Skip to content

Commit

Permalink
Add PhIsTokenFullTrustAppPackage
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmex
dmex committed Jun 26, 2021
1 parent 67701a8 commit 103da94
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
41 changes: 41 additions & 0 deletions phlib/appresolver.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,47 @@ PPH_STRING PhGetProcessPackageFullName(
return packageName;
}

BOOLEAN PhIsTokenFullTrustAppPackage(
_In_ HANDLE TokenHandle
)
{
static PH_STRINGREF attributeName = PH_STRINGREF_INIT(L"WIN://SYSAPPID");
PTOKEN_SECURITY_ATTRIBUTES_INFORMATION info;
BOOLEAN tokenIsAppContainer = FALSE;
BOOLEAN tokenHasAppId = FALSE;

if (NT_SUCCESS(PhGetTokenIsAppContainer(TokenHandle, &tokenIsAppContainer)))
{
if (tokenIsAppContainer)
return FALSE;
}

if (NT_SUCCESS(PhQueryTokenVariableSize(TokenHandle, TokenSecurityAttributes, &info)))
{
for (ULONG i = 0; i < info->AttributeCount; i++)
{
PTOKEN_SECURITY_ATTRIBUTE_V1 attribute = &info->Attribute.pAttributeV1[i];

if (attribute->ValueType == TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING)
{
PH_STRINGREF attributeNameSr;

PhUnicodeStringToStringRef(&attribute->Name, &attributeNameSr);

if (PhEqualStringRef(&attributeNameSr, &attributeName, FALSE))
{
tokenHasAppId = TRUE;
break;
}
}
}

PhFree(info);
}

return tokenHasAppId;
}

BOOLEAN PhIsPackageCapabilitySid(
_In_ PSID AppContainerSid,
_In_ PSID Sid
Expand Down
4 changes: 4 additions & 0 deletions phlib/include/appresolver.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ PPH_STRING PhGetProcessPackageFullName(
_In_ HANDLE ProcessHandle
);

BOOLEAN PhIsTokenFullTrustAppPackage(
_In_ HANDLE TokenHandle
);

BOOLEAN PhIsPackageCapabilitySid(
_In_ PSID AppContainerSid,
_In_ PSID Sid
Expand Down

0 comments on commit 103da94

Please sign in to comment.