Index: /branches/rel_ag_9_4_5/windows/ArrayInstallManager/ArrayInstallManager.cpp
===================================================================
--- /branches/rel_ag_9_4_5/windows/ArrayInstallManager/ArrayInstallManager.cpp	(revision 20636)
+++ /branches/rel_ag_9_4_5/windows/ArrayInstallManager/ArrayInstallManager.cpp	(working copy)
@@ -29,7 +29,8 @@
 	DECLARE_REGISTRY_APPID_RESOURCEID(IDR_DATASERVICE, "{C0E366E5-AD8D-481F-9639-87B4F8F4737F}")
 	HRESULT InitializeSecurity() throw()
 	{
-		HRESULT hr = CoInitializeSecurity(NULL,-1,NULL,0,RPC_C_AUTHN_LEVEL_NONE,RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_NONE,0);
+		// HRESULT hr = CoInitializeSecurity(NULL,-1,NULL,0,RPC_C_AUTHN_LEVEL_NONE,RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_NONE,0);
+		HRESULT hr = CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_PKT_PRIVACY,RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_DISABLE_AAA,NULL);
 		return hr;
 	}
 
@@ -59,7 +60,8 @@
 	BOOL GetLaunchActPermissionsWithIL (SECURITY_DESCRIPTOR **ppSD)
 	{
 		// Allow World Local Launch/Activation permissions. Label the SD for LOW IL Execute UP
-		LPWSTR lpszSDDL = L"O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)";
+		// LPWSTR lpszSDDL = L"O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)";
+		LPWSTR lpszSDDL = L"O:BAG:BAD:(A;;0xb;;;SY)(A;;0xb;;;BA)";
 		SECURITY_DESCRIPTOR *pSD = NULL;
 		if (ConvertStringSecurityDescriptorToSecurityDescriptorW(lpszSDDL, SDDL_REVISION_1, (PSECURITY_DESCRIPTOR *)&pSD, NULL))
 		{
@@ -82,6 +84,14 @@
 			(BYTE*)pSD,
 			dwLen);
 		if (lResult != ERROR_SUCCESS) goto done;
+		lResult = RegSetValueExA(hkey,
+			"AccessPermission",
+			0,
+			REG_BINARY,
+			(BYTE*)pSD,
+			dwLen);
+		if (lResult != ERROR_SUCCESS) goto done;
+
 		bResult = TRUE;
 	done:
 		return bResult;
@@ -150,4 +160,4 @@
 	g_SecurityInferfaceWhiteList.push_back(WRITE_REG_PATH_07);
 	g_SecurityInferfaceWhiteList.push_back(WRITE_REG_PATH_08);
 	g_SecurityInferfaceWhiteList.push_back(WRITE_REG_PATH_09);
-}
\ No newline at end of file
+}
Index: /branches/rel_ag_9_4_5/windows/ArrayInstallManager/InstallManager.cpp
===================================================================
--- /branches/rel_ag_9_4_5/windows/ArrayInstallManager/InstallManager.cpp	(revision 20636)
+++ /branches/rel_ag_9_4_5/windows/ArrayInstallManager/InstallManager.cpp	(working copy)
@@ -22,6 +22,54 @@
 StringList g_SecurityInferfaceWhiteList;
 typedef int (*PFN_CheckInstallStatus)(const char *szXML);
 
+static BOOL IsTokenMemberOfWellKnownSid(HANDLE hToken, WELL_KNOWN_SID_TYPE sidType)
+{
+    BYTE sidBuffer[SECURITY_MAX_SID_SIZE] = {0};
+    DWORD sidSize = sizeof(sidBuffer);
+    PSID pSid = (PSID)sidBuffer;
+    BOOL isMember = FALSE;
+
+    if (!CreateWellKnownSid(sidType, NULL, pSid, &sidSize))
+        return FALSE;
+
+    if (!CheckTokenMembership(hToken, pSid, &isMember))
+        return FALSE;
+
+    return isMember;
+}
+
+static BOOL IsPrivilegedComCaller()
+{
+    HRESULT hr = CoImpersonateClient();
+    if (FAILED(hr))
+        return FALSE;
+
+    HANDLE hToken = NULL;
+    BOOL allowed = FALSE;
+
+    if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
+    {
+        allowed =
+            IsTokenMemberOfWellKnownSid(hToken, WinLocalSystemSid) ||
+            IsTokenMemberOfWellKnownSid(hToken, WinBuiltinAdministratorsSid);
+
+        CloseHandle(hToken);
+    }
+
+    CoRevertToSelf();
+    return allowed;
+}
+
+static HRESULT DenyUnprivilegedCaller(LPCSTR method)
+{
+    if (!IsPrivilegedComCaller())
+    {
+        Log(LOG_WARNING, ("%s denied: caller is not SYSTEM or Administrators\n", method));
+        return E_ACCESSDENIED;
+    }
+    return S_OK;
+}
+
 LRESULT	WINAPI CabinetCallback(IN PVOID pMyInstallData,IN UINT Notification,IN UINT Param1,IN UINT Param2 )
 {
 	LRESULT lRetVal = NO_ERROR;
@@ -671,9 +719,12 @@
 }
 STDMETHODIMP CInstallManager::DownloadFileToLocalDirectory(BSTR bstrFileName,  BSTR bstrSPAddress, USHORT uPort, BSTR bstrSession, BSTR bstrToFullPath, IProgressSink *pIProgressSink)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, (L"CInstallManager::DownloadFileToLocal,bstrFileName:%s, address:%s, port:%d, session:%s, topath:%s\n", bstrFileName, bstrSPAddress, uPort, bstrSession, bstrToFullPath));
 	//note: if download cabinet file from spx, the topath is : "C:\Documents and Settings\Administrator\Local Settings\Temp\"
-	Log(LOG_INFO, (L"DownloadFileToLocalDirectory: bUseAuthen:%d,chHost:%sŁ¬uPort:%d, ProxySet:%d, chName:%s\n", 
+	Log(LOG_INFO, (L"DownloadFileToLocalDirectory: bUseAuthen:%d,chHost:%sŁ¬uPort:%d, ProxySet:%d, chName:%s\n",
 		g_ProxyInfo.bUseAuthen, g_ProxyInfo.chHost, g_ProxyInfo.uPort, g_ProxyInfo.ProxySet, g_ProxyInfo.chName));
 	BOOL bSetEnableClientAuth = FALSE;
 	if (IsEnableClientAuth() == FALSE)
@@ -723,6 +774,9 @@
 
 STDMETHODIMP CInstallManager::DownloadFileToLocalDirectoryByURL(BSTR bstrFileName,  BSTR bstrSPAddress, USHORT uPort, BSTR bstrSession, BSTR bstrToFullPath, IProgressSink *pIProgressSink, BSTR bstrURL)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, (L"DownloadFileToLocalDirectoryByURL,bstrFileName:%s, address:%s, port:%d, session:%s, topath:%s, url:%s\n", bstrFileName, bstrSPAddress, uPort, bstrSession, bstrToFullPath, bstrURL));
 	//note: if download cabinet file from spx, the topath is : "C:\Documents and Settings\Administrator\Local Settings\Temp\"
 	Log(LOG_INFO, (L"DownloadFileToLocalDirectoryByURL: bUseAuthen:%d,chHost:%sŁ¬uPort:%d, ProxySet:%d, chName:%s\n", g_ProxyInfo.bUseAuthen, g_ProxyInfo.chHost, g_ProxyInfo.uPort, g_ProxyInfo.ProxySet, g_ProxyInfo.chName));
@@ -814,6 +868,9 @@
 
 STDMETHODIMP CInstallManager::CopyFileToLocal(BSTR bstrSrcPath, BSTR bstrDstPath)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	int iError = 0;
 	CString csDstPath = bstrDstPath;
 	csDstPath = csDstPath.Left(csDstPath.ReverseFind('\\')+1);
@@ -974,8 +1031,11 @@
 
 STDMETHODIMP CInstallManager::WriteRegValue(BOOL bLocalMachine, UINT type, BSTR bstrRegPath, BSTR bstrKeyName, BSTR bstrValue, UINT iValue)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, (L"CInstallManager::WriteRegValue: bLocalMachine:%d, type:%d, bstrRegPath:%s, bstrKeyName:%s, iValue:%d\n", bLocalMachine, type, bstrRegPath, bstrKeyName, iValue));
-	
+
 	CStringA strRegPath = CW2A(bstrRegPath);
 	StringListIterator it;
 	BOOL bFind = FALSE;
@@ -1031,6 +1091,9 @@
 
 STDMETHODIMP CInstallManager::SetEventByName(BSTR bstrEventName)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, (L"CInstallManager::SetEventByName: %s\n", bstrEventName));
 	HANDLE hEvent = OpenEvent(EVENT_ALL_ACCESS, FALSE, bstrEventName);
 	if(hEvent == NULL)
@@ -1048,6 +1111,9 @@
 
 STDMETHODIMP CInstallManager::StopProcessByName(BSTR bstrProcessName)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, (L"CInstallManager::StopProcessByName: %s\n", bstrProcessName));
 	int iTimes = 0;
 	while(iTimes <= 64)
@@ -1085,11 +1151,14 @@
 
 STDMETHODIMP CInstallManager::LaunchWithHighPrivilege(UINT type, LPCSTR bstrParameter)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	if(type != DETECT_WG_SERVICE_11)
 	{
 		Log(LOG_INFO, ("LaunchWithHighPrivilege: Type:%d(2022.02.10), para:%s\n", type, bstrParameter));
 	}
-	
+
 	if(type == SYSTEM_ROUTE_ACTION_1)
 	{
 		CStringA csMsg = bstrParameter;
@@ -1375,6 +1444,9 @@
 
 STDMETHODIMP CInstallManager::RemoveFileWithHighProvilege(BSTR bstrFilePath)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	Log(LOG_INFO, ("RemoveFileWithHighProvilege: the file path:%s\n", bstrFilePath));
 	if(!RemoveFile(bstrFilePath))
 	{
@@ -1386,6 +1458,9 @@
 
 STDMETHODIMP CInstallManager::UnpackMPCab(BSTR bstrCabPath)
 {
+	HRESULT hrAuth = DenyUnprivilegedCaller(__FUNCTION__);
+	if (FAILED(hrAuth)) return hrAuth;
+
 	wchar_t szIMPath[MAX_PATH] = {0};
 	GetInstallManagerDirectory(szIMPath);
 	int iRet = SetupIterateCabinetW(bstrCabPath, 0, (PSP_FILE_CALLBACK)CabinetCallback, (LPVOID)szIMPath);
