Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(334)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/app/startup_helper_win.cc

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/common/sandbox_policy.cc » ('j') | sandbox/win/src/process_mitigations.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/public/app/startup_helper_win.h" 5 #include "content/public/app/startup_helper_win.h"
6 6
7 #include <crtdbg.h> 7 #include <crtdbg.h>
8 #include <new.h> 8 #include <new.h>
9 9
10 #include "base/base_switches.h" 10 #include "base/base_switches.h"
11 #include "base/command_line.h" 11 #include "base/command_line.h"
12 #include "base/win/windows_version.h" 12 #include "base/win/windows_version.h"
13 #include "sandbox/win/src/dep.h" 13 #include "sandbox/win/src/process_mitigations.h"
14 #include "sandbox/win/src/sandbox_factory.h" 14 #include "sandbox/win/src/sandbox_factory.h"
15 15
16 namespace { 16 namespace {
17 17
18 #pragma optimize("", off) 18 #pragma optimize("", off)
19 // Handlers for invalid parameter and pure call. They generate a breakpoint to 19 // Handlers for invalid parameter and pure call. They generate a breakpoint to
20 // tell breakpad that it needs to dump the process. 20 // tell breakpad that it needs to dump the process.
21 void InvalidParameter(const wchar_t* expression, const wchar_t* function, 21 void InvalidParameter(const wchar_t* expression, const wchar_t* function,
22 const wchar_t* file, unsigned int line, 22 const wchar_t* file, unsigned int line,
23 uintptr_t reserved) { 23 uintptr_t reserved) {
24 __debugbreak(); 24 __debugbreak();
25 _exit(1); 25 _exit(1);
26 } 26 }
27 27
28 void PureCall() { 28 void PureCall() {
29 __debugbreak(); 29 __debugbreak();
30 _exit(1); 30 _exit(1);
31 } 31 }
32 #pragma optimize("", on) 32 #pragma optimize("", on)
33 33
34 } // namespace 34 } // namespace
35 35
36 namespace content { 36 namespace content {
37 37
38 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) { 38 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) {
39 info->broker_services = sandbox::SandboxFactory::GetBrokerServices(); 39 info->broker_services = sandbox::SandboxFactory::GetBrokerServices();
40 if (!info->broker_services) 40 if (!info->broker_services) {
41 info->target_services = sandbox::SandboxFactory::GetTargetServices(); 41 info->target_services = sandbox::SandboxFactory::GetTargetServices();
42 42 } else {
43 if (base::win::GetVersion() < base::win::VERSION_VISTA) { 43 // Ensure the proper mitigations are enforced for the browser process.
44 // Enforces strong DEP support. Vista uses the NXCOMPAT flag in the exe. 44 sandbox::ApplyProcessMitigationsToCurrentProcess(
45 sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED); 45 sandbox::MITIGATION_DEP |
46 sandbox::MITIGATION_DEP_NO_ATL_THUNK);
46 } 47 }
47 } 48 }
48 49
49 // Register the invalid param handler and pure call handler to be able to 50 // Register the invalid param handler and pure call handler to be able to
50 // notify breakpad when it happens. 51 // notify breakpad when it happens.
51 void RegisterInvalidParamHandler() { 52 void RegisterInvalidParamHandler() {
52 _set_invalid_parameter_handler(InvalidParameter); 53 _set_invalid_parameter_handler(InvalidParameter);
53 _set_purecall_handler(PureCall); 54 _set_purecall_handler(PureCall);
54 // Also enable the new handler for malloc() based failures. 55 // Also enable the new handler for malloc() based failures.
55 _set_new_mode(1); 56 _set_new_mode(1);
56 } 57 }
57 58
58 void SetupCRT(const CommandLine& command_line) { 59 void SetupCRT(const CommandLine& command_line) {
59 #if defined(_CRTDBG_MAP_ALLOC) 60 #if defined(_CRTDBG_MAP_ALLOC)
60 _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR); 61 _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
61 _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE); 62 _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
62 #else 63 #else
63 if (!command_line.HasSwitch(switches::kDisableBreakpad)) { 64 if (!command_line.HasSwitch(switches::kDisableBreakpad)) {
64 _CrtSetReportMode(_CRT_ASSERT, 0); 65 _CrtSetReportMode(_CRT_ASSERT, 0);
65 } 66 }
66 #endif 67 #endif
67 } 68 }
68 69
69 } // namespace content 70 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_policy.cc » ('j') | sandbox/win/src/process_mitigations.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698