ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-16 10:58:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

win32 setup: disable app dir inheritance (#19787)

Browse Source
This commit is contained in:
Karl Burtram
2022-06-21 13:19:24 -07:00
committed by GitHub
parent 15a611d4a4
commit b8529c52a7
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
build/win32/code.iss
View File

@@ -81,6 +81,9 @@ Name: "associatewithfiles"; Description: "{cm:AssociateWithFiles,{#NameLong}}";
Name: "addtopath"; Description: "{cm:AddToPath}"; GroupDescription: "{cm:Other}"
Name: "runcode"; Description: "{cm:RunAfter,{#NameShort}}"; GroupDescription: "{cm:Other}"; Check: WizardSilent
[Dirs]
Name: "{app}"; AfterInstall: DisableAppDirInheritance
[Files]
Source: "*"; Excludes: "\CodeSignSummary*.md,\tools,\tools\*,\resources\app\product.json"; DestDir: "{code:GetDestDir}"; Flags: ignoreversion recursesubdirs createallsubdirs
Source: "tools\*"; DestDir: "{app}\tools"; Flags: ignoreversion
@@ -332,3 +335,19 @@ end;
#ifdef Debug
#expr SaveToFile(AddBackslash(SourcePath) + "code-processed.iss")
#endif
// https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
// https://docs.microsoft.com/en-US/windows/security/identity-protection/access-control/security-identifiers
procedure DisableAppDirInheritance();
var
ResultCode: Integer;
Permissions: string;
begin
Permissions := '/grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX"';
#if "user" == InstallTarget
Permissions := Permissions + ' /grant:r "*S-1-3-0:(OI)(CI)F"';
#endif
Exec(ExpandConstant('{sys}\icacls.exe'), ExpandConstant('"{app}" /inheritancelevel:r ') + Permissions, '', SW_HIDE, ewWaitUntilTerminated, ResultCode);
end;