Exemple #1
0
        private SafeProcThreadAttributeList AllocateAttributeList()
        {
            using (var localDisposalEscrow = new DisposalEscrow())
            {
                SECURITY_CAPABILITIES securityCapabilities = new SECURITY_CAPABILITIES();
                this.SetSecurityCapabilities(
                    ref securityCapabilities,
                    this.securityIdentifierHandle,
                    new WELL_KNOWN_SID_TYPE[] { WELL_KNOWN_SID_TYPE.WinCapabilityInternetClientSid });

                var attributeListHandle        = localDisposalEscrow.Add(new SafeProcThreadAttributeList(1));
                var securityCapabilitiesMemory = localDisposalEscrow.Add(new SafeHGlobalBuffer(Marshal.SizeOf(securityCapabilities)));

                Marshal.StructureToPtr(securityCapabilities, securityCapabilitiesMemory.DangerousGetHandle(), fDeleteOld: false);

                if (!Methods.UpdateProcThreadAttribute(
                        attributeListHandle.DangerousGetHandle(),
                        dwFlags: 0,
                        attribute: PROC_THREAD_ATTRIBUTES.PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES,
                        securityCapabilitiesMemory.DangerousGetHandle(),
                        securityCapabilitiesMemory.Size,
                        lpPreviousValue: IntPtr.Zero,
                        lpReturnSize: IntPtr.Zero))
                {
                    throw new SandboxException(
                              $"Failed to update proc thread attribute list (0x{Marshal.GetLastWin32Error():X08})",
                              new Win32Exception());;
                }

                this.disposalEscrow.Subsume(localDisposalEscrow);
                return(attributeListHandle);
            }
        }
Exemple #2
0
        private void SetSecurityCapabilities(
            ref SECURITY_CAPABILITIES securityCapabilities,
            SafeSecurityIdentifier appContainerSid,
            WELL_KNOWN_SID_TYPE[] appCapabilities)
        {
            using (var localDisposalEscrow = new DisposalEscrow())
            {
                securityCapabilities.AppContainerSid = appContainerSid.DangerousGetHandle();
                securityCapabilities.Capabilities    = IntPtr.Zero;
                securityCapabilities.CapabilityCount = 0;
                securityCapabilities.Reserved        = 0;

                if (appCapabilities != null && appCapabilities.Length > 0)
                {
                    var attributesMemory = localDisposalEscrow.Add(new SafeHGlobalBuffer(Marshal.SizeOf(typeof(SID_AND_ATTRIBUTES)) * appCapabilities.Length));

                    for (int i = 0; i < appCapabilities.Length; i++)
                    {
                        Int32 sidSize = Constants.SECURITY_MAX_SID_SIZE;

                        var safeMemory = localDisposalEscrow.Add(new SafeHGlobalBuffer(sidSize));

                        if (!Methods.CreateWellKnownSid(appCapabilities[i], IntPtr.Zero, safeMemory, ref sidSize))
                        {
                            throw new SandboxException(
                                      "Unable to create well known sid.",
                                      new Win32Exception());
                        }

                        var attribute = new SID_AND_ATTRIBUTES
                        {
                            Attributes = SID_ATTRIBUTES.SE_GROUP_ENABLED,
                            Sid        = safeMemory.DangerousGetHandle(),
                        };

                        Marshal.StructureToPtr(attribute, IntPtr.Add(attributesMemory.DangerousGetHandle(), i * Marshal.SizeOf(typeof(SID_AND_ATTRIBUTES))), fDeleteOld: false);
                    }

                    securityCapabilities.Capabilities    = attributesMemory.DangerousGetHandle();
                    securityCapabilities.CapabilityCount = appCapabilities.Length;
                }

                this.disposalEscrow.Subsume(localDisposalEscrow);
            }
        }