fix(ipc): grant access to IE protected mode

WeaselIPCServer/SecurityAttribute.cpp

@@ -1,70 +1,18 @@
 #include "stdafx.h"
 #include "SecurityAttribute.h"
-
-#define SECURITY_APP_PACKAGE_AUTHORITY              {0,0,0,0,0,15}
-#define SECURITY_APP_PACKAGE_BASE_RID               (0x00000002L)
-#define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT      (2L)
-#define SECURITY_APP_PACKAGE_RID_COUNT              (8L)
-#define SECURITY_CAPABILITY_BASE_RID                (0x00000003L)
-#define SECURITY_BUILTIN_CAPABILITY_RID_COUNT       (2L)
-#define SECURITY_CAPABILITY_RID_COUNT               (5L)
-#define SECURITY_PARENT_PACKAGE_RID_COUNT           (SECURITY_APP_PACKAGE_RID_COUNT)
-#define SECURITY_CHILD_PACKAGE_RID_COUNT            (12L)
-#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE        (0x00000001L)
+#include <Sddl.h>
 
 namespace weasel {
 
 	void SecurityAttribute::_Init()
 	{
-		memset(&ea, 0, sizeof(ea));
-
-		// 对一般 desktop APP 的权限设置
-
-		SID_IDENTIFIER_AUTHORITY worldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
-		AllocateAndInitializeSid(&worldSidAuthority, 1,
-			SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &sid_everyone);
-
-		ea[0].grfAccessPermissions = GENERIC_ALL;
-		ea[0].grfAccessMode = SET_ACCESS;
-		ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-		ea[0].Trustee.pMultipleTrustee = NULL;
-		ea[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-		ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-		ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-		ea[0].Trustee.ptstrName = (LPTSTR)sid_everyone;
-
-		// 对 winrt (UWP) APP 的权限设置
-		//
-		// Application Package Authority.
-		//
-
-
-		SID_IDENTIFIER_AUTHORITY appPackageAuthority = SECURITY_APP_PACKAGE_AUTHORITY;
-		AllocateAndInitializeSid(&appPackageAuthority,
-			SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT,
-			SECURITY_APP_PACKAGE_BASE_RID,
-			SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE,
-			0, 0, 0, 0, 0, 0, &sid_all_apps);
-
-		ea[1].grfAccessPermissions = GENERIC_ALL;
-		ea[1].grfAccessMode = SET_ACCESS;
-		ea[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
-		ea[1].Trustee.pMultipleTrustee = NULL;
-		ea[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-		ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-		ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
-		ea[1].Trustee.ptstrName = (LPTSTR)sid_all_apps;
-
-		// create DACL
-		DWORD err = SetEntriesInAcl(2, ea, NULL, &pacl);
-		if (0 == err) {
-			// security descriptor
-			pd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
-			InitializeSecurityDescriptor(pd, SECURITY_DESCRIPTOR_REVISION);
-
-			// Add the ACL to the security descriptor. 
-			SetSecurityDescriptorDacl(pd, TRUE, pacl, FALSE);
-		}
+		// Privilages for UWP and IE protected mode
+		// https://stackoverflow.com/questions/39138674/accessing-named-pipe-servers-from-within-ie-epm-bho
+		ConvertStringSecurityDescriptorToSecurityDescriptorW(
+			L"S:(ML;;NW;;;LW)D:(A;;FA;;;SY)(A;;FA;;;WD)(A;;FA;;;AC)",
+			SDDL_REVISION_1,
+			&pd,
+			NULL);
 
 		sa.nLength = sizeof(SECURITY_ATTRIBUTES);
 		sa.lpSecurityDescriptor = pd;

WeaselIPCServer/SecurityAttribute.h

@@ -7,10 +7,6 @@ namespace weasel {
 	private:
 		PSECURITY_DESCRIPTOR pd;
 		SECURITY_ATTRIBUTES sa;
-		PACL pacl;
-		EXPLICIT_ACCESS ea[2];
-		PSID sid_everyone;
-		PSID sid_all_apps;
 		void _Init();
 	public:
 		SecurityAttribute() { _Init(); }

WeaselIPCServer/WeaselServerImpl.cpp

@@ -109,17 +109,6 @@ int ServerImpl::Start()
 
 	HWND hwnd = Create(NULL);
 
-	// 使用「消息免疫過濾」繞過IE9的用戶界面特權隔離機制
-	if (IsWindowsVistaOrGreater())
-	{
-		using PCWMF = BOOL (WINAPI *)(UINT, DWORD);
-		PCWMF ChangeWindowMessageFilter = (PCWMF)::GetProcAddress(m_hUser32Module, "ChangeWindowMessageFilter");
-		for (UINT cmd = WEASEL_IPC_ECHO; cmd < WEASEL_IPC_LAST_COMMAND; ++cmd)
-		{
-			ChangeWindowMessageFilter(cmd, MSGFLT_ADD);
-		}
-	}
-
 	return (int)hwnd;
 }