Chromium Code Reviews Chromium Code Reviews
Issue 10690058:
Add sandbox support for Windows process mitigations (Closed)
Base URL: https://src.chromium.org/svn/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_policy.h" | 5 #include "content/common/sandbox_policy.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/debug/debugger.h" | 10 #include "base/debug/debugger.h" |
| 11 #include "base/debug/trace_event.h" | 11 #include "base/debug/trace_event.h" |
| 12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/path_service.h" | 15 #include "base/path_service.h" |
| 16 #include "base/process_util.h" | 16 #include "base/process_util.h" |
| 17 #include "base/string_util.h" | 17 #include "base/string_util.h" |
| 18 #include "base/stringprintf.h" | 18 #include "base/stringprintf.h" |
| 19 #include "base/win/iat_patch_function.h" | 19 #include "base/win/iat_patch_function.h" |
| 20 #include "base/win/scoped_handle.h" | 20 #include "base/win/scoped_handle.h" |
| 21 #include "base/win/scoped_process_information.h" | 21 #include "base/win/scoped_process_information.h" |
| 22 #include "base/win/windows_version.h" | 22 #include "base/win/windows_version.h" |
| 23 #include "content/common/debug_flags.h" | 23 #include "content/common/debug_flags.h" |
| 24 #include "content/public/common/content_client.h" | 24 #include "content/public/common/content_client.h" |
| 25 #include "content/public/common/content_switches.h" | 25 #include "content/public/common/content_switches.h" |
| 26 #include "content/public/common/process_type.h" | 26 #include "content/public/common/process_type.h" |
| 27 #include "content/public/common/sandbox_init.h" | 27 #include "content/public/common/sandbox_init.h" |
| 28 #include "sandbox/win/src/process_mitigations.h" | |
| 28 #include "sandbox/win/src/sandbox.h" | 29 #include "sandbox/win/src/sandbox.h" |
| 29 #include "sandbox/win/src/sandbox_nt_util.h" | 30 #include "sandbox/win/src/sandbox_nt_util.h" |
| 30 #include "sandbox/win/src/win_utils.h" | 31 #include "sandbox/win/src/win_utils.h" |
| 31 #include "ui/gl/gl_switches.h" | 32 #include "ui/gl/gl_switches.h" |
| 32 | 33 |
| 33 static sandbox::BrokerServices* g_broker_services = NULL; | 34 static sandbox::BrokerServices* g_broker_services = NULL; |
| 34 static sandbox::TargetServices* g_target_services = NULL; | 35 static sandbox::TargetServices* g_target_services = NULL; |
| 35 | 36 |
| 36 namespace { | 37 namespace { |
| 37 | 38 |
| (...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 719 #endif | 720 #endif |
| 720 | 721 |
| 721 if (!in_sandbox) { | 722 if (!in_sandbox) { |
| 722 policy->Release(); | 723 policy->Release(); |
| 723 base::ProcessHandle process = 0; | 724 base::ProcessHandle process = 0; |
| 724 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); | 725 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); |
| 725 g_broker_services->AddTargetPeer(process); | 726 g_broker_services->AddTargetPeer(process); |
| 726 return process; | 727 return process; |
| 727 } | 728 } |
| 728 | 729 |
| 730 uint64 mitigations = TargetPolicy::MITIGATION_RELOCATE_IMAGE | | |
| 731 TargetPolicy::MITIGATION_RELOCATE_IMAGE_REQUIRED | | |
| 732 TargetPolicy::MITIGATION_HEAP_TERMINATE | | |
| 733 TargetPolicy::MITIGATION_BOTTOM_UP_ASLR | | |
| 734 TargetPolicy::MITIGATION_HIGH_ENTROPY_ASLR | | |
| 735 TargetPolicy::MITIGATION_DLL_SEARCH_ORDER; | |
| 736 // TODO(jschuh): Make NaCl work with DEP and SEHOP | |
|
cpu_(ooo_6.6-7.5)
2012/09/07 19:22:55
period
jschuh
2012/09/07 20:23:14
Done.
| |
| 737 if (type != content::PROCESS_TYPE_NACL_LOADER) { | |
| 738 mitigations |= TargetPolicy::MITIGATION_DEP | | |
| 739 TargetPolicy::MITIGATION_DEP_NO_ATL_THUNK | | |
| 740 TargetPolicy::MITIGATION_SEHOP; | |
| 741 } | |
| 742 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) | |
| 743 return 0; | |
| 744 | |
| 745 mitigations = TargetPolicy::MITIGATION_STRICT_HANDLE_CHECKS | | |
| 746 TargetPolicy::MITIGATION_EXTENSION_DLL_DISABLE; | |
| 747 if (policy->SetDelayedProcessMitigations(mitigations) != | |
| 748 sandbox::SBOX_ALL_OK) { | |
| 749 return 0; | |
| 750 } | |
| 751 | |
| 729 if (type == content::PROCESS_TYPE_PLUGIN) { | 752 if (type == content::PROCESS_TYPE_PLUGIN) { |
| 730 AddGenericDllEvictionPolicy(policy); | 753 AddGenericDllEvictionPolicy(policy); |
| 731 AddPluginDllEvictionPolicy(policy); | 754 AddPluginDllEvictionPolicy(policy); |
| 732 } else if (type == content::PROCESS_TYPE_GPU) { | 755 } else if (type == content::PROCESS_TYPE_GPU) { |
| 733 if (!AddPolicyForGPU(cmd_line, policy)) | 756 if (!AddPolicyForGPU(cmd_line, policy)) |
| 734 return 0; | 757 return 0; |
| 735 } else { | 758 } else { |
| 736 if (!AddPolicyForRenderer(policy)) | 759 if (!AddPolicyForRenderer(policy)) |
| 737 return 0; | 760 return 0; |
| 738 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. | 761 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 865 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 888 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 866 } | 889 } |
| 867 | 890 |
| 868 base::ProcessHandle StartProcessWithAccess( | 891 base::ProcessHandle StartProcessWithAccess( |
| 869 CommandLine* cmd_line, | 892 CommandLine* cmd_line, |
| 870 const FilePath& exposed_dir) { | 893 const FilePath& exposed_dir) { |
| 871 return sandbox::StartProcessWithAccess(cmd_line, exposed_dir); | 894 return sandbox::StartProcessWithAccess(cmd_line, exposed_dir); |
| 872 } | 895 } |
| 873 | 896 |
| 874 } // namespace content | 897 } // namespace content |
| OLD | NEW |
