[reactos] 01/02: [NTOS:SE] NtQueryInformationToken: implement token sandbox inert querying - Ros-diffs

13 Jun 2022

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5e1f292062732a0e35abe…
commit 5e1f292062732a0e35abe385f2954aec8d2af5bd
Author:     George Bișoc &lt;george.bisoc(a)reactos.org&gt;
AuthorDate: Sun Jun 12 14:30:44 2022 +0200
Commit:     George Bișoc &lt;george.bisoc(a)reactos.org&gt;
CommitDate: Mon Jun 13 18:17:10 2022 +0200
    [NTOS:SE] NtQueryInformationToken: implement token sandbox inert querying
---
 ntoskrnl/include/internal/se.h |  5 +++++
 ntoskrnl/se/token.c            | 21 +++++++++++++++++++++
 ntoskrnl/se/tokencls.c         | 21 +++++++++++++++++++--
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/include/internal/se.h b/ntoskrnl/include/internal/se.h
index db2dd0b58a3..de65310b331 100644
--- a/ntoskrnl/include/internal/se.h
+++ b/ntoskrnl/include/internal/se.h
@@ -443,6 +443,11 @@ SeCopyClientToken(
     _In_ KPROCESSOR_MODE PreviousMode,
     _Out_ PACCESS_TOKEN* NewToken);
+BOOLEAN
+NTAPI
+SeTokenIsInert(
+    _In_ PTOKEN Token);
+
 ULONG
 RtlLengthSidAndAttributes(
     _In_ ULONG Count,
diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index 83b962f1ba9..ad2dd8e806f 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -1180,6 +1180,27 @@ SeCopyClientToken(
     return Status;
 }
+/**
+ * @brief
+ * Determines if a token is a sandbox inert token or not,
+ * based upon the token flags.
+ *
+ * @param[in] Token
+ * A valid access token to determine if such token is inert.
+ *
+ * @return
+ * Returns TRUE if the token is inert, FALSE otherwise.
+ */
+BOOLEAN
+NTAPI
+SeTokenIsInert(
+    _In_ PTOKEN Token)
+{
+    PAGED_CODE();
+
+    return (((PTOKEN)Token)->TokenFlags & TOKEN_SANDBOX_INERT) != 0;
+}
+
 /**
  * @brief
  * Internal function that deals with access token object destruction and deletion.
diff --git a/ntoskrnl/se/tokencls.c b/ntoskrnl/se/tokencls.c
index b9d1615d23e..50e81a9a453 100644
--- a/ntoskrnl/se/tokencls.c
+++ b/ntoskrnl/se/tokencls.c
@@ -984,9 +984,26 @@ NtQueryInformationToken(
             }
             case TokenSandBoxInert:
-                DPRINT1("NtQueryInformationToken(TokenSandboxInert) not
implemented\n");
-                Status = STATUS_NOT_IMPLEMENTED;
+            {
+                ULONG IsTokenSandBoxInert;
+
+                DPRINT("NtQueryInformationToken(TokenSandBoxInert)\n");
+
+                IsTokenSandBoxInert = SeTokenIsInert(Token);
+                _SEH2_TRY
+                {
+                    /* Buffer size was already verified, no need to check here again */
+                    *(PULONG)TokenInformation = IsTokenSandBoxInert;
+                    *ReturnLength = sizeof(ULONG);
+                }
+                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+                {
+                    Status = _SEH2_GetExceptionCode();
+                }
+                _SEH2_END;
+
                 break;
+            }
             case TokenSessionId:
             {
    