runner: initialize COM security, so toast notifications work in elevated context from non-admin account (#5314)

src/common/comUtils.cpp

@@ -0,0 +1,67 @@
+#include "pch.h"
+
+#include <Sddl.h>
+
+#include <wil/resource.h>
+
+#include "comUtils.h"
+#include "common.h"
+
+bool initializeCOMSecurity(const wchar_t* securityDescriptor)
+{
+    PSECURITY_DESCRIPTOR self_relative_sd{};
+    if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(securityDescriptor, SDDL_REVISION_1, &self_relative_sd, nullptr))
+    {
+        return false;
+    }
+
+    auto free_relative_sd = wil::scope_exit([&] {
+        LocalFree(self_relative_sd);
+    });
+
+    DWORD absolute_sd_size = 0;
+    DWORD dacl_size = 0;
+    DWORD group_size = 0;
+    DWORD owner_size = 0;
+    DWORD sacl_size = 0;
+
+    if (!MakeAbsoluteSD(self_relative_sd, nullptr, &absolute_sd_size, nullptr, &dacl_size, nullptr, &sacl_size, nullptr, &owner_size, nullptr, &group_size))
+    {
+        if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+        {
+            return false;
+        }
+    }
+
+    typed_storage<SECURITY_DESCRIPTOR> absolute_sd{ absolute_sd_size };
+    typed_storage<ACL> dacl{ dacl_size };
+    typed_storage<ACL> sacl{ sacl_size };
+    typed_storage<SID> owner{ owner_size };
+    typed_storage<SID> group{ group_size };
+
+    if (!MakeAbsoluteSD(self_relative_sd,
+                        absolute_sd,
+                        &absolute_sd_size,
+                        dacl,
+                        &dacl_size,
+                        sacl,
+                        &sacl_size,
+                        owner,
+                        &owner_size,
+                        group,
+                        &group_size))
+    {
+        return false;
+    }
+
+    return !FAILED(CoInitializeSecurity(
+        absolute_sd,
+        -1,
+        nullptr,
+        nullptr,
+        RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
+        RPC_C_IMP_LEVEL_IDENTIFY,
+        nullptr,
+        EOAC_DYNAMIC_CLOAKING | EOAC_DISABLE_AAA,
+        nullptr));
+}

src/common/comUtils.h

@@ -0,0 +1,3 @@
+#pragma once
+
+bool initializeCOMSecurity(const wchar_t* securityDescriptor);

src/common/common.h

@@ -116,19 +116,6 @@ struct typed_storage
     }
 };
 
-template<typename Callable>
-struct on_scope_exit
-{
-    Callable _f;
-    on_scope_exit(Callable f) :
-        _f{ std::move(f) } {}
-
-    ~on_scope_exit()
-    {
-        _f();
-    }
-};
-
 template<class... Ts>
 struct overloaded : Ts...
 {

src/common/common.vcxproj

@@ -120,6 +120,7 @@
     <ClInclude Include="animation.h" />
     <ClInclude Include="appMutex.h" />
     <ClInclude Include="async_message_queue.h" />
+    <ClInclude Include="comUtils.h" />
     <ClInclude Include="d2d_svg.h" />
     <ClInclude Include="d2d_text.h" />
     <ClInclude Include="d2d_window.h" />
@@ -159,6 +160,7 @@
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="animation.cpp" />
+    <ClCompile Include="comUtils.cpp" />
     <ClCompile Include="d2d_svg.cpp" />
     <ClCompile Include="d2d_text.cpp" />
     <ClCompile Include="d2d_window.cpp" />

src/common/common.vcxproj.filters

@@ -129,6 +129,9 @@
     <ClInclude Include="processApi.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="comUtils.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>    
     <ClInclude Include="LowlevelKeyboardEvent.h">
       <Filter>Header Files</Filter>
     </ClInclude>
@@ -213,8 +216,11 @@
     <ClCompile Include="RcResource.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="comUtils.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="packages.config" />
   </ItemGroup>
-</Project>
+</Project>