Dynamic factory uses environment

JohnMcPMS · Jan 13, 2025 · 4799ddf · 4799ddf
1 parent 4afdcb2
commit 4799ddf
Showing 1 changed file with 10 additions and 30 deletions.
diff --git a/src/AppInstallerCLICore/ConfigurationDynamicRuntimeFactory.cpp b/src/AppInstallerCLICore/ConfigurationDynamicRuntimeFactory.cpp
@@ -212,16 +212,13 @@ namespace AppInstaller::CLI::ConfigurationRemoting
 
         private:
             // Converts the string representation of SecurityContext to the integrity level
-            Security::IntegrityLevel SecurityContextToIntegrityLevel(winrt::hstring securityContext)
+            Security::IntegrityLevel SecurityContextToIntegrityLevel(SecurityContext securityContext)
             {
-                std::wstring securityContextLower = Utility::ToLower(securityContext);
-
-                if (securityContextLower == L"elevated")
-                {
-                    return Security::IntegrityLevel::High;
-                }
-                else if (securityContextLower == L"restricted")
+                switch (securityContext)
                 {
+                case SecurityContext::Current:
+                    return m_currentIntegrityLevel;
+                case SecurityContext::Restricted:
 #ifndef AICLI_DISABLE_TEST_HOOKS
                     if (m_enableRestrictedIntegrityLevel)
                     {
@@ -236,34 +233,17 @@ namespace AppInstaller::CLI::ConfigurationRemoting
                         // Technically this means the default level of the user token, so if UAC is disabled it would be the only integrity level (aka current).
                         // return Security::IntegrityLevel::Medium;
                     }
+                case SecurityContext::Elevated:
+                    return Security::IntegrityLevel::High;
+                default:
+                    THROW_WIN32(ERROR_NOT_SUPPORTED);
                 }
-                else if (securityContextLower == L"current")
-                {
-                    return m_currentIntegrityLevel;
-                }
-
-                THROW_WIN32(ERROR_NOT_SUPPORTED);
             }
 
             // Gets the integrity level that the given unit should be run at
             Security::IntegrityLevel GetIntegrityLevelForUnit(const ConfigurationUnit& unit)
             {
-                // Support for 0.2 schema via metadata value
-                // TODO: Support case-insensitive lookup by iteration
-                auto unitMetadata = unit.Metadata();
-                auto securityContext = unitMetadata.TryLookup(L"securityContext");
-                if (securityContext)
-                {
-                    auto securityContextProperty = securityContext.try_as<IPropertyValue>();
-                    if (securityContextProperty && securityContextProperty.Type() == PropertyType::String)
-                    {
-                        return SecurityContextToIntegrityLevel(securityContextProperty.GetString());
-                    }
-                }
-
-                // TODO: Support for 0.3 schema will require a group processor wrapper
-
-                return m_currentIntegrityLevel;
+                return SecurityContextToIntegrityLevel(unit.Environment().Context());
             }
 
             // Serializes the set properties to be sent to the remote server