Zhiyi Zhang : win32u: Create explorer with the thread effective access token.

Module: wine Branch: master Commit: 99e2fad1bf4433d82c3f77c9bdeac1872e6d6ee9 URL: https://gitlab.winehq.org/wine/wine/-/commit/99e2fad1bf4433d82c3f77c9bdeac18...

Author: Zhiyi Zhang zzhang@codeweavers.com Date: Tue Jun 20 11:42:52 2023 +0800

win32u: Create explorer with the thread effective access token.

Chromium creates a suspended sandbox process with a token of limited access. Then it sets a token with normal access for the main thread of the newly created process. Without this change, explorer is started with the process token of limited access and fails to create a desktop window.

---

dlls/win32u/winstation.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/dlls/win32u/winstation.c b/dlls/win32u/winstation.c index f99bef2bf11..7ca6346fb96 100644 --- a/dlls/win32u/winstation.c +++ b/dlls/win32u/winstation.c @@ -446,7 +446,8 @@ HWND get_desktop_window(void) static const WCHAR system_dir[] = {'C',':','\','w','i','n','d','o','w','s','\', 's','y','s','t','e','m','3','2','\',0}; RTL_USER_PROCESS_PARAMETERS params = { sizeof(params), sizeof(params) }; - PS_ATTRIBUTE_LIST ps_attr; + ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[2] ) / sizeof(ULONG_PTR)]; + PS_ATTRIBUTE_LIST *ps_attr = (PS_ATTRIBUTE_LIST *)buffer; PS_CREATE_INFO create_info; WCHAR desktop[MAX_PATH]; PEB *peb = NtCurrentTeb()->Peb; @@ -479,24 +480,30 @@ HWND get_desktop_window(void) RtlInitUnicodeString( &params.WindowTitle, appnameW + 4 ); RtlInitUnicodeString( &params.Desktop, desktop );

- ps_attr.TotalLength = sizeof(ps_attr); - ps_attr.Attributes[0].Attribute = PS_ATTRIBUTE_IMAGE_NAME; - ps_attr.Attributes[0].Size = sizeof(appnameW) - sizeof(WCHAR); - ps_attr.Attributes[0].ValuePtr = (WCHAR *)appnameW; - ps_attr.Attributes[0].ReturnLength = NULL; + ps_attr->Attributes[0].Attribute = PS_ATTRIBUTE_IMAGE_NAME; + ps_attr->Attributes[0].Size = sizeof(appnameW) - sizeof(WCHAR); + ps_attr->Attributes[0].ValuePtr = (WCHAR *)appnameW; + ps_attr->Attributes[0].ReturnLength = NULL; + + ps_attr->Attributes[1].Attribute = PS_ATTRIBUTE_TOKEN; + ps_attr->Attributes[1].Size = sizeof(HANDLE); + ps_attr->Attributes[1].ValuePtr = GetCurrentThreadEffectiveToken(); + ps_attr->Attributes[1].ReturnLength = NULL; + + ps_attr->TotalLength = offsetof( PS_ATTRIBUTE_LIST, Attributes[2] );

if (NtCurrentTeb64() && !NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR]) { NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR] = TRUE; status = NtCreateUserProcess( &process, &thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, 0, THREAD_CREATE_FLAGS_CREATE_SUSPENDED, &params, - &create_info, &ps_attr ); + &create_info, ps_attr ); NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR] = FALSE; } else status = NtCreateUserProcess( &process, &thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, 0, THREAD_CREATE_FLAGS_CREATE_SUSPENDED, &params, - &create_info, &ps_attr ); + &create_info, ps_attr ); if (!status) { NtResumeThread( thread, NULL );