKNOWN;
+  }
+  win::ScopedHandle scoped_process_token(process_token);
+
+  DWORD token_info_length = 0;
+  if (::GetTokenInformation(process_token, TokenIntegrityLevel, NULL, 0,
+                            &token_info_length) ||
+      ::GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+    return INTEGRITY_UNKNOWN;
+  }
+
+  scoped_ptr<char[]> token_label_bytes(new char[token_info_length]);
+  if (!token_label_bytes.get())
+    return INTEGRITY_UNKNOWN;
+
+  TOKEN_MANDATORY_LABEL* token_label =
+      reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_label_bytes.get());
+  if (!token_label)
+    return INTEGRITY_UNKNOWN;
+
+  if (!::GetTokenInformation(process_token, TokenIntegrityLevel, token_label,
+                             token_info_length, &token_info_length)) {
+    return INTEGRITY_UNKNOWN;
+  }
+
+  DWORD integrity_level = *::GetSidSubAuthority(
+      token_label->Label.Sid,
+      static_cast<DWORD>(*::GetSidSubAuthorityCount(token_label->Label.Sid)-1));
+
+  if (integrity_level < SECURITY_MANDATORY_MEDIUM_RID)
+    return LOW_INTEGRITY;
+
+  if (integrity_level >= SECURITY_MANDATORY_MEDIUM_RID &&
+      integrity_level < SECURITY_MANDATORY_HIGH_RID) {
+    return MEDIUM_INTEGRITY;
+  }
+
+  if (integrity_level >= SECURITY_MANDATORY_HIGH_RID)
+    return HIGH_INTEGRITY;
+
+  NOTREACHED();
+  return INTEGRITY_UNKNOWN;
+}
+
 }  // namespace base

chrome/installer/util/advanced_firewall_manager_win_unittest.cc

@@ -5,7 +5,7 @@
 #include "chrome/installer/util/advanced_firewall_manager_win.h"
 
 #include "base/path_service.h"
-#include "base/process/process_handle.h"
+#include "base/process/process_info.h"
 #include "base/win/scoped_bstr.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -18,9 +18,7 @@ class AdvancedFirewallManagerTest : public ::testing::Test {
  protected:
   // Sets up the test fixture.
   virtual void SetUp() override {
-    base::IntegrityLevel level = base::INTEGRITY_UNKNOWN;
-    if (!GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level) ||
-        level != base::HIGH_INTEGRITY) {
+    if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY) {
       LOG(WARNING) << "XP or not elevated. Skipping the test.";
       return;
     };

chrome/installer/util/legacy_firewall_manager_win_unittest.cc

@@ -5,7 +5,7 @@
 #include "chrome/installer/util/legacy_firewall_manager_win.h"
 
 #include "base/path_service.h"
-#include "base/process/process_handle.h"
+#include "base/process/process_info.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace installer {
@@ -17,9 +17,7 @@ class LegacyFirewallManagerTest : public ::testing::Test {
  protected:
   // Sets up the test fixture.
   virtual void SetUp() override {
-    base::IntegrityLevel level = base::INTEGRITY_UNKNOWN;
-    if (GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level) &&
-        level != base::HIGH_INTEGRITY) {
+    if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY) {
       LOG(WARNING) << "Not elevated. Skipping the test.";
       return;
     };

cloud_print/virtual_driver/win/port_monitor/port_monitor_dll.cc

@@ -16,7 +16,7 @@
 #include "base/command_line.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
-#include "base/process/process.h"
+#include "base/process/process_info.h"
 #include "base/strings/string16.h"
 #include "base/win/registry.h"
 #include "base/win/scoped_handle.h"
@@ -55,13 +55,8 @@ bool CanRegister() {
     return false;
   }
   if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
-    base::IntegrityLevel level = base::INTEGRITY_UNKNOWN;
-    if (!GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level)) {
+    if (base::GetCurrentProcessIntegrityLevel() != base::HIGH_INTEGRITY)
       return false;
-    }
-    if (level != base::HIGH_INTEGRITY) {
-      return false;
-    }
   }
   return true;
 }

rlz/win/lib/process_info.cc

@@ -9,7 +9,7 @@
 #include <windows.h>
 
 #include "base/memory/scoped_ptr.h"
-#include "base/process/process_handle.h"
+#include "base/process/process_info.h"
 #include "base/strings/string16.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/win_util.h"
@@ -100,12 +100,13 @@ bool ProcessInfo::HasAdminRights() {
       has_rights = true;
     } else if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
       TOKEN_ELEVATION_TYPE elevation;
-      base::IntegrityLevel level;
-
-      if (SUCCEEDED(GetElevationType(&elevation)) &&
-        base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level))
-        has_rights = (elevation == TokenElevationTypeFull) ||
-                     (level == base::HIGH_INTEGRITY);
+      if (SUCCEEDED(GetElevationType(&elevation))) {
+        base::IntegrityLevel level = base::GetCurrentProcessIntegrityLevel();
+        if (level != base::INTEGRITY_UNKNOWN) {
+          has_rights = (elevation == TokenElevationTypeFull) ||
+                       (level == base::HIGH_INTEGRITY);
+        }
+      }
     } else {
       long group = 0;
       if (GetUserGroup(&group))

rlz/win/lib/registry_util.cc

@@ -7,7 +7,7 @@
 
 #include "rlz/win/lib/registry_util.h"
 
-#include "base/process/process_handle.h"
+#include "base/process/process_info.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "base/win/windows_version.h"
@@ -58,15 +58,10 @@ bool HasUserKeyAccess(bool write_access) {
   }
 
   if (write_access) {
-    if (base::win::GetVersion() < base::win::VERSION_VISTA) return true;
-    base::ProcessHandle process_handle = base::GetCurrentProcessHandle();
-    base::IntegrityLevel level = base::INTEGRITY_UNKNOWN;
+    if (base::win::GetVersion() < base::win::VERSION_VISTA)
+      return true;
 
-    if (!base::GetProcessIntegrityLevel(process_handle, &level)) {
-      ASSERT_STRING("UserKey::HasAccess: Cannot determine Integrity Level.");
-      return false;
-    }
-    if (level <= base::LOW_INTEGRITY) {
+    if (base::GetCurrentProcessIntegrityLevel() <= base::LOW_INTEGRITY) {
       ASSERT_STRING("UserKey::HasAccess: Cannot write from Low Integrity.");
       return false;
     }

win8/delegate_execute/command_execute_impl.cc

@@ -12,7 +12,6 @@
 #include "base/files/file_util.h"
 #include "base/path_service.h"
 #include "base/process/launch.h"
-#include "base/process/process_handle.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/message_window.h"
 #include "base/win/registry.h"
@@ -287,8 +286,7 @@ STDMETHODIMP CommandExecuteImpl::Initialize(LPCWSTR name,
     verb_ = name;
   }
 
-  base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(),
-                                 &integrity_level_);
+  integrity_level_ = base::GetCurrentProcessIntegrityLevel();
   return S_OK;
 }
 

win8/delegate_execute/command_execute_impl.h

@@ -12,7 +12,7 @@
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
-#include "base/process/process_handle.h"
+#include "base/process/process_info.h"
 #include "win8/delegate_execute/resource.h"       // main symbols
 
 EXTERN_C const GUID CLSID_CommandExecuteImpl;