Add sandbox support for Windows process mitigations

sandbox/win/src/broker_services.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/broker_services.h"
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/threading/platform_thread.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "base/win/startup_information.h"
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/app_container.h"
+#include "sandbox/win/src/process_mitigations.h"
 #include "sandbox/win/src/sandbox_policy_base.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/target_process.h"
 #include "sandbox/win/src/win2k_threadpool.h"
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
 
 // Utility function to associate a completion port to a job object.
 bool AssociateCompletionPort(HANDLE job, HANDLE port, void* key) {
@@ skipping 288 matching lines @@
     return result;
 
   // Initialize the startup information from the policy.
   base::win::StartupInformation startup_info;
   string16 desktop = policy_base->GetAlternateDesktop();
   if (!desktop.empty()) {
     startup_info.startup_info()->lpDesktop =
         const_cast<wchar_t*>(desktop.c_str());
   }
 
+  int attribute_count = 0;
   const AppContainerAttributes* app_container = policy_base->GetAppContainer();
+  if (app_container)
+    ++attribute_count;
+
+  DWORD64 mitigations = GetProcessMitigationPolicyFlags(
+                            policy->GetProcessMitigations());
+  if (mitigations)
+    ++attribute_count;
+
+  if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
+    return SBOX_ERROR_GENERIC;

[rvargas (doing something else), 2012/09/08 02:23:32]

Use a specific error code (and below)

[jschuh, 2012/09/10 23:58:48]

Done.

+
   if (app_container) {
-    startup_info.InitializeProcThreadAttributeList(1);
     result = app_container->ShareForStartup(&startup_info);
     if (SBOX_ALL_OK != result)
       return result;
   }
 
+  if (mitigations) {
+#ifndef _WIN64

[rvargas (doing something else), 2012/09/08 02:23:32]

#if defined(_WIN64)

[jschuh, 2012/09/10 23:58:48]

Done.

+    // A 64-bit flags attribute is illegal on 32-bit Win 7 and below.
+    if (base::win::GetVersion() < base::win::VERSION_WIN8) {

[rvargas (doing something else), 2012/09/08 02:23:32]

Can we send all this logic somewhere else?

[jschuh, 2012/09/10 23:58:48]

Done.

+      DWORD mitigations32 = static_cast<DWORD>(mitigations);
+      if (!startup_info.UpdateProcThreadAttribute(
+               PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations32,
+               sizeof(mitigations32))) {
+        return SBOX_ERROR_GENERIC;
+      }
+    } else {
+      if (!startup_info.UpdateProcThreadAttribute(
+               PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
+               sizeof(mitigations))) {
+        return SBOX_ERROR_GENERIC;
+      }
+    }
+#else
+    if (!startup_info.UpdateProcThreadAttribute(
+              PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
+              sizeof(mitigations))) {
+      return SBOX_ERROR_GENERIC;
+    }
+#endif
+  }
+
   // Construct the thread pool here in case it is expensive.
   // The thread pool is shared by all the targets
   if (NULL == thread_pool_)
     thread_pool_ = new Win2kThreadPool();
 
   // Create the TargetProces object and spawn the target suspended. Note that
   // Brokerservices does not own the target object. It is owned by the Policy.
   base::win::ScopedProcessInformation process_info;
   TargetProcess* target = new TargetProcess(initial_token.Take(),
                                             lockdown_token.Take(),
@@ skipping 94 matching lines @@
     return SBOX_ERROR_UNSUPPORTED;
 
   string16 name =  LookupAppContainer(sid);
   if (name.empty())
     return SBOX_ERROR_INVALID_APP_CONTAINER;
 
   return DeleteAppContainer(sid);
 }
 
 }  // namespace sandbox