1*1cddb830SAndroid Build Coastguard Worker /*
2*1cddb830SAndroid Build Coastguard Worker * Copyright (c) 2016-2019 The Khronos Group Inc.
3*1cddb830SAndroid Build Coastguard Worker *
4*1cddb830SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*1cddb830SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*1cddb830SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*1cddb830SAndroid Build Coastguard Worker *
8*1cddb830SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*1cddb830SAndroid Build Coastguard Worker *
10*1cddb830SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*1cddb830SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*1cddb830SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*1cddb830SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*1cddb830SAndroid Build Coastguard Worker * limitations under the License.
15*1cddb830SAndroid Build Coastguard Worker *
16*1cddb830SAndroid Build Coastguard Worker * OpenCL is a trademark of Apple Inc. used under license by Khronos.
17*1cddb830SAndroid Build Coastguard Worker */
18*1cddb830SAndroid Build Coastguard Worker
19*1cddb830SAndroid Build Coastguard Worker #include <icd.h>
20*1cddb830SAndroid Build Coastguard Worker #include <stdbool.h>
21*1cddb830SAndroid Build Coastguard Worker #include <windows.h>
22*1cddb830SAndroid Build Coastguard Worker
khrIcd_getenv(const char * name)23*1cddb830SAndroid Build Coastguard Worker char *khrIcd_getenv(const char *name) {
24*1cddb830SAndroid Build Coastguard Worker char *retVal;
25*1cddb830SAndroid Build Coastguard Worker DWORD valSize;
26*1cddb830SAndroid Build Coastguard Worker
27*1cddb830SAndroid Build Coastguard Worker valSize = GetEnvironmentVariableA(name, NULL, 0);
28*1cddb830SAndroid Build Coastguard Worker
29*1cddb830SAndroid Build Coastguard Worker // valSize DOES include the null terminator, so for any set variable
30*1cddb830SAndroid Build Coastguard Worker // will always be at least 1. If it's 0, the variable wasn't set.
31*1cddb830SAndroid Build Coastguard Worker if (valSize == 0) return NULL;
32*1cddb830SAndroid Build Coastguard Worker
33*1cddb830SAndroid Build Coastguard Worker // Allocate the space necessary for the registry entry
34*1cddb830SAndroid Build Coastguard Worker retVal = (char *)malloc(valSize);
35*1cddb830SAndroid Build Coastguard Worker
36*1cddb830SAndroid Build Coastguard Worker if (NULL != retVal) {
37*1cddb830SAndroid Build Coastguard Worker GetEnvironmentVariableA(name, retVal, valSize);
38*1cddb830SAndroid Build Coastguard Worker }
39*1cddb830SAndroid Build Coastguard Worker
40*1cddb830SAndroid Build Coastguard Worker return retVal;
41*1cddb830SAndroid Build Coastguard Worker }
42*1cddb830SAndroid Build Coastguard Worker
khrIcd_IsHighIntegrityLevel()43*1cddb830SAndroid Build Coastguard Worker static bool khrIcd_IsHighIntegrityLevel()
44*1cddb830SAndroid Build Coastguard Worker {
45*1cddb830SAndroid Build Coastguard Worker bool isHighIntegrityLevel = false;
46*1cddb830SAndroid Build Coastguard Worker
47*1cddb830SAndroid Build Coastguard Worker HANDLE processToken;
48*1cddb830SAndroid Build Coastguard Worker if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &processToken)) {
49*1cddb830SAndroid Build Coastguard Worker // Maximum possible size of SID_AND_ATTRIBUTES is maximum size of a SID + size of attributes DWORD.
50*1cddb830SAndroid Build Coastguard Worker char mandatoryLabelBuffer[SECURITY_MAX_SID_SIZE + sizeof(DWORD)] = {0};
51*1cddb830SAndroid Build Coastguard Worker DWORD bufferSize;
52*1cddb830SAndroid Build Coastguard Worker if (GetTokenInformation(processToken, TokenIntegrityLevel, mandatoryLabelBuffer, sizeof(mandatoryLabelBuffer),
53*1cddb830SAndroid Build Coastguard Worker &bufferSize) != 0) {
54*1cddb830SAndroid Build Coastguard Worker const TOKEN_MANDATORY_LABEL* mandatoryLabel = (const TOKEN_MANDATORY_LABEL*)(mandatoryLabelBuffer);
55*1cddb830SAndroid Build Coastguard Worker const DWORD subAuthorityCount = *GetSidSubAuthorityCount(mandatoryLabel->Label.Sid);
56*1cddb830SAndroid Build Coastguard Worker const DWORD integrityLevel = *GetSidSubAuthority(mandatoryLabel->Label.Sid, subAuthorityCount - 1);
57*1cddb830SAndroid Build Coastguard Worker
58*1cddb830SAndroid Build Coastguard Worker isHighIntegrityLevel = integrityLevel > SECURITY_MANDATORY_MEDIUM_RID;
59*1cddb830SAndroid Build Coastguard Worker }
60*1cddb830SAndroid Build Coastguard Worker
61*1cddb830SAndroid Build Coastguard Worker CloseHandle(processToken);
62*1cddb830SAndroid Build Coastguard Worker }
63*1cddb830SAndroid Build Coastguard Worker
64*1cddb830SAndroid Build Coastguard Worker return isHighIntegrityLevel;
65*1cddb830SAndroid Build Coastguard Worker }
66*1cddb830SAndroid Build Coastguard Worker
khrIcd_secure_getenv(const char * name)67*1cddb830SAndroid Build Coastguard Worker char *khrIcd_secure_getenv(const char *name) {
68*1cddb830SAndroid Build Coastguard Worker if (khrIcd_IsHighIntegrityLevel()) {
69*1cddb830SAndroid Build Coastguard Worker KHR_ICD_TRACE("Running at a high integrity level, so secure_getenv is returning NULL\n");
70*1cddb830SAndroid Build Coastguard Worker return NULL;
71*1cddb830SAndroid Build Coastguard Worker }
72*1cddb830SAndroid Build Coastguard Worker
73*1cddb830SAndroid Build Coastguard Worker return khrIcd_getenv(name);
74*1cddb830SAndroid Build Coastguard Worker }
75*1cddb830SAndroid Build Coastguard Worker
khrIcd_free_getenv(char * val)76*1cddb830SAndroid Build Coastguard Worker void khrIcd_free_getenv(char *val) {
77*1cddb830SAndroid Build Coastguard Worker free((void *)val);
78*1cddb830SAndroid Build Coastguard Worker }
79