Do not use the mandatory label in when generating security descriptors on Windows XP.

remoting/host/win/host_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements the Windows service controlling Me2Me host processes
 // running within user sessions.
 
 #include "remoting/host/win/host_service.h"
 
 #include <sddl.h>
 #include <windows.h>
 #include <wtsapi32.h>
 
 #include "base/base_paths.h"
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/message_loop.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/threading/thread.h"
 #include "base/utf_string_conversions.h"
 #include "base/win/scoped_com_initializer.h"
+#include "base/win/windows_version.h"
 #include "remoting/base/auto_thread.h"
 #include "remoting/base/scoped_sc_handle_win.h"
 #include "remoting/base/stoppable.h"
 #include "remoting/host/branding.h"
 #include "remoting/host/host_exit_codes.h"
 #include "remoting/host/logging.h"
 #include "remoting/host/win/security_descriptor.h"
 
 #if defined(REMOTING_MULTI_PROCESS)
 #include "remoting/host/daemon_process.h"
@@ skipping 19 matching lines @@
 
 // Concatenates ACE type, permissions and sid given as SDDL strings into an ACE
 // definition in SDDL form.
 #define SDDL_ACE(type, permissions, sid) \
     L"(" type L";;" permissions L";;;" sid L")"
 
 // Text representation of COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL
 // permission bits that is used in the SDDL definition below.
 #define SDDL_COM_EXECUTE_LOCAL L"0x3"
 
-// A security descriptor allowing local processes running under SYSTEM or
-// LocalService accounts at medium integrity level or higher to call COM
-// methods exposed by the daemon.
+// Security descriptor allowing local processes running under SYSTEM or
+// LocalService accounts to call COM methods exposed by the daemon.
 const wchar_t kComProcessSd[] =
     SDDL_OWNER L":" SDDL_LOCAL_SYSTEM
     SDDL_GROUP L":" SDDL_LOCAL_SYSTEM
     SDDL_DACL L":"
     SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SYSTEM)
-    SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SERVICE)
+    SDDL_ACE(SDDL_ACCESS_ALLOWED, SDDL_COM_EXECUTE_LOCAL, SDDL_LOCAL_SERVICE);
+
+// Appended to |kComProcessSd| to specify that only callers running at medium or
+// higher integrity level are allowed to call COM methods exposed by the daemon.
+const wchar_t kComProcessMandatoryLabel[] =
     SDDL_SACL L":"
     SDDL_ACE(SDDL_MANDATORY_LABEL, SDDL_NO_EXECUTE_UP, SDDL_ML_MEDIUM);
 
 #undef SDDL_ACE
 #undef SDDL_COM_EXECUTE_LOCAL
 
 // Allows incoming calls from clients running under SYSTEM or LocalService at
 // medium integrity level.
 bool InitializeComSecurity() {
+  std::string sddl = WideToUTF8(kComProcessSd);
+  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
+    sddl += WideToUTF8(kComProcessMandatoryLabel);
+  }
+
   // Convert the SDDL description into a security descriptor in absolute format.
-  ScopedSd relative_sd = ConvertSddlToSd(WideToUTF8(kComProcessSd));
+  ScopedSd relative_sd = ConvertSddlToSd(sddl);
   if (!relative_sd) {
     LOG_GETLASTERROR(ERROR) << "Failed to create a security descriptor";
     return false;
   }
   ScopedSd absolute_sd;
   ScopedAcl dacl;
   ScopedSid group;
   ScopedSid owner;
   ScopedAcl sacl;
   if (!MakeScopedAbsoluteSd(relative_sd, &absolute_sd, &dacl, &group, &owner,
@@ skipping 409 matching lines @@
 int DaemonProcessMain() {
   HostService* service = HostService::GetInstance();
   if (!service->InitWithCommandLine(CommandLine::ForCurrentProcess())) {
     return kUsageExitCode;
   }
 
   return service->Run();
 }
 
 } // namespace remoting