Issue #3: scope registry filter to the user of the process that installed it.

Author: eiz

SynchronousAudioRouter/entry.cpp

@@ -314,22 +314,34 @@ NTSTATUS SarIrpDeviceControl(PDEVICE_OBJECT deviceObject, PIRP irp)
             UNICODE_STRING filterAltitude;
 
             RtlUnicodeStringInit(&filterAltitude, L"360000");
-            ExAcquireFastMutex(&extension->mutex);
+            KeEnterCriticalRegion();
+            ExAcquireFastMutexUnsafe(&extension->mutex);
 
             if (extension->filterCookie.QuadPart) {
-                ExReleaseFastMutex(&extension->mutex);
+                ExReleaseFastMutexUnsafe(&extension->mutex);
+                KeLeaveCriticalRegion();
                 ntStatus = STATUS_RESOURCE_IN_USE;
                 break;
             }
 
+            ntStatus = SarCopyProcessUser(
+                PsGetCurrentProcess(), &extension->filterUser);
+
+            if (!NT_SUCCESS(ntStatus)) {
+                ExReleaseFastMutexUnsafe(&extension->mutex);
+                KeLeaveCriticalRegion();
+                break;
+            }
+
             ntStatus = CmRegisterCallbackEx(
                 SarRegistryCallback,
                 &filterAltitude,
                 deviceObject->DriverObject,
                 extension,
                 &extension->filterCookie,
                 nullptr);
-            ExReleaseFastMutex(&extension->mutex);
+            ExReleaseFastMutexUnsafe(&extension->mutex);
+            KeLeaveCriticalRegion();
             break;
         }
         case SAR_SEND_FORMAT_CHANGE_EVENT:
@@ -361,6 +373,27 @@ VOID SarUnload(PDRIVER_OBJECT driverObject)
     if (extension->filterCookie.QuadPart) {
         CmUnRegisterCallback(extension->filterCookie);
     }
+
+    if (extension->filterUser) {
+        ExFreePool(extension->filterUser);
+    }
+}
+
+BOOL SarFilterMatchesCurrentProcess(SarDriverExtension *extension)
+{
+    PTOKEN_USER tokenUser = nullptr;
+    NTSTATUS status = SarCopyProcessUser(PsGetCurrentProcess(), &tokenUser);
+
+    if (!NT_SUCCESS(status)) {
+        return FALSE;
+    }
+
+    BOOL isMatch = RtlEqualSid(
+        extension->filterUser->User.Sid,
+        tokenUser->User.Sid);
+
+    ExFreePool(tokenUser);
+    return isMatch;
 }
 
 NTSTATUS SarFilterMMDeviceQuery(
@@ -530,6 +563,10 @@ NTSTATUS SarRegistryCallback(PVOID context, PVOID argument1, PVOID argument2)
                 break;
             }
 
+            if (!SarFilterMatchesCurrentProcess(extension)) {
+                break;
+            }
+
             return SarFilterMMDeviceQuery(
                 queryInfo, &wrapperRegistrationPath);
         }
@@ -556,6 +593,10 @@ NTSTATUS SarRegistryCallback(PVOID context, PVOID argument1, PVOID argument2)
                 break;
             }
 
+            if (!SarFilterMatchesCurrentProcess(extension)) {
+                break;
+            }
+
             return SarFilterMMDeviceEnum(
                 queryInfo, &wrapperRegistrationPath);
         }

SynchronousAudioRouter/sar.h

@@ -165,6 +165,7 @@ typedef struct SarDriverExtension
     FAST_MUTEX mutex;
     RTL_GENERIC_TABLE controlContextTable;
     LARGE_INTEGER filterCookie;
+    PTOKEN_USER filterUser;
 } SarDriverExtension;
 
 typedef struct SarControlContext
@@ -408,6 +409,8 @@ BOOLEAN SarRemoveTableEntry(PRTL_GENERIC_TABLE table, PVOID key);
 PVOID SarGetTableEntry(PRTL_GENERIC_TABLE table, PVOID key);
 VOID SarInitializeTable(PRTL_GENERIC_TABLE table);
 
+NTSTATUS SarCopyProcessUser(PEPROCESS process, PTOKEN_USER *outTokenUser);
+
 #endif // KERNEL
 
 #pragma warning(pop)

SynchronousAudioRouter/utility.cpp

@@ -512,3 +512,16 @@ PVOID SarGetTableEntry(PRTL_GENERIC_TABLE table, PVOID key)
 
     return nullptr;
 }
+
+NTSTATUS SarCopyProcessUser(PEPROCESS process, PTOKEN_USER *outTokenUser)
+{
+    NT_ASSERT(process);
+    NT_ASSERT(outTokenUser);
+
+    PACCESS_TOKEN token = PsReferencePrimaryToken(process);
+    NTSTATUS status = SeQueryInformationToken(
+        token, TokenUser, (PVOID *)outTokenUser);
+
+    PsDereferencePrimaryToken(token);
+    return status;
+}