brave · bsclifton · Jan 18, 2024 · Nov 5, 2023 · Oct 30, 2023 · Nov 1, 2023
diff --git a/.gitattributes b/.gitattributes
@@ -54,6 +54,8 @@ VERSION   text eol=lf
 # These files should have CRLF
 win_build_output/midl/brave/**/*.c   text eol=crlf
 win_build_output/midl/brave/**/*.h   text eol=crlf
+win_build_output/midl/chrome/**/*.c   text eol=crlf
+win_build_output/midl/chrome/**/*.h   text eol=crlf
 
 
 win_build_output/midl/google_update/*/*.c   text eol=crlf

diff --git a/browser/brave_browser_process_impl.cc b/browser/brave_browser_process_impl.cc
@@ -97,6 +97,9 @@
 
 #if BUILDFLAG(ENABLE_BRAVE_VPN)
 #include "brave/components/brave_vpn/browser/connection/brave_vpn_os_connection_api.h"
+#if BUILDFLAG(IS_WIN)
+#include "brave/browser/brave_vpn/win/vpn_utils_win.h"
+#endif
 #endif
 
 using brave_component_updater::BraveComponent;
@@ -505,8 +508,19 @@ BraveBrowserProcessImpl::brave_vpn_os_connection_api() {
     return brave_vpn_os_connection_api_.get();
   }
 
+  // Currently, service installer only used on Windows.
+  // Installs registers IKEv2 service (for DNS) and our WireGuard impl.
+  // NOTE: Install only happens if person has purchased the product.
+  auto service_installer =
+#if BUILDFLAG(IS_WIN)
+      base::BindRepeating(&brave_vpn::InstallVpnSystemServices);
+#else
+      base::NullCallback();
+#endif
+
   brave_vpn_os_connection_api_ = brave_vpn::CreateBraveVPNConnectionAPI(
-      shared_url_loader_factory(), local_state(), chrome::GetChannel());
+      shared_url_loader_factory(), local_state(), chrome::GetChannel(),
+      service_installer);
   return brave_vpn_os_connection_api_.get();
 }
 #endif

diff --git a/browser/brave_vpn/dns/brave_vpn_dns_observer_service_win.cc b/browser/brave_vpn/dns/brave_vpn_dns_observer_service_win.cc
@@ -9,8 +9,7 @@
 
 #include "base/strings/string_util.h"
 #include "brave/browser/ui/views/brave_vpn/brave_vpn_dns_settings_notificiation_dialog_view.h"
-#include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_constants.h"
-#include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_state.h"
+#include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_utils.h"
 #include "brave/components/brave_vpn/common/brave_vpn_utils.h"
 #include "brave/components/brave_vpn/common/pref_names.h"
 #include "brave/components/brave_vpn/common/win/utils.h"

@@ -25,15 +25,18 @@ if (enable_brave_vpn) {
       "//brave/browser/brave_vpn/win/brave_vpn_wireguard_observer_factory_win.h",
       "//brave/browser/brave_vpn/win/brave_vpn_wireguard_observer_service_win.cc",
       "//brave/browser/brave_vpn/win/brave_vpn_wireguard_observer_service_win.h",
+      "//brave/browser/brave_vpn/win/vpn_utils_win.cc",
+      "//brave/browser/brave_vpn/win/vpn_utils_win.h",
     ]
-
     brave_browser_brave_vpn_deps += [
       "//brave/app:brave_generated_resources_grit",
       "//brave/browser:browser_process",
       "//brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper:common",
       "//brave/components/brave_vpn/common/win",
       "//brave/components/brave_vpn/common/wireguard/win",
       "//chrome/common:constants",
+      "//chrome/elevation_service:public_headers",
+      "//chrome/install_static:install_static_util",
       "//components/prefs",
       "//net",
       "//third_party/abseil-cpp:absl",

@@ -0,0 +1,3 @@
+include_rules = [
+  '+chrome/elevation_service/elevation_service_idl.h',
+]
diff --git a/browser/brave_vpn/win/brave_vpn_wireguard_service/BUILD.gn b/browser/brave_vpn/win/brave_vpn_wireguard_service/BUILD.gn
@@ -6,12 +6,13 @@
 import(
     "//brave/browser/brave_vpn/win/brave_vpn_wireguard_service/allowlist.gni")
 import("//brave/build/config.gni")
+import("//brave/components/brave_vpn/common/buildflags/buildflags.gni")
 import("//build/toolchain/gcc_toolchain.gni")
 import("//build/util/process_version.gni")
 import("//chrome/process_version_rc_template.gni")
 import("//tools/resources/generate_resource_allowlist.gni")
 
-assert(is_win)
+assert(is_win && enable_brave_vpn)
 
 copy("brave_vpn_wireguard_binaries") {
   sources = [
@@ -64,11 +65,6 @@ executable("brave_vpn_wireguard_service") {
   ]
 
   public_configs = [ "//build/config/win:windowed" ]
-
-  libs = [
-    "userenv.lib",  # For GetUserProfileDirectoryW()
-    "runtimeobject.lib",
-  ]
 }
 
 process_version_rc_template("version_resources") {
@@ -77,6 +73,24 @@ process_version_rc_template("version_resources") {
   output = "$target_gen_dir/brave_vpn_wireguard_service.rc"
 }
 
+source_set("install_utils") {
+  sources = [
+    "install_utils.cc",
+    "install_utils.h",
+  ]
+  public_deps = [ "//brave/components/brave_vpn/common/wireguard/win:brave_wireguard_manager_idl" ]
+  deps = [
+    "//base",
+    "//brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service",
+    "//brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray",
+    "//brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/status_icon:utils",
+    "//brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper:common",
+    "//brave/components/brave_vpn/common/win",
+    "//brave/components/brave_vpn/common/wireguard/win",
+    "//chrome/installer/util:work_item",
+  ]
+}
+
 group("unit_tests") {
   testonly = true
   deps = [

diff --git a/...ireguard_service/service/install_utils.cc → ...ve_vpn_wireguard_service/install_utils.cc b/...ireguard_service/service/install_utils.cc → ...ve_vpn_wireguard_service/install_utils.cc
@@ -3,7 +3,15 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at https://mozilla.org/MPL/2.0/. */
 
-#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service/install_utils.h"
+#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/install_utils.h"
+
+#include <windows.h>
+#include <winerror.h>
+#include <winnt.h>
+#include <winsvc.h>
+#include <winuser.h>
+
+#include <ios>
 
 #include "base/base_paths.h"
 #include "base/command_line.h"
@@ -14,12 +22,16 @@
 #include "base/win/registry.h"
 #include "base/win/windows_types.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service/wireguard_tunnel_service.h"
+#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/brave_vpn_tray_command_ids.h"
+#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/status_icon/constants.h"
+#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/status_icon/icon_utils.h"
+#include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_constants.h"
+#include "brave/components/brave_vpn/browser/connection/ikev2/win/brave_vpn_helper/brave_vpn_helper_utils.h"
 #include "brave/components/brave_vpn/common/win/scoped_sc_handle.h"
 #include "brave/components/brave_vpn/common/win/utils.h"
 #include "brave/components/brave_vpn/common/wireguard/win/service_constants.h"
 #include "brave/components/brave_vpn/common/wireguard/win/service_details.h"
 #include "brave/components/brave_vpn/common/wireguard/win/storage_utils.h"
-#include "brave/components/brave_vpn/common/wireguard/win/wireguard_utils_win.h"
 #include "chrome/installer/util/install_service_work_item.h"
 
 namespace brave_vpn {
@@ -57,6 +69,79 @@ void RemoveFromStartup(const std::wstring& value) {
   }
   key.DeleteValue(value.c_str());
 }
+
+// Microsoft-Windows-NetworkProfile
+// fbcfac3f-8459-419f-8e48-1f0b49cdb85e
+constexpr GUID kNetworkProfileGUID = {
+    0xfbcfac3f,
+    0x8459,
+    0x419f,
+    {0x8e, 0x48, 0x1f, 0x0b, 0x49, 0xcd, 0xb8, 0x5e}};
+
+bool SetServiceTriggerForVPNConnection(SC_HANDLE hService,
+                                       const std::wstring& brave_vpn_entry) {
+  std::wstring brave_vpn_entry_with_null(brave_vpn_entry);
+  brave_vpn_entry_with_null += L'\0';
+  // Allocate and set the SERVICE_TRIGGER_SPECIFIC_DATA_ITEM structure
+  SERVICE_TRIGGER_SPECIFIC_DATA_ITEM deviceData = {0};
+  deviceData.dwDataType = SERVICE_TRIGGER_DATA_TYPE_STRING;
+  // Exclude EOL
+  deviceData.cbData = brave_vpn_entry_with_null.size() *
+                      sizeof(brave_vpn_entry_with_null.front());
+  deviceData.pData = (PBYTE)brave_vpn_entry_with_null.c_str();
+  // Allocate and set the SERVICE_TRIGGER structure
+  SERVICE_TRIGGER serviceTrigger = {0};
+  serviceTrigger.dwTriggerType = SERVICE_TRIGGER_TYPE_CUSTOM;
+  serviceTrigger.dwAction = SERVICE_TRIGGER_ACTION_SERVICE_START;
+  serviceTrigger.pTriggerSubtype = const_cast<GUID*>(&kNetworkProfileGUID);
+  serviceTrigger.cDataItems = 1;
+  serviceTrigger.pDataItems = &deviceData;
+
+  // Allocate and set the SERVICE_TRIGGER_INFO structure
+  SERVICE_TRIGGER_INFO serviceTriggerInfo = {0};
+  serviceTriggerInfo.cTriggers = 1;
+  serviceTriggerInfo.pTriggers = &serviceTrigger;
+
+  // Call ChangeServiceConfig2 with the SERVICE_CONFIG_TRIGGER_INFO level
+  // and pass to it the address of the SERVICE_TRIGGER_INFO structure
+  return ChangeServiceConfig2(hService, SERVICE_CONFIG_TRIGGER_INFO,
+                              &serviceTriggerInfo);
+}
+
+bool ConfigureServiceAutoRestart(const std::wstring& service_name,
+                                 const std::wstring& brave_vpn_entry) {
+  ScopedScHandle scm(::OpenSCManager(nullptr, nullptr, SC_MANAGER_CONNECT));
+  if (!scm.IsValid()) {
+    VLOG(1) << "::OpenSCManager failed. service_name: " << service_name
+            << ", error: " << std::hex << HRESULTFromLastError();
+    return false;
+  }
+  ScopedScHandle service(
+      ::OpenService(scm.Get(), service_name.c_str(), SERVICE_ALL_ACCESS));
+  if (!service.IsValid()) {
+    VLOG(1) << "::OpenService failed. service_name: " << service_name
+            << ", error: " << std::hex << HRESULTFromLastError();
+    return false;
+  }
+
+  if (!brave_vpn::SetServiceFailureActions(service.Get())) {
+    VLOG(1) << "SetServiceFailureActions failed:" << std::hex
+            << HRESULTFromLastError();
+    return false;
+  }
+  if (!SetServiceTriggerForVPNConnection(service.Get(), brave_vpn_entry)) {
+    VLOG(1) << "SetServiceTriggerForVPNConnection failed:" << std::hex
+            << HRESULTFromLastError();
+    return false;
+  }
+  return true;
+}
+
+base::FilePath GetBraveVpnHelperServicePath() {
+  base::FilePath asset_dir = base::PathService::CheckedGet(base::DIR_ASSETS);
+  return asset_dir.Append(brave_vpn::kBraveVPNHelperExecutable);
+}
+
 }  // namespace
 
 bool ConfigureBraveWireguardService(const std::wstring& service_name) {
@@ -66,10 +151,6 @@ bool ConfigureBraveWireguardService(const std::wstring& service_name) {
             << ", error: " << std::hex << HRESULTFromLastError();
     return false;
   }
-  base::FilePath exe_path;
-  if (!base::PathService::Get(base::FILE_EXE, &exe_path)) {
-    return S_OK;
-  }
 
   ScopedScHandle service(
       ::OpenService(scm.Get(), service_name.c_str(), SERVICE_ALL_ACCESS));
@@ -92,10 +173,7 @@ bool ConfigureBraveWireguardService(const std::wstring& service_name) {
 // Installs Brave VPN Wireguard Windows service and configures the service
 // config.
 bool InstallBraveWireguardService() {
-  base::FilePath exe_dir;
-  base::PathService::Get(base::DIR_EXE, &exe_dir);
-  base::CommandLine service_cmd(
-      exe_dir.Append(brave_vpn::kBraveVpnWireguardServiceExecutable));
+  base::CommandLine service_cmd(GetBraveVPNWireguardServiceExecutablePath());
   installer::InstallServiceWorkItem install_service_work_item(
       brave_vpn::GetBraveVpnWireguardServiceName(),
       brave_vpn::GetBraveVpnWireguardServiceDisplayName(), SERVICE_DEMAND_START,
@@ -143,4 +221,33 @@ bool UninstallBraveWireguardService() {
   return true;
 }
 
+bool UninstallStatusTrayIcon() {
+  auto* hWnd = GetBraveVpnStatusTrayIconHWND();
+  if (!hWnd) {
+    return true;
+  }
+
+  return SendMessage(hWnd,
+                     RegisterWindowMessage(kBraveVpnStatusTrayMessageName),
+                     IDC_BRAVE_VPN_TRAY_EXIT, 0) == TRUE;
+}
+
+bool InstallBraveVPNHelperService() {
+  base::CommandLine service_cmd(GetBraveVpnHelperServicePath());
+  installer::InstallServiceWorkItem install_service_work_item(
+      brave_vpn::GetBraveVpnHelperServiceName(),
+      brave_vpn::GetBraveVpnHelperServiceDisplayName(), SERVICE_DEMAND_START,
+      service_cmd, base::CommandLine(base::CommandLine::NO_PROGRAM),
+      brave_vpn::kBraveVpnHelperRegistryStoragePath, {}, {});
+  install_service_work_item.set_best_effort(true);
+  install_service_work_item.set_rollback_enabled(false);
+  if (install_service_work_item.Do()) {
+    auto success =
+        ConfigureServiceAutoRestart(brave_vpn::GetBraveVpnHelperServiceName(),
+                                    brave_vpn::GetBraveVPNConnectionName());
+    return success;
+  }
+  return false;
+}
+
 }  // namespace brave_vpn
diff --git a/...wireguard_service/service/install_utils.h → ...ave_vpn_wireguard_service/install_utils.h b/...wireguard_service/service/install_utils.h → ...ave_vpn_wireguard_service/install_utils.h
@@ -3,8 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at https://mozilla.org/MPL/2.0/. */
 
-#ifndef BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_SERVICE_INSTALL_UTILS_H_
-#define BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_SERVICE_INSTALL_UTILS_H_
+#ifndef BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_INSTALL_UTILS_H_
+#define BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_INSTALL_UTILS_H_
 
 #include <string>
 
@@ -13,7 +13,9 @@ namespace brave_vpn {
 bool ConfigureBraveWireguardService(const std::wstring& service_name);
 bool InstallBraveWireguardService();
 bool UninstallBraveWireguardService();
+bool UninstallStatusTrayIcon();
+bool InstallBraveVPNHelperService();
 
 }  // namespace brave_vpn
 
-#endif  // BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_SERVICE_INSTALL_UTILS_H_
+#endif  // BRAVE_BROWSER_BRAVE_VPN_WIN_BRAVE_VPN_WIREGUARD_SERVICE_INSTALL_UTILS_H_
diff --git a/browser/brave_vpn/win/brave_vpn_wireguard_service/main.cc b/browser/brave_vpn/win/brave_vpn_wireguard_service/main.cc
@@ -17,10 +17,8 @@
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/brave_wireguard_service_crash_reporter_client.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/notifications/notification_utils.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/resources/resource_loader.h"
-#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service/install_utils.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service/wireguard_service_runner.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/service/wireguard_tunnel_service.h"
-#include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/install_utils.h"
 #include "brave/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/status_tray_runner.h"
 #include "brave/components/brave_vpn/common/wireguard/win/service_constants.h"
 #include "chrome/install_static/product_install_details.h"
@@ -132,23 +130,6 @@ int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev, wchar_t*, int) {
             brave_vpn::kBraveVpnWireguardServiceConnectSwitchName));
   }
 
-  // System level command line. Makes registeration and configuration for
-  // BraveVPNWireguardService windows service. Used by the installer.
-  if (command_line->HasSwitch(
-          brave_vpn::kBraveVpnWireguardServiceInstallSwitchName)) {
-    auto success = brave_vpn::InstallBraveWireguardService();
-    return success ? 0 : 1;
-  }
-
-  // System level command line. Unregisters BraveVPNWireguardService
-  // windows service and removes stored data. Used by the uninstaller.
-  if (command_line->HasSwitch(
-          brave_vpn::kBraveVpnWireguardServiceUnnstallSwitchName)) {
-    auto success = brave_vpn::UninstallBraveWireguardService() &&
-                   brave_vpn::UninstallStatusTrayIcon();
-    return success ? 0 : 1;
-  }
-
   auto result = ProcessUserLevelCommands(*command_line);
   if (result.has_value()) {
     return result.value();

diff --git a/browser/brave_vpn/win/brave_vpn_wireguard_service/service/BUILD.gn b/browser/brave_vpn/win/brave_vpn_wireguard_service/service/BUILD.gn
@@ -11,8 +11,6 @@ source_set("service") {
   sources = [
     "brave_wireguard_manager.cc",
     "brave_wireguard_manager.h",
-    "install_utils.cc",
-    "install_utils.h",
     "wireguard_service_runner.cc",
     "wireguard_service_runner.h",
     "wireguard_tunnel_service.cc",
@@ -26,5 +24,5 @@ source_set("service") {
     "//brave/components/brave_vpn/common/wireguard/win",
     "//chrome/installer/util:with_no_strings",
   ]
-  libs = [ "Shell32.lib" ]
+  libs = [ "runtimeobject.lib" ]
 }
diff --git a/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/BUILD.gn b/browser/brave_vpn/win/brave_vpn_wireguard_service/status_tray/BUILD.gn
@@ -8,8 +8,6 @@ import("//build/toolchain/gcc_toolchain.gni")
 source_set("status_tray") {
   sources = [
     "brave_vpn_tray_command_ids.h",
-    "install_utils.cc",
-    "install_utils.h",
     "status_tray_runner.cc",
     "status_tray_runner.h",
   ]
@@ -33,7 +31,6 @@ source_set("status_tray") {
   if (!enable_resource_allowlist_generation) {
     deps += [ "//chrome:packed_resources" ]
   }
-  libs = [ "shell32.lib" ]
 }
 
 source_set("unit_tests") {