microsoft
diff --git a/‎src/windows/common/CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion b/‎src/windows/common/CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/windows/common/wslutil.h‎
Lines changed: 16 additions & 0 deletions b/‎src/windows/common/wslutil.h‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/windows/service/exe/CMakeLists.txt‎
Lines changed: 2 additions & 0 deletions b/‎src/windows/service/exe/CMakeLists.txt‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/windows/service/exe/GuestDeviceManager.cpp‎
Lines changed: 149 additions & 0 deletions b/‎src/windows/service/exe/GuestDeviceManager.cpp‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎src/windows/service/exe/GuestDeviceManager.h‎
Lines changed: 72 additions & 0 deletions b/‎src/windows/service/exe/GuestDeviceManager.h‎
Lines changed: 72 additions & 0 deletions
@@ -63,10 +63,10 @@ set(HEADERS
     disk.hpp
     Distribution.h
     filesystem.hpp
+    HandleConsoleProgressBar.h
     hcs.hpp
     hcs_schema.h
     helpers.hpp
-    HandleConsoleProgressBar.h
     interop.hpp
     ExecutionContext.h
     socket.hpp
 
@@ -78,6 +78,22 @@ void CoInitializeSecurity();
 
 void ConfigureCrt();
 
+/// <summary>
+/// Creates a COM server with user impersonation.
+/// </summary>
+template <typename Interface>
+wil::com_ptr_t<Interface> CreateComServerAsUser(_In_ REFCLSID RefClsId, _In_ HANDLE UserToken)
+{
+    auto revert = wil::impersonate_token(UserToken);
+    return wil::CoCreateInstance<Interface>(RefClsId, (CLSCTX_LOCAL_SERVER | CLSCTX_ENABLE_CLOAKING | CLSCTX_ENABLE_AAA));
+}
+
+template <typename Class, typename Interface>
+wil::com_ptr_t<Interface> CreateComServerAsUser(_In_ HANDLE UserToken)
+{
+    return CreateComServerAsUser<Interface>(__uuidof(Class), UserToken);
+}
+
 std::wstring ConstructPipePath(_In_ std::wstring_view PipeName);
 
 GUID CreateV5Uuid(const GUID& namespaceGuid, const std::span<const std::byte> name);
 
@@ -17,6 +17,7 @@ set(SOURCES
     GnsChannel.cpp
     GnsPortTrackerChannel.cpp
     GnsRpcServer.cpp
+    GuestDeviceManager.cpp
     GuestTelemetryLogger.cpp
     Lifetime.cpp
     LxssConsoleManager.cpp
@@ -56,6 +57,7 @@ set(HEADERS
     GnsChannel.h
     GnsPortTrackerChannel.h
     GnsRpcServer.h
+    GuestDeviceManager.h
     GuestTelemetryLogger.h
     INetworkingEngine.h
     IMirroredNetworkManager.h
 
@@ -0,0 +1,149 @@
+// Copyright (C) Microsoft Corporation. All rights reserved.
+
+#include "precomp.h"
+#include "GuestDeviceManager.h"
+#include "DeviceHostProxy.h"
+
+GuestDeviceManager::GuestDeviceManager(_In_ const std::wstring& machineId, _In_ const GUID& runtimeId) :
+    m_machineId(machineId), m_deviceHostSupport(wil::MakeOrThrow<DeviceHostProxy>(machineId, runtimeId))
+{
+}
+
+_Requires_lock_not_held_(m_lock)
+GUID GuestDeviceManager::AddGuestDevice(
+    _In_ const GUID& DeviceId, _In_ const GUID& ImplementationClsid, _In_ PCWSTR AccessName, _In_opt_ PCWSTR Options, _In_ PCWSTR Path, _In_ UINT32 Flags, _In_ HANDLE UserToken)
+{
+    auto guestDeviceLock = m_lock.lock_exclusive();
+    return AddHdvShareWithOptions(DeviceId, ImplementationClsid, AccessName, Options, Path, Flags, UserToken);
+}
+
+_Requires_lock_held_(m_lock)
+GUID GuestDeviceManager::AddHdvShareWithOptions(
+    _In_ const GUID& DeviceId, _In_ const GUID& ImplementationClsid, _In_ PCWSTR AccessName, _In_opt_ PCWSTR Options, _In_ PCWSTR Path, _In_ UINT32 Flags, _In_ HANDLE UserToken)
+{
+    wil::com_ptr<IPlan9FileSystem> server;
+
+    // Options are appended to the name with a semi-colon separator.
+    //  "name;key1=value1;key2=value2"
+    // The AddSharePath implementation is responsible for separating them out and interpreting them.
+    std::wstring nameWithOptions{AccessName};
+    if (ARGUMENT_PRESENT(Options))
+    {
+        nameWithOptions += L";";
+        nameWithOptions += Options;
+    }
+
+    {
+        auto revert = wil::impersonate_token(UserToken);
+
+        server = GetRemoteFileSystem(ImplementationClsid, c_defaultDeviceTag);
+        if (!server)
+        {
+            server = wil::CoCreateInstance<IPlan9FileSystem>(ImplementationClsid, (CLSCTX_LOCAL_SERVER | CLSCTX_ENABLE_CLOAKING | CLSCTX_ENABLE_AAA));
+            AddRemoteFileSystem(ImplementationClsid, c_defaultDeviceTag.c_str(), server);
+        }
+
+        THROW_IF_FAILED(server->AddSharePath(nameWithOptions.c_str(), Path, Flags));
+    }
+
+    // This requires more privileges than the user may have, so impersonation is disabled.
+    return AddNewDevice(DeviceId, server, AccessName);
+}
+
+GUID GuestDeviceManager::AddNewDevice(_In_ const GUID& deviceId, _In_ const wil::com_ptr<IPlan9FileSystem>& server, _In_ PCWSTR tag)
+{
+    THROW_HR_IF(E_NOT_VALID_STATE, !m_deviceHostSupport);
+    return m_deviceHostSupport->AddNewDevice(deviceId, server, tag);
+}
+
+void GuestDeviceManager::AddRemoteFileSystem(_In_ REFCLSID clsid, _In_ PCWSTR tag, _In_ const wil::com_ptr<IPlan9FileSystem>& server)
+{
+    THROW_HR_IF(E_NOT_VALID_STATE, !m_deviceHostSupport);
+    m_deviceHostSupport->AddRemoteFileSystem(clsid, tag, server);
+}
+
+void GuestDeviceManager::AddSharedMemoryDevice(_In_ const GUID& ImplementationClsid, _In_ PCWSTR Tag, _In_ PCWSTR Path, _In_ UINT32 SizeMb, _In_ HANDLE UserToken)
+{
+    auto guestDeviceLock = m_lock.lock_exclusive();
+    auto objectLifetime = CreateSectionObjectRoot(Path, UserToken);
+
+    // For virtiofs hdv, the flags parameter has been overloaded. Flags are placed in the lower
+    // 16 bits, while the shared memory size in megabytes are placed in the upper 16 bits.
+    static constexpr auto VIRTIO_FS_FLAGS_SHMEM_SIZE_SHIFT = 16;
+    UINT32 flags = (SizeMb << VIRTIO_FS_FLAGS_SHMEM_SIZE_SHIFT);
+    WI_SetFlag(flags, VIRTIO_FS_FLAGS_TYPE_SECTIONS);
+    (void)AddHdvShareWithOptions(VIRTIO_VIRTIOFS_DEVICE_ID, ImplementationClsid, Tag, {}, objectLifetime.Path.c_str(), flags, UserToken);
+    m_objectDirectories.emplace_back(std::move(objectLifetime));
+}
+
+GuestDeviceManager::DirectoryObjectLifetime GuestDeviceManager::CreateSectionObjectRoot(_In_ std::wstring_view RelativeRootPath, _In_ HANDLE UserToken) const
+{
+    auto revert = wil::impersonate_token(UserToken);
+    DWORD sessionId;
+    DWORD bytesWritten;
+    THROW_LAST_ERROR_IF(!GetTokenInformation(GetCurrentThreadToken(), TokenSessionId, &sessionId, sizeof(sessionId), &bytesWritten));
+
+    // /Sessions/1/BaseNamedObjects/WSL/<VM ID>/<Relative Path>
+    std::wstringstream sectionPathBuilder;
+    sectionPathBuilder << L"\\Sessions\\" << sessionId << L"\\BaseNamedObjects" << L"\\WSL\\" << m_machineId << L"\\" << RelativeRootPath;
+    auto sectionPath = sectionPathBuilder.str();
+
+    UNICODE_STRING ntPath{};
+    OBJECT_ATTRIBUTES attributes{};
+    attributes.Length = sizeof(OBJECT_ATTRIBUTES);
+    attributes.ObjectName = &ntPath;
+    std::vector<wil::unique_handle> directoryHierarchy;
+    auto remainingPath = std::wstring_view(sectionPath.data(), sectionPath.length());
+    while (remainingPath.length() > 0)
+    {
+        // Find the next path substring, ignoring the root path backslash.
+        auto nextDir = remainingPath;
+        const auto separatorPos = nextDir.find(L"\\", remainingPath[0] == L'\\' ? 1 : 0);
+        if (separatorPos != std::wstring_view::npos)
+        {
+            nextDir = nextDir.substr(0, separatorPos);
+            remainingPath = remainingPath.substr(separatorPos + 1, std::wstring_view::npos);
+
+            // Skip concurrent backslashes.
+            while (remainingPath.length() > 0 && remainingPath[0] == L'\\')
+            {
+                remainingPath = remainingPath.substr(1, std::wstring_view::npos);
+            }
+        }
+        else
+        {
+            remainingPath = remainingPath.substr(remainingPath.length(), std::wstring_view::npos);
+        }
+
+        attributes.RootDirectory = directoryHierarchy.size() > 0 ? directoryHierarchy.back().get() : nullptr;
+        ntPath.Buffer = const_cast<PWCH>(nextDir.data());
+        ntPath.Length = sizeof(WCHAR) * gsl::narrow_cast<USHORT>(nextDir.length());
+        ntPath.MaximumLength = ntPath.Length;
+        wil::unique_handle nextHandle;
+        NTSTATUS status = ZwCreateDirectoryObject(&nextHandle, DIRECTORY_ALL_ACCESS, &attributes);
+        if (status == STATUS_OBJECT_NAME_COLLISION)
+        {
+            status = NtOpenDirectoryObject(&nextHandle, MAXIMUM_ALLOWED, &attributes);
+        }
+        THROW_IF_NTSTATUS_FAILED(status);
+        directoryHierarchy.emplace_back(std::move(nextHandle));
+    }
+
+    return {std::move(sectionPath), std::move(directoryHierarchy)};
+}
+
+wil::com_ptr<IPlan9FileSystem> GuestDeviceManager::GetRemoteFileSystem(_In_ REFCLSID clsid, _In_ std::wstring_view tag)
+{
+    THROW_HR_IF(E_NOT_VALID_STATE, !m_deviceHostSupport);
+    return m_deviceHostSupport->GetRemoteFileSystem(clsid, tag);
+}
+
+void GuestDeviceManager::Shutdown()
+try
+{
+    if (m_deviceHostSupport)
+    {
+        m_deviceHostSupport->Shutdown();
+    }
+}
+CATCH_LOG()
@@ -0,0 +1,72 @@
+// Copyright (C) Microsoft Corporation. All rights reserved.
+
+#pragma once
+
+#include "DeviceHostProxy.h"
+
+// Flags for virtiofs vdev device creation.
+#define VIRTIO_FS_FLAGS_TYPE_FILES 0x8000
+#define VIRTIO_FS_FLAGS_TYPE_SECTIONS 0x4000
+
+// {872270E1-A899-4AF6-B454-7193634435AD}
+DEFINE_GUID(VIRTIO_VIRTIOFS_DEVICE_ID, 0x872270E1, 0xA899, 0x4AF6, 0xB4, 0x54, 0x71, 0x93, 0x63, 0x44, 0x35, 0xAD);
+
+// {ABB755FC-1B86-4255-83E2-E5787ABCF6C2}
+DEFINE_GUID(VIRTIO_PMEM_CLASS_ID, 0xABB755FC, 0x1B86, 0x4255, 0x83, 0xe2, 0xe5, 0x78, 0x7a, 0xbc, 0xf6, 0xc2);
+
+inline const std::wstring c_defaultDeviceTag = L"default";
+
+//
+// Provides synchronized access to guest device operations.
+//
+class GuestDeviceManager
+{
+public:
+    GuestDeviceManager(_In_ const std::wstring& machineId, _In_ const GUID& runtimeId);
+
+    _Requires_lock_not_held_(m_lock)
+    GUID AddGuestDevice(
+        _In_ const GUID& DeviceId,
+        _In_ const GUID& ImplementationClsid,
+        _In_ PCWSTR AccessName,
+        _In_opt_ PCWSTR Options,
+        _In_ PCWSTR Path,
+        _In_ UINT32 Flags,
+        _In_ HANDLE UserToken);
+
+    GUID AddNewDevice(_In_ const GUID& deviceId, _In_ const wil::com_ptr<IPlan9FileSystem>& server, _In_ PCWSTR tag);
+
+    void AddRemoteFileSystem(_In_ REFCLSID clsid, _In_ PCWSTR tag, _In_ const wil::com_ptr<IPlan9FileSystem>& server);
+
+    void AddSharedMemoryDevice(_In_ const GUID& ImplementationClsid, _In_ PCWSTR Tag, _In_ PCWSTR Path, _In_ UINT32 SizeMb, _In_ HANDLE UserToken);
+
+    wil::com_ptr<IPlan9FileSystem> GetRemoteFileSystem(_In_ REFCLSID clsid, _In_ std::wstring_view tag);
+
+    void Shutdown();
+
+private:
+    _Requires_lock_held_(m_lock)
+    GUID AddHdvShareWithOptions(
+        _In_ const GUID& DeviceId,
+        _In_ const GUID& ImplementationClsid,
+        _In_ PCWSTR AccessName,
+        _In_opt_ PCWSTR Options,
+        _In_ PCWSTR Path,
+        _In_ UINT32 Flags,
+        _In_ HANDLE UserToken);
+
+    struct DirectoryObjectLifetime
+    {
+        std::wstring Path;
+        // Directory objects are temporary, even if they have children, so need to keep
+        // any created handles open in order for the directory to remain accessible.
+        std::vector<wil::unique_handle> HierarchyLifetimes;
+    };
+
+    DirectoryObjectLifetime CreateSectionObjectRoot(_In_ std::wstring_view RelativeRootPath, _In_ HANDLE UserToken) const;
+
+    wil::srwlock m_lock;
+    std::wstring m_machineId;
+    wil::com_ptr<DeviceHostProxy> m_deviceHostSupport;
+    _Guarded_by_(m_lock) std::vector<DirectoryObjectLifetime> m_objectDirectories;
+};