Initial release of the Windows Terminal source code

This commit introduces all of the Windows Terminal and Console Host source,
under the MIT license.

src/server/ProcessPolicy.cpp

@@ -0,0 +1,88 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+#include "precomp.h"
+
+#include "ProcessPolicy.h"
+
+#include "..\inc\conint.h"
+
+// Routine Description:
+// - Constructs a new instance of the process policy class.
+// Arguments:
+// - All arguments specify a true/false status to a policy that could be applied to a console client app.
+ConsoleProcessPolicy::ConsoleProcessPolicy(const bool fCanReadOutputBuffer,
+                                           const bool fCanWriteInputBuffer) :
+    _fCanReadOutputBuffer(fCanReadOutputBuffer),
+    _fCanWriteInputBuffer(fCanWriteInputBuffer)
+{
+}
+
+// Routine Description:
+// - Destructs an instance of the process policy class.
+ConsoleProcessPolicy::~ConsoleProcessPolicy()
+{
+}
+
+// Routine Description:
+// - Opens the process token for the given handle and resolves the application model policies
+//   that apply to the given process handle. This may reveal restrictions on operations that are
+//   supposed to be enforced against a given console client application.
+// Arguments:
+// - hProcess - Handle to a connected process
+// Return Value:
+// - ConsoleProcessPolicy object containing resolved policy data.
+ConsoleProcessPolicy ConsoleProcessPolicy::s_CreateInstance(const HANDLE hProcess)
+{
+    // If we cannot determine the policy status, then we block access by default.
+    bool fCanReadOutputBuffer = false;
+    bool fCanWriteInputBuffer = false;
+
+    wil::unique_handle hToken;
+    if (LOG_IF_WIN32_BOOL_FALSE(OpenProcessToken(hProcess, TOKEN_READ, &hToken)))
+    {
+        bool fIsWrongWayBlocked = true;
+
+        // First check AppModel Policy:
+        LOG_IF_FAILED(Microsoft::Console::Internal::ProcessPolicy::CheckAppModelPolicy(hToken.get(), fIsWrongWayBlocked));
+
+        // If we're not restricted by AppModel Policy, also check for Integrity Level below our own.
+        if (!fIsWrongWayBlocked)
+        {
+            LOG_IF_FAILED(Microsoft::Console::Internal::ProcessPolicy::CheckIntegrityLevelPolicy(hToken.get(), fIsWrongWayBlocked));
+        }
+
+        // If we're not blocking wrong way verbs, adjust the read/write policies to permit read out and write in.
+        if (!fIsWrongWayBlocked)
+        {
+            fCanReadOutputBuffer = true;
+            fCanWriteInputBuffer = true;
+        }
+    }
+
+    return ConsoleProcessPolicy(fCanReadOutputBuffer, fCanWriteInputBuffer);
+}
+
+// Routine Description:
+// - Determines whether a console client should be allowed to read back from the output buffers.
+// - This includes any of our classic APIs which could allow retrieving data from the output "screen buffer".
+// Arguments:
+// - <none>
+// Return Value:
+// - True if read back is allowed. False otherwise.
+bool ConsoleProcessPolicy::CanReadOutputBuffer() const
+{
+    return _fCanReadOutputBuffer;
+}
+
+// Routine Description:
+// - Determines whether a console client should be allowed to write to the input buffers.
+// - This includes any of our classic APIs which could allow inserting data into the input buffer.
+// Arguments:
+// - <none>
+// Return Value:
+// - True if writing input is allowed. False otherwise.
+bool ConsoleProcessPolicy::CanWriteInputBuffer() const
+{
+    return _fCanWriteInputBuffer;
+}