Chromium Code Reviews Chromium Code Reviews
Issue 10690058:
Add sandbox support for Windows process mitigations (Closed)
Base URL: https://src.chromium.org/svn/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ | 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ |
| 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ | 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ |
| 7 | 7 |
| 8 namespace sandbox { | 8 namespace sandbox { |
| 9 | 9 |
| 10 // List of all the integrity levels supported in the sandbox. This is used | 10 // List of all the integrity levels supported in the sandbox. This is used |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 115 // windows, bitmaps, menus, etc. Files, treads and registry handles are kernel | 115 // windows, bitmaps, menus, etc. Files, treads and registry handles are kernel |
| 116 // handles and are not affected by the job level settings. | 116 // handles and are not affected by the job level settings. |
| 117 enum JobLevel { | 117 enum JobLevel { |
| 118 JOB_LOCKDOWN = 0, | 118 JOB_LOCKDOWN = 0, |
| 119 JOB_RESTRICTED, | 119 JOB_RESTRICTED, |
| 120 JOB_LIMITED_USER, | 120 JOB_LIMITED_USER, |
| 121 JOB_INTERACTIVE, | 121 JOB_INTERACTIVE, |
| 122 JOB_UNPROTECTED | 122 JOB_UNPROTECTED |
| 123 }; | 123 }; |
| 124 | 124 |
| 125 // These flags correspond to various process-level mitigations (eg. ASLR and | |
| 126 // DEP). Most are implemented via UpdateProcThreadAttribute() plus flags for | |
| 127 // the PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute argument; documented | |
| 128 // here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686880 | |
| 129 // Some mitigations are implemented directly by the sandbox or emulated to | |
| 130 // the greatest extent possible when not directly supported by the OS. | |
| 131 // Flags that are unsupported for the target OS will be silently ignored. | |
| 132 // Flags that are invalid for their application (pre or post startup) will | |
| 133 // return SBOX_ERROR_BAD_PARAMS. | |
| 134 typedef uint64 MitigationFlags; | |
| 135 // Permanently enables DEP for the target process. Corresponds to | |
| 136 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE. | |
| 137 const MitigationFlags MITIGATION_DEP = 0x00000001; | |
|
rvargas (doing something else)
2012/09/13 19:15:26
I'm sorry to insist on this one, but please use an
| |
| 138 // Permanently Disables ATL thunk emulation when DEP is enabled. Valid | |
| 139 // only when MITIGATION_DEP is passed. Corresponds to not passing | |
| 140 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE. | |
| 141 const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; | |
| 142 // Enables Structured exception handling override prevention. Must be | |
| 143 // enabled prior to process start. Corresponds to | |
| 144 // PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE. | |
| 145 const MitigationFlags MITIGATION_SEHOP = 0x00000004; | |
| 146 // Forces ASLR on all images in the child process. Corresponds to | |
| 147 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON . | |
| 148 const MitigationFlags MITIGATION_RELOCATE_IMAGE = 0x00000008; | |
| 149 // Refuses to load DLLs that cannot support ASLR. Corresponds to | |
| 150 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS . | |
| 151 const MitigationFlags MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010; | |
| 152 // Terminates the process on Windows heap corruption. Coresponds to | |
| 153 // PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON. | |
| 154 const MitigationFlags MITIGATION_HEAP_TERMINATE = 0x00000020; | |
| 155 // Sets a random lower bound as the minimum user address. Must be | |
| 156 // enabled prior to process start. On 32-bit processes this is | |
| 157 // emulated to a much smaller degree. Corresponds to | |
| 158 // PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON. | |
| 159 const MitigationFlags MITIGATION_BOTTOM_UP_ASLR = 0x00000040; | |
| 160 // Increases the randomness range of bottom-up ASLR to up to 1TB. Must be | |
| 161 // enabled prior to process start and with MITIGATION_BOTTOM_UP_ASLR. | |
| 162 // Corresponds to | |
| 163 // PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON | |
| 164 const MitigationFlags MITIGATION_HIGH_ENTROPY_ASLR = 0x00000080; | |
| 165 // Immediately raises an exception on a bad handle reference. Must be | |
| 166 // enabled after startup. Corresponds to | |
| 167 // PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON. | |
| 168 const MitigationFlags MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100; | |
| 169 // Prevents the process from making Win32k calls. Must be enabled after | |
| 170 // startup. Corresponds to | |
| 171 // PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON. | |
| 172 const MitigationFlags MITIGATION_WIN32K_DISABLE = 0x00000200; | |
| 173 // Disables common DLL injection methods (e.g. window hooks and | |
| 174 // App_InitDLLs). Corresponds to | |
| 175 // PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON. | |
| 176 const MitigationFlags MITIGATION_EXTENSION_DLL_DISABLE = 0x00000400; | |
| 177 // Sets the DLL search order to LOAD_LIBRARY_SEARCH_DEFAULT_DIRS. Additional | |
| 178 // directories can be added via the Windows AddDllDirectory() function. | |
| 179 // http://msdn.microsoft.com/en-us/library/windows/desktop/hh310515 | |
| 180 // Must be enabled after startup. | |
| 181 const MitigationFlags MITIGATION_DLL_SEARCH_ORDER = 0x00000001ULL << 32; | |
| 182 | |
| 125 } // namespace sandbox | 183 } // namespace sandbox |
| 126 | 184 |
| 127 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ | 185 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ |
| OLD | NEW |
