mirror of
https://github.com/microsoft/PowerToys.git
synced 2025-12-16 11:48:06 +01:00
Do not run elevated by default (#884)
Make the runner not run as elevated by default. Add a setting for "run PowerToys as elevated" and buttons to restart the process with the different elevation levels.
This commit is contained in:
Bartosz Sosnowski
committed by
GitHub
GitHub
parent
fd8fc679be
commit
619ed234a9
@@ -171,49 +171,49 @@ WindowState get_window_state(HWND hwnd) {
|
||||
return RESTORED;
|
||||
}
|
||||
|
||||
bool is_process_elevated() {
|
||||
HANDLE token = nullptr;
|
||||
bool elevated = false;
|
||||
|
||||
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
|
||||
TOKEN_ELEVATION elevation;
|
||||
DWORD size;
|
||||
if (GetTokenInformation(token, TokenElevation, &elevation, sizeof(elevation), &size)) {
|
||||
elevated = (elevation.TokenIsElevated != 0);
|
||||
}
|
||||
}
|
||||
|
||||
if (token) {
|
||||
CloseHandle(token);
|
||||
}
|
||||
|
||||
return elevated;
|
||||
}
|
||||
|
||||
bool drop_elevated_privileges() {
|
||||
HANDLE token = nullptr;
|
||||
LPCTSTR lpszPrivilege = SE_SECURITY_NAME;
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT | WRITE_OWNER, &token)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
PSID medium_sid = NULL;
|
||||
if (!::ConvertStringSidToSid(SDDL_ML_MEDIUM, &medium_sid)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
TOKEN_MANDATORY_LABEL label = { 0 };
|
||||
label.Label.Attributes = SE_GROUP_INTEGRITY;
|
||||
label.Label.Sid = medium_sid;
|
||||
DWORD size = (DWORD)sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(medium_sid);
|
||||
|
||||
BOOL result = SetTokenInformation(token, TokenIntegrityLevel, &label, size);
|
||||
LocalFree(medium_sid);
|
||||
CloseHandle(token);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
bool is_process_elevated() {
|
||||
HANDLE token = nullptr;
|
||||
bool elevated = false;
|
||||
|
||||
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
|
||||
TOKEN_ELEVATION elevation;
|
||||
DWORD size;
|
||||
if (GetTokenInformation(token, TokenElevation, &elevation, sizeof(elevation), &size)) {
|
||||
elevated = (elevation.TokenIsElevated != 0);
|
||||
}
|
||||
}
|
||||
|
||||
if (token) {
|
||||
CloseHandle(token);
|
||||
}
|
||||
|
||||
return elevated;
|
||||
}
|
||||
|
||||
bool drop_elevated_privileges() {
|
||||
HANDLE token = nullptr;
|
||||
LPCTSTR lpszPrivilege = SE_SECURITY_NAME;
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT | WRITE_OWNER, &token)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
PSID medium_sid = NULL;
|
||||
if (!::ConvertStringSidToSid(SDDL_ML_MEDIUM, &medium_sid)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
TOKEN_MANDATORY_LABEL label = { 0 };
|
||||
label.Label.Attributes = SE_GROUP_INTEGRITY;
|
||||
label.Label.Sid = medium_sid;
|
||||
DWORD size = (DWORD)sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(medium_sid);
|
||||
|
||||
BOOL result = SetTokenInformation(token, TokenIntegrityLevel, &label, size);
|
||||
LocalFree(medium_sid);
|
||||
CloseHandle(token);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
std::wstring get_process_path(DWORD pid) noexcept {
|
||||
auto process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, TRUE, pid);
|
||||
std::wstring name;
|
||||
@@ -225,12 +225,93 @@ std::wstring get_process_path(DWORD pid) noexcept {
|
||||
}
|
||||
name.resize(name_length);
|
||||
CloseHandle(process);
|
||||
}
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
std::wstring get_process_path(HWND window) noexcept {
|
||||
const static std::wstring app_frame_host = L"ApplicationFrameHost.exe";
|
||||
bool run_elevated(const std::wstring& file, const std::wstring& params) {
|
||||
SHELLEXECUTEINFOW exec_info = { 0 };
|
||||
exec_info.cbSize = sizeof(SHELLEXECUTEINFOW);
|
||||
exec_info.lpVerb = L"runas";
|
||||
exec_info.lpFile = file.c_str();
|
||||
exec_info.lpParameters = params.c_str();
|
||||
exec_info.hwnd = 0;
|
||||
exec_info.fMask = SEE_MASK_NOCLOSEPROCESS;
|
||||
exec_info.lpDirectory = 0;
|
||||
exec_info.hInstApp = 0;
|
||||
|
||||
if (ShellExecuteExW(&exec_info)) {
|
||||
return exec_info.hProcess != nullptr;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
bool run_non_elevated(const std::wstring& file, const std::wstring& params) {
|
||||
auto executable_args = file;
|
||||
if (!params.empty()) {
|
||||
executable_args += L" " + params;
|
||||
}
|
||||
|
||||
HWND hwnd = GetShellWindow();
|
||||
if (!hwnd) {
|
||||
return false;
|
||||
}
|
||||
DWORD pid;
|
||||
GetWindowThreadProcessId(hwnd, &pid);
|
||||
|
||||
winrt::handle process{ OpenProcess(PROCESS_CREATE_PROCESS, FALSE, pid) };
|
||||
if (!process) {
|
||||
return false;
|
||||
}
|
||||
|
||||
SIZE_T size = 0;
|
||||
|
||||
InitializeProcThreadAttributeList(nullptr, 1, 0, &size);
|
||||
auto pproc_buffer = std::make_unique<char[]>(size);
|
||||
auto pptal = reinterpret_cast<PPROC_THREAD_ATTRIBUTE_LIST>(pproc_buffer.get());
|
||||
|
||||
if (!InitializeProcThreadAttributeList(pptal, 1, 0, &size)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
HANDLE process_handle = process.get();
|
||||
if (!pptal || !UpdateProcThreadAttribute(pptal,
|
||||
0,
|
||||
PROC_THREAD_ATTRIBUTE_PARENT_PROCESS,
|
||||
&process_handle,
|
||||
sizeof(process_handle),
|
||||
nullptr,
|
||||
nullptr)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
STARTUPINFOEX siex = { 0 };
|
||||
siex.lpAttributeList = pptal;
|
||||
siex.StartupInfo.cb = sizeof(siex);
|
||||
|
||||
PROCESS_INFORMATION process_info = { 0 };
|
||||
auto succedded = CreateProcessW(file.c_str(),
|
||||
const_cast<LPWSTR>(executable_args.c_str()),
|
||||
nullptr,
|
||||
nullptr,
|
||||
FALSE,
|
||||
EXTENDED_STARTUPINFO_PRESENT,
|
||||
nullptr,
|
||||
nullptr,
|
||||
&siex.StartupInfo,
|
||||
&process_info);
|
||||
if (process_info.hProcess) {
|
||||
CloseHandle(process_info.hProcess);
|
||||
}
|
||||
if (process_info.hThread) {
|
||||
CloseHandle(process_info.hThread);
|
||||
}
|
||||
return succedded;
|
||||
}
|
||||
|
||||
std::wstring get_process_path(HWND window) noexcept {
|
||||
const static std::wstring app_frame_host = L"ApplicationFrameHost.exe";
|
||||
DWORD pid{};
|
||||
GetWindowThreadProcessId(window, &pid);
|
||||
auto name = get_process_path(pid);
|
||||
@@ -254,19 +335,29 @@ std::wstring get_process_path(HWND window) noexcept {
|
||||
if (new_pid != pid) {
|
||||
return get_process_path(new_pid);
|
||||
}
|
||||
}
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
std::wstring get_product_version() {
|
||||
static std::wstring version = std::to_wstring(VERSION_MAJOR) +
|
||||
L"." + std::to_wstring(VERSION_MINOR) +
|
||||
L"." + std::to_wstring(VERSION_REVISION) +
|
||||
L"." + std::to_wstring(VERSION_BUILD);
|
||||
|
||||
return version;
|
||||
}
|
||||
|
||||
std::wstring get_product_version() {
|
||||
static std::wstring version = std::to_wstring(VERSION_MAJOR) +
|
||||
L"." + std::to_wstring(VERSION_MINOR) +
|
||||
L"." + std::to_wstring(VERSION_REVISION) +
|
||||
L"." + std::to_wstring(VERSION_BUILD);
|
||||
|
||||
return version;
|
||||
}
|
||||
|
||||
std::wstring get_resource_string(UINT resource_id, HINSTANCE instance, const wchar_t* fallback) {
|
||||
wchar_t* text_ptr;
|
||||
auto length = LoadStringW(instance, resource_id, reinterpret_cast<wchar_t*>(&text_ptr), 0);
|
||||
if (length == 0) {
|
||||
return fallback;
|
||||
} else {
|
||||
return { text_ptr, static_cast<std::size_t>(length) };
|
||||
}
|
||||
}
|
||||
|
||||
std::wstring get_module_filename(HMODULE mod)
|
||||
{
|
||||
wchar_t buffer[MAX_PATH + 1];
|
||||
|
||||
Reference in New Issue
Block a user