Merge pull request #24900 from brave/bsc-elevation-service-trusted-path

bsclifton · web-flow · commit a6b5d9cffdc9 · 2024-07-29T22:03:23.000-07:00
Implement a trusted source check for `Elevator::InstallVPNServices`
diff --git a/chromium_src/chrome/elevation_service/elevator.cc b/chromium_src/chrome/elevation_service/elevator.cc
@@ -28,6 +28,38 @@
 namespace elevation_service {
 
 HRESULT Elevator::InstallVPNServices() {
+  // Perform a trusted source check.
+  // This ensures the caller is an executable in `%PROGRAMFILES%`.
+  // For more info, see https://github.com/brave/brave-core/pull/24900
+  HRESULT hr = ::CoImpersonateClient();
+  if (FAILED(hr)) {
+    return hr;
+  }
+
+  {
+    absl::Cleanup revert_to_self = [] { ::CoRevertToSelf(); };
+
+    const auto process = GetCallingProcess();
+    if (!process.IsValid()) {
+      return kErrorCouldNotObtainCallingProcess;
+    }
+    const auto validation_data = GenerateValidationData(
+        ProtectionLevel::PROTECTION_PATH_VALIDATION, process);
+    if (!validation_data.has_value()) {
+      return validation_data.error();
+    }
+    const auto data = std::vector<uint8_t>(validation_data->cbegin(),
+                                           validation_data->cend());
+
+    // Note: Validation should always be done using caller impersonation token.
+    std::string log_message;
+    HRESULT validation_result = ValidateData(process, data, &log_message);
+    if (FAILED(validation_result)) {
+      return validation_result;
+    }
+  }
+  // End of trusted source check
+
 #if BUILDFLAG(ENABLE_BRAVE_VPN)
   if (!brave_vpn::IsBraveVPNHelperServiceInstalled()) {
     auto success = brave_vpn::InstallBraveVPNHelperService(
diff --git a/wq b/wq
@@ -0,0 +1,20 @@
+Implement a trusted source check for Elevator::InstallVPNServices
+
+Fixes https://github.com/brave/brave-browser/issues/39029
+
+This is based on an example from Chromium in:
+https://source.chromium.org/chromium/chromium/src/+/main:chrome/elevation_service/elevator.cc
+
+Please see the references in the code there to `ValidateData`.
+
+# Please enter the commit message for your changes. Lines starting
+# with '#' will be ignored, and an empty message aborts the commit.
+#
+# Date:      Tue Jul 23 16:26:01 2024 -0700
+#
+# On branch bsc-elevation-service-trusted-path
+# Your branch is up to date with 'origin2/bsc-elevation-service-trusted-path'.
+#
+# Changes to be committed:
+#	modified:   chromium_src/chrome/elevation_service/elevator.cc
+#
