Merge pull request from GHSA-q7c2-pgqm-vvw5

GHSA-q7c2-pgqm-vvw5

An exploit was possible which allowed a user to elevate from user to system privileges.
This is via installing a malicious add-on to the secure screen.
This allowed the user to execute arbitrary code with system permissions.

None

When NVDA is running in secure mode, such as on a secure screen, the following remote procedure calls are now blocked:
- installing an add-on to a secure desktop
- opening the config directory on the secure desktop (this does not appear to do anything on the secure desktop)

with a self-signed build:
- Test STR in GHSA-q7c2-pgqm-vvw5
- Smoke test the sign-in process

source/NVDAHelper.py

@@ -28,6 +28,7 @@
 import api
 import globalVars
 from logHandler import log
+from utils.security import isWindowsLocked
 
 versionedLibPath = os.path.join(globalVars.appDir, 'lib')
 if os.environ.get('PROCESSOR_ARCHITEW6432') == 'ARM64':
@@ -449,7 +450,13 @@ def nvdaControllerInternal_vbufChangeNotify(rootDocHandle, rootID):
 @WINFUNCTYPE(c_long, c_wchar_p)
 def nvdaControllerInternal_installAddonPackageFromPath(addonPath):
 	if globalVars.appArgs.launcher:
-		log.debugWarning("Unable to install addon into launcher.")
+		log.debugWarning("Unable to install add-on into launcher.")
+		return
+	if globalVars.appArgs.secure:
+		log.debugWarning("Unable to install add-on into secure copy of NVDA.")
+		return
+	if isWindowsLocked():
+		log.debugWarning("Unable to install add-on while Windows is locked.")
 		return
 	import wx
 	from gui import addonGui
@@ -460,6 +467,12 @@ def nvdaControllerInternal_installAddonPackageFromPath(addonPath):
 
 @WINFUNCTYPE(c_long)
 def nvdaControllerInternal_openConfigDirectory():
+	if globalVars.appArgs.secure:
+		log.debugWarning("Unable to open user config directory for secure copy of NVDA.")
+		return
+	if isWindowsLocked():
+		log.debugWarning("Unable to open user config directory while Windows is locked.")
+		return
 	import systemUtils
 	systemUtils.openUserConfigurationDirectory()
 	return 0