diff --git a/application/DebugViewppLib/DBWinReader.cpp b/application/DebugViewppLib/DBWinReader.cpp index ff9536e0..08ff865f 100644 --- a/application/DebugViewppLib/DBWinReader.cpp +++ b/application/DebugViewppLib/DBWinReader.cpp @@ -43,14 +43,14 @@ DBWinReader::DBWinReader(Timer& timer, ILineBuffer& linebuffer, bool global) : SetDescription(global ? L"Global Win32 Messages" : L"Win32 Messages"); //Option 1: - //Win32::AdjustObjectDACL(m_hBuffer.get()); - //Win32::AdjustObjectDACL(m_dbWinBufferReady.get()); - //Win32::AdjustObjectDACL(m_dbWinDataReady.get()); + Win32::AdjustObjectDACL(m_hBuffer.get()); + Win32::AdjustObjectDACL(m_dbWinBufferReady.get()); + Win32::AdjustObjectDACL(m_dbWinDataReady.get()); //Option 2: - Win32::DeleteObjectDACL(m_hBuffer.get()); - Win32::DeleteObjectDACL(m_dbWinBufferReady.get()); - Win32::DeleteObjectDACL(m_dbWinDataReady.get()); + //Win32::DeleteObjectDACL(m_hBuffer.get()); + //Win32::DeleteObjectDACL(m_dbWinBufferReady.get()); + //Win32::DeleteObjectDACL(m_dbWinDataReady.get()); // TODO(jan): Please test this and choose one diff --git a/application/Win32Lib/Win32Lib.cpp b/application/Win32Lib/Win32Lib.cpp index d55e19e8..91a552ac 100644 --- a/application/Win32Lib/Win32Lib.cpp +++ b/application/Win32Lib/Win32Lib.cpp @@ -307,6 +307,7 @@ void DeleteObjectDACL(HANDLE hObject) } //add necessary permissions for "Authenticated Users" group (all non-anonymous users) +//and for "All Application Packages", "All Restricted Application Packages" for UWP support void AdjustObjectDACL(HANDLE hObject) { ACL* pOldDACL; @@ -317,20 +318,41 @@ void AdjustObjectDACL(HANDLE hObject) SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY; AllocateAndInitializeSid(&authNt, 1, SECURITY_AUTHENTICATED_USER_RID, 0, 0, 0, 0, 0, 0, 0, &pSid); - EXPLICIT_ACCESS ea = {}; - ea.grfAccessMode = GRANT_ACCESS; - ea.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE; - ea.grfInheritance = NO_INHERITANCE; - ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; - ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea.Trustee.ptstrName = static_cast(pSid); + PSID pAnyPackageSid = nullptr; + SID_IDENTIFIER_AUTHORITY SIDAuthAppPackage = SECURITY_APP_PACKAGE_AUTHORITY; + AllocateAndInitializeSid(&SIDAuthAppPackage, SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT, + SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE, + 0, 0, 0, 0, 0, 0, + &pAnyPackageSid); + + PSID pAnyRestrictedPackageSid = nullptr; + AllocateAndInitializeSid(&SIDAuthAppPackage, SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT, + SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_RESTRICTED_PACKAGE, + 0, 0, 0, 0, 0, 0, + &pAnyRestrictedPackageSid); + + EXPLICIT_ACCESS ea[3] = {}; + for (auto& item : ea) + { + item.grfAccessMode = GRANT_ACCESS; + item.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE; + item.grfInheritance = NO_INHERITANCE; + item.Trustee.TrusteeType = TRUSTEE_IS_GROUP; + item.Trustee.TrusteeForm = TRUSTEE_IS_SID; + } + + ea[0].Trustee.ptstrName = static_cast(pSid); + ea[1].Trustee.ptstrName = static_cast(pAnyPackageSid); + ea[2].Trustee.ptstrName = static_cast(pAnyRestrictedPackageSid); ACL* pNewDACL = nullptr; - SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); + SetEntriesInAcl(std::size(ea), ea, pOldDACL, &pNewDACL); Win32::SetSecurityInfo(hObject, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nullptr, nullptr, pNewDACL, nullptr); FreeSid(pSid); + FreeSid(pAnyPackageSid); + FreeSid(pAnyRestrictedPackageSid); LocalFree(pNewDACL); LocalFree(pSD); }