diff --git a/chromium_src/chrome/elevation_service/elevation_service_idl.idl b/chromium_src/chrome/elevation_service/elevation_service_idl.idl new file mode 100644 index 000000000000..4abbc0c0e9ae --- /dev/null +++ b/chromium_src/chrome/elevation_service/elevation_service_idl.idl @@ -0,0 +1,180 @@ +// Copyright 2018 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +import "oaidl.idl"; +import "ocidl.idl"; + +typedef enum ProtectionLevel { + // No validation: This never validates anything. + NONE = 0, + // Path validation: This will validate that the data is being decrypted by an + // executable whose NT path matches the executable that originally encrypted + // it. This should only be used for executables in trusted paths e.g. + // C:\Program Files, otherwise anyone could pretend to be your executable. + PATH_VALIDATION = 1, +} ProtectionLevel; + +[ + object, + oleautomation, + uuid(5A9A9462-2FA1-4FEB-B7F2-DF3D19134463), + helpstring("IElevator Interface"), + pointer_default(unique) +] +interface IElevator : IUnknown +{ + // Elevators are exposed as methods on IElevator, and provide High Integrity + // actions. Any changes to add or change a method in IElevator will require a + // security review. + // + // Runs the Chrome Recovery CRX elevated. + // + // @param crx_path Path for the recovery CRX. + // @param browser_appid Omaha AppID for the version of Chrome being recovered. + // @param browser_version Version of Chrome for the recovery CRX. + // @param session_id Omaha Session Id. + // @param caller_proc_id The process id of the calling process. + // @param proc_handle The process handle valid in the calling process context. + HRESULT RunRecoveryCRXElevated([in, string] const WCHAR* crx_path, + [in, string] const WCHAR* browser_appid, + [in, string] const WCHAR* browser_version, + [in, string] const WCHAR* session_id, + [in] DWORD caller_proc_id, + [out] ULONG_PTR* proc_handle); + + // Encrypts data with both caller and SYSTEM context DPAPI. + // + // @param protection_level the protection level to encrypt data at. + // @param plaintext The plaintext data to encrypt. + // @param ciphertext The ciphertext of the encrypted data. It is the + // responsibility of the caller to free this memory using + // SysFreeString. + // @param last_error The result of calling GetLastError if the operation + // failed. + // @return S_OK on success. Any other value on failure. + HRESULT EncryptData([in] ProtectionLevel protection_level, + [in] const BSTR plaintext, + [out] BSTR* ciphertext, + [out] DWORD* last_error); + + // Decrypts data with both caller and SYSTEM context DPAPI. + // + // This will only decrypt data that was encrypted via a paired EncryptData + // call from same application, with identity determined by the protection + // level of the original encrypt call. + // + // @param ciphertext The ciphertext data to decrypt. + // @param plaintext The plaintext of the decrypted data. It is the + // responsibility of the caller to free this memory using + // SysFreeString. + // @param last_error The result of calling GetLastError if the operation + // failed. + // @return S_OK on success. Any other value on failure. + HRESULT DecryptData([in] const BSTR ciphertext, + [out] BSTR* plaintext, + [out] DWORD* last_error); + + + + // Install the services used for Brave VPN + // + // These will only get installed when a customer purchases the product + // from account.brave.com and they have credentials. + // + // There are two services provided: + // - DNS protection: forcing routing through VPN adapter to bypass Smart + // Multi-homed Name Resolution (which can leak the DNS query). + // - WireGuard support: more robust VPN support than the built-in to Windows + // VPN. The built in one with IKEv2 is secure but things like + // reconnect after waking up don't work well with the system VPN. + // @return S_OK on success. + HRESULT InstallVPNServices(); +}; + +// The interfaces below are all IElevator with unique IIDs. IElevator is +// registered with unique IIDs for the various flavors of Chrome and Chromium. +// This allows the different flavors of Chrome/Chromium to co-exist without side +// effects. +[ + object, + oleautomation, + uuid(3218DA17-49C2-479A-8290-311DBFB86490), + helpstring("IElevatorChromium Interface"), + pointer_default(unique) +] +interface IElevatorChromium : IElevator +{ +}; + +[ + object, + oleautomation, + uuid(F396861E-0C8E-4C71-8256-2FAE6D759CE9), + helpstring("IElevatorChrome Interface"), + pointer_default(unique) +] +interface IElevatorChrome : IElevator +{ +}; + +[ + object, + oleautomation, + uuid(9EBAD7AC-6E1E-4A1C-AA85-1A70CADA8D82), + helpstring("IElevatorChromeBeta Interface"), + pointer_default(unique) +] +interface IElevatorChromeBeta : IElevator +{ +}; + +[ + object, + oleautomation, + uuid(1E43C77B-48E6-4A4C-9DB2-C2971706C255), + helpstring("IElevatorChromeDev Interface"), + pointer_default(unique) +] +interface IElevatorChromeDev : IElevator +{ +}; + +[ + object, + oleautomation, + uuid(1DB2116F-71B7-49F0-8970-33B1DACFB072), + helpstring("IElevatorChromeCanary Interface"), + pointer_default(unique) +] +interface IElevatorChromeCanary : IElevator +{ +}; + +[ + object, + oleautomation, + uuid(17239BF1-A1DC-4642-846C-1BAC85F96A10), + helpstring("IElevatorDevelopment Interface"), + pointer_default(unique) +] +interface IElevatorDevelopment : IElevator +{ +}; + +[ + uuid(C3B01C4D-FBD4-4E65-88AD-0972D75808C2), + version(1.0), + helpstring("Elevator 1.0 Type Library") +] +library ElevatorLib { + importlib("stdole2.tlb"); + + interface IElevator; + interface IElevatorChromium; + interface IElevatorChrome; + interface IElevatorChromeBeta; + interface IElevatorChromeDev; + interface IElevatorChromeCanary; + interface IElevatorDevelopment; +}; diff --git a/patches/chrome-elevation_service-BUILD.gn.patch b/patches/chrome-elevation_service-BUILD.gn.patch index 8a3481e72a8a..b94e11acd61d 100644 --- a/patches/chrome-elevation_service-BUILD.gn.patch +++ b/patches/chrome-elevation_service-BUILD.gn.patch @@ -1,7 +1,16 @@ diff --git a/chrome/elevation_service/BUILD.gn b/chrome/elevation_service/BUILD.gn -index 6ae8694531550df2835f3afbe5a699403f7495fb..75dc1d59241a98fd1d2cf391269a39434c778661 100644 +index 6ae8694531550df2835f3afbe5a699403f7495fb..a4328f979fa61c945cdb48f5728f1fff1a8b311f 100644 --- a/chrome/elevation_service/BUILD.gn +++ b/chrome/elevation_service/BUILD.gn +@@ -9,7 +9,7 @@ import("//chrome/process_version_rc_template.gni") + import("//testing/test.gni") + + midl("elevation_service_idl") { +- sources = [ "elevation_service_idl.idl" ] ++ sources = [ "//brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl" ] + + writes_tlb = true + } @@ -87,6 +87,7 @@ source_set("lib") { deps = [ "//base", diff --git a/patches/chrome-elevation_service-elevation_service_idl.idl.patch b/patches/chrome-elevation_service-elevation_service_idl.idl.patch deleted file mode 100644 index 3766bdf22098..000000000000 --- a/patches/chrome-elevation_service-elevation_service_idl.idl.patch +++ /dev/null @@ -1,107 +0,0 @@ -diff --git a/chrome/elevation_service/elevation_service_idl.idl b/chrome/elevation_service/elevation_service_idl.idl -index e28845867a46534a0f462814d70a03634db28155..4abbc0c0e9ae67d1c3468a5afba20dc54a6046f2 100644 ---- a/chrome/elevation_service/elevation_service_idl.idl -+++ b/chrome/elevation_service/elevation_service_idl.idl -@@ -18,7 +18,7 @@ typedef enum ProtectionLevel { - [ - object, - oleautomation, -- uuid(A949CB4E-C4F9-44C4-B213-6BF8AA9AC69C), -+ uuid(5A9A9462-2FA1-4FEB-B7F2-DF3D19134463), - helpstring("IElevator Interface"), - pointer_default(unique) - ] -@@ -74,6 +74,22 @@ interface IElevator : IUnknown - HRESULT DecryptData([in] const BSTR ciphertext, - [out] BSTR* plaintext, - [out] DWORD* last_error); -+ -+ -+ -+ // Install the services used for Brave VPN -+ // -+ // These will only get installed when a customer purchases the product -+ // from account.brave.com and they have credentials. -+ // -+ // There are two services provided: -+ // - DNS protection: forcing routing through VPN adapter to bypass Smart -+ // Multi-homed Name Resolution (which can leak the DNS query). -+ // - WireGuard support: more robust VPN support than the built-in to Windows -+ // VPN. The built in one with IKEv2 is secure but things like -+ // reconnect after waking up don't work well with the system VPN. -+ // @return S_OK on success. -+ HRESULT InstallVPNServices(); - }; - - // The interfaces below are all IElevator with unique IIDs. IElevator is -@@ -83,7 +99,7 @@ interface IElevator : IUnknown - [ - object, - oleautomation, -- uuid(B88C45B9-8825-4629-B83E-77CC67D9CEED), -+ uuid(3218DA17-49C2-479A-8290-311DBFB86490), - helpstring("IElevatorChromium Interface"), - pointer_default(unique) - ] -@@ -94,7 +110,7 @@ interface IElevatorChromium : IElevator - [ - object, - oleautomation, -- uuid(463ABECF-410D-407F-8AF5-0DF35A005CC8), -+ uuid(F396861E-0C8E-4C71-8256-2FAE6D759CE9), - helpstring("IElevatorChrome Interface"), - pointer_default(unique) - ] -@@ -105,7 +121,7 @@ interface IElevatorChrome : IElevator - [ - object, - oleautomation, -- uuid(A2721D66-376E-4D2F-9F0F-9070E9A42B5F), -+ uuid(9EBAD7AC-6E1E-4A1C-AA85-1A70CADA8D82), - helpstring("IElevatorChromeBeta Interface"), - pointer_default(unique) - ] -@@ -116,7 +132,7 @@ interface IElevatorChromeBeta : IElevator - [ - object, - oleautomation, -- uuid(BB2AA26B-343A-4072-8B6F-80557B8CE571), -+ uuid(1E43C77B-48E6-4A4C-9DB2-C2971706C255), - helpstring("IElevatorChromeDev Interface"), - pointer_default(unique) - ] -@@ -127,7 +143,7 @@ interface IElevatorChromeDev : IElevator - [ - object, - oleautomation, -- uuid(4F7CE041-28E9-484F-9DD0-61A8CACEFEE4), -+ uuid(1DB2116F-71B7-49F0-8970-33B1DACFB072), - helpstring("IElevatorChromeCanary Interface"), - pointer_default(unique) - ] -@@ -136,7 +152,18 @@ interface IElevatorChromeCanary : IElevator - }; - - [ -- uuid(0014D784-7012-4A79-8AB6-ADDB8193A06E), -+ object, -+ oleautomation, -+ uuid(17239BF1-A1DC-4642-846C-1BAC85F96A10), -+ helpstring("IElevatorDevelopment Interface"), -+ pointer_default(unique) -+] -+interface IElevatorDevelopment : IElevator -+{ -+}; -+ -+[ -+ uuid(C3B01C4D-FBD4-4E65-88AD-0972D75808C2), - version(1.0), - helpstring("Elevator 1.0 Type Library") - ] -@@ -149,4 +176,5 @@ library ElevatorLib { - interface IElevatorChromeBeta; - interface IElevatorChromeDev; - interface IElevatorChromeCanary; -+ interface IElevatorDevelopment; - }; diff --git a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl.h b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl.h index 4e1be8701a52..4e3355d9d82b 100644 --- a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl.h +++ b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl.h @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=ARM64 8.01.0628 protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_i.c b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_i.c index 9489f7a546c5..dc120e9114fd 100644 --- a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_i.c +++ b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_i.c @@ -8,7 +8,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=ARM64 8.01.0628 protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_p.c b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_p.c index f7926910693b..d2c8ef20eafa 100644 --- a/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_p.c +++ b/win_build_output/midl/chrome/elevation_service/arm64/elevation_service_idl_p.c @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=ARM64 8.01.0628 protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl.h b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl.h index b5a39dc45a60..94cef34235e9 100644 --- a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl.h +++ b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl.h @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_i.c b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_i.c index ca81724669cb..fa4ccbd86a2b 100644 --- a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_i.c +++ b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_i.c @@ -8,7 +8,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_p.c b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_p.c index 38105ab95a53..47e85ec2e72d 100644 --- a/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_p.c +++ b/win_build_output/midl/chrome/elevation_service/x64/elevation_service_idl_p.c @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl.h b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl.h index 61607fa0a0c8..6820cc028bb9 100644 --- a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl.h +++ b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl.h @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_i.c b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_i.c index e8b9f4560fa8..a3d04cd4cf72 100644 --- a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_i.c +++ b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_i.c @@ -8,7 +8,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data diff --git a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_p.c b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_p.c index 84a8bdfd7dfe..0a92ab999306 100644 --- a/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_p.c +++ b/win_build_output/midl/chrome/elevation_service/x86/elevation_service_idl_p.c @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 8.xx.xxxx */ /* at a redacted point in time */ -/* Compiler settings for ../../chrome/elevation_service/elevation_service_idl.idl: +/* Compiler settings for ../../brave/chromium_src/chrome/elevation_service/elevation_service_idl.idl: Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.xx.xxxx protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data