Chromium Code Reviews Chromium Code Reviews
Issue 107663008:
Chrome browser process DLL blacklist. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome_elf/blacklist/blacklist.cc |
| diff --git a/chrome_elf/blacklist/blacklist.cc b/chrome_elf/blacklist/blacklist.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..139c87f1ff678dd191cad7ab77fd76f9683046c1 |
| --- /dev/null |
| +++ b/chrome_elf/blacklist/blacklist.cc |
| @@ -0,0 +1,260 @@ |
| +// Copyright 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome_elf/blacklist/blacklist.h" |
| + |
| +#include <string.h> |
| + |
| +#include "base/basictypes.h" |
| +#include "chrome_elf/blacklist/blacklist_interceptions.h" |
| +#include "sandbox/win/src/interception_internal.h" |
| +#include "sandbox/win/src/internal_types.h" |
| +#include "sandbox/win/src/sandbox_utils.h" |
| +#include "sandbox/win/src/service_resolver.h" |
| + |
| +// http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx |
| +extern "C" IMAGE_DOS_HEADER __ImageBase; |
| + |
| +namespace blacklist{ |
| + |
| +const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; |
| +int g_troublesome_dlls_cur_index = 0; |
| + |
| +const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; |
| + |
| +} // namespace blacklist |
| + |
| +// Allocate storage for thunks in a RWX page of this module to save on doing |
| +// an extra allocation at run time. |
| +#pragma section(".crthunk",read,write,execute) |
| +__declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; |
| + |
| +namespace { |
| + |
| +enum Version { |
| + VERSION_PRE_XP_SP2 = 0, // Not supported. |
| + VERSION_XP_SP2, |
| + VERSION_SERVER_2003, // Also includes XP Pro x64 and Server 2003 R2. |
| + VERSION_VISTA, // Also includes Windows Server 2008. |
| + VERSION_WIN7, // Also includes Windows Server 2008 R2. |
| + VERSION_WIN8, // Also includes Windows Server 2012. |
| + VERSION_WIN8_1, // Code named Windows Blue |
|
rvargas (doing something else)
2013/12/17 22:09:27
nit: the code name seems pointless at this point
robertshield
2013/12/18 02:34:43
Done.
|
| + VERSION_WIN_LAST, // Indicates error condition. |
| +}; |
| + |
| +// Whether a process is running under WOW64 (the wrapper that allows 32-bit |
| +// processes to run on 64-bit versions of Windows). This will return |
| +// WOW64_DISABLED for both "32-bit Chrome on 32-bit Windows" and "64-bit |
| +// Chrome on 64-bit Windows". WOW64_UNKNOWN means "an error occurred", e.g. |
| +// the process does not have sufficient access rights to determine this. |
| +enum WOW64Status { |
| + WOW64_DISABLED, |
| + WOW64_ENABLED, |
| + WOW64_UNKNOWN, |
| +}; |
| + |
| +WOW64Status GetWOW64StatusForCurrentProcess() { |
| + typedef BOOL (WINAPI* IsWow64ProcessFunc)(HANDLE, PBOOL); |
| + IsWow64ProcessFunc is_wow64_process = reinterpret_cast<IsWow64ProcessFunc>( |
| + GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process")); |
| + if (!is_wow64_process) |
| + return WOW64_DISABLED; |
| + BOOL is_wow64 = FALSE; |
| + if (!(*is_wow64_process)(GetCurrentProcess(), &is_wow64)) |
| + return WOW64_UNKNOWN; |
| + return is_wow64 ? WOW64_ENABLED : WOW64_DISABLED; |
| +} |
| + |
| +class OSInfo { |
| + public: |
| + struct VersionNumber { |
| + int major; |
| + int minor; |
| + int build; |
| + }; |
| + |
| + struct ServicePack { |
| + int major; |
| + int minor; |
| + }; |
| + |
| + OSInfo() { |
| + OSVERSIONINFOEX version_info = { sizeof(version_info) }; |
| + GetVersionEx(reinterpret_cast<OSVERSIONINFO*>(&version_info)); |
| + version_number_.major = version_info.dwMajorVersion; |
| + version_number_.minor = version_info.dwMinorVersion; |
| + version_number_.build = version_info.dwBuildNumber; |
| + if ((version_number_.major == 5) && (version_number_.minor > 0)) { |
| + // Treat XP Pro x64, Home Server, and Server 2003 R2 as Server 2003. |
| + version_ = (version_number_.minor == 1) ? VERSION_XP_SP2 : |
| + VERSION_SERVER_2003; |
| + if (version_ == VERSION_XP_SP2 && version_info.wServicePackMajor < 2) |
| + version_ = VERSION_PRE_XP_SP2; |
| + } else if (version_number_.major == 6) { |
| + switch (version_number_.minor) { |
| + case 0: |
| + // Treat Windows Server 2008 the same as Windows Vista. |
| + version_ = VERSION_VISTA; |
| + break; |
| + case 1: |
| + // Treat Windows Server 2008 R2 the same as Windows 7. |
| + version_ = VERSION_WIN7; |
| + break; |
| + case 2: |
| + // Treat Windows Server 2012 the same as Windows 8. |
| + version_ = VERSION_WIN8; |
| + break; |
| + default: |
| + version_ = VERSION_WIN8_1; |
| + break; |
| + } |
| + } else if (version_number_.major > 6) { |
| + version_ = VERSION_WIN_LAST; |
| + } else { |
| + version_ = VERSION_PRE_XP_SP2; |
| + } |
| + |
| + service_pack_.major = version_info.wServicePackMajor; |
| + service_pack_.minor = version_info.wServicePackMinor; |
| + } |
| + |
| + Version version() const { return version_; } |
| + VersionNumber version_number() const { return version_number_; } |
| + ServicePack service_pack() const { return service_pack_; } |
| + |
| + private: |
| + Version version_; |
| + VersionNumber version_number_; |
| + ServicePack service_pack_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(OSInfo); |
| +}; |
| + |
| +bool IsNonBrowserProcess() { |
| + wchar_t* command_line = GetCommandLine(); |
| + return (command_line && wcsstr(command_line, L"--type")); |
| +} |
| + |
| +} // namespace |
| + |
| +namespace blacklist { |
| + |
| +bool CreateBeacon() { |
| + HKEY beacon_key = 0; |
|
rvargas (doing something else)
2013/12/17 22:09:27
nit: NULL
robertshield
2013/12/18 02:34:43
Done.
|
| + DWORD disposition = 0; |
| + LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER, |
| + kRegistryBeaconPath, |
| + 0, |
| + NULL, |
| + 0, |
| + KEY_WRITE, |
| + NULL, |
| + &beacon_key, |
| + &disposition); |
| + bool success = (result == ERROR_SUCCESS && |
| + disposition != REG_OPENED_EXISTING_KEY); |
| + ::RegCloseKey(beacon_key); |
|
rvargas (doing something else)
2013/12/17 22:09:27
Only close the key on ERROR_SUCCESS
robertshield
2013/12/18 02:34:43
Done.
|
| + return success; |
| +} |
| + |
| +bool ClearBeacon() { |
| + LONG result = ::RegDeleteKey(HKEY_CURRENT_USER, kRegistryBeaconPath); |
| + return (result == ERROR_SUCCESS); |
| +} |
| + |
| +// Adds the given dll name to the blacklist. |
|
rvargas (doing something else)
2013/12/17 22:09:27
drop the comment
robertshield
2013/12/18 02:34:43
Done.
|
| +bool AddDllToBlacklist(const wchar_t* dll_name) { |
| + if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) |
| + return false; |
| + for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { |
| + if (!wcscmp(g_troublesome_dlls[i], dll_name)) |
| + return true; |
| + } |
| + |
| + // Copy string to blacklist. |
| + wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; |
| + wcscpy(str_buffer, dll_name); |
| + |
| + g_troublesome_dlls[g_troublesome_dlls_cur_index] = str_buffer; |
| + g_troublesome_dlls_cur_index++; |
| + return true; |
| +} |
| + |
| +// Removes the given dll name from the blacklist. |
|
rvargas (doing something else)
2013/12/17 22:09:27
ditto
robertshield
2013/12/18 02:34:43
Done.
|
| +bool RemoveDllFromBlacklist(const wchar_t* dll_name) { |
| + for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { |
| + if (!wcscmp(g_troublesome_dlls[i], dll_name)) { |
| + // Found the thing to remove. Delete it then replace it with the last |
| + // element. |
| + g_troublesome_dlls_cur_index--; |
| + delete[] g_troublesome_dlls[i]; |
| + g_troublesome_dlls[i] = g_troublesome_dlls[g_troublesome_dlls_cur_index]; |
| + g_troublesome_dlls[g_troublesome_dlls_cur_index] = NULL; |
| + return true; |
| + } |
| + } |
| + return false; |
| +} |
| + |
| +bool Initialize(bool force) { |
| +#if defined(_WIN64) |
| + // TODO(robertshield): Implement 64-bit support by providing 64-bit |
| + // interceptors. |
| + return false; |
| +#endif |
| + |
| + // Check to see if this is a non-browser process, abort if so. |
| + if (IsNonBrowserProcess()) |
| + return false; |
| + |
| + // Check to see if a beacon is present, abort if so. |
| + if (!force && !CreateBeacon()) |
| + return false; |
| + |
| + // Don't try blacklisting on unsupported OS versions. |
| + OSInfo os_info; |
| + if (os_info.version() <= VERSION_PRE_XP_SP2) |
| + return false; |
| + |
| + // Pseudo-handle, no need to close. |
| + HANDLE current_process = ::GetCurrentProcess(); |
| + |
| + // Tells the ServiceResolverThunks to patch already patched functions. |
|
rvargas (doing something else)
2013/12/17 22:09:27
tiny nit: tell the what? :). I think "resolver" is
robertshield
2013/12/18 02:34:43
Done.
|
| + const bool kRelaxed = true; |
| + |
| + // Create a thunk via the appropriate ServiceResolver instance. |
| + sandbox::ServiceResolverThunk* thunk; |
| +#if defined(_WIN64) |
| + // TODO(robertshield): Use the appropriate thunk for 64-bit support |
| + // when said support is implemented. |
| +#else |
| + if (GetWOW64StatusForCurrentProcess() == WOW64_ENABLED) { |
| + if (os_info.version() >= VERSION_WIN8) |
| + thunk = new sandbox::Wow64W8ResolverThunk(current_process, kRelaxed); |
| + else |
| + thunk = new sandbox::Wow64ResolverThunk(current_process, kRelaxed); |
| + } else if (os_info.version() >= VERSION_WIN8) { |
| + thunk = new sandbox::Win8ResolverThunk(current_process, kRelaxed); |
| + } else { |
| + thunk = new sandbox::ServiceResolverThunk(current_process, kRelaxed); |
| + } |
| +#endif |
| + |
| + thunk->AllowLocalPatches(); |
| + |
| + // Get ntdll base, target name, interceptor address, |
| + NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName), |
| + reinterpret_cast<void*>(&__ImageBase), |
| + "NtMapViewOfSection", |
| + NULL, |
| + &blacklist::BlNtMapViewOfSection, |
| + reinterpret_cast<BYTE*>(&g_thunk_storage), |
| + sizeof(sandbox::ThunkData), |
| + NULL); |
| + |
| + delete thunk; |
| + return NT_SUCCESS(ret); |
| +} |
| + |
| +} // namespace blacklist |
