Revert 162293 - Enable DEP earlier on Vista and below

sandbox/win/src/process_mitigations.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/process_mitigations.h"
 
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/nt_internals.h"
-#include "sandbox/win/src/sandbox_types.h"
 #include "sandbox/win/src/sandbox_utils.h"
-#include "sandbox/win/src/target_process.h"
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
 
 // Functions for enabling policies.
 typedef BOOL (WINAPI *SetProcessDEPPolicyFunction)(DWORD dwFlags);
 
 typedef BOOL (WINAPI *SetProcessMitigationPolicyFunction)(
     PROCESS_MITIGATION_POLICY mitigation_policy,
     PVOID buffer,
     SIZE_T length);
 
 typedef BOOL (WINAPI *SetDefaultDllDirectoriesFunction)(
     DWORD DirectoryFlags);
 
-void CALLBACK ApplyMitigationsCallback(ULONG_PTR flags) {
-  if (!sandbox::ApplyProcessMitigationsToCurrentProcess(flags))
-    ::TerminateProcess(::GetCurrentProcess(), sandbox::SBOX_FATAL_MITIGATION);
-}
-
 }  // namespace
 
 namespace sandbox {
 
 bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
   if (!CanSetProcessMitigationsPostStartup(flags))
     return false;
 
   // We can't apply anything before Win XP, so just return cleanly.
   if (!IsXPSP2OrLater())
@@ skipping 203 matching lines @@
         PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON;
   }
 
   if (flags & MITIGATION_EXTENSION_DLL_DISABLE) {
     *policy_flags |=
         PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON;
   }
 }
 
 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) {
+  // Anything prior to XP SP2.
+  if (!IsXPSP2OrLater())
+    return 0;
+
   base::win::Version version = base::win::GetVersion();
 
+  // Windows XP SP2+.
   if (version < base::win::VERSION_VISTA) {
-    return 0;
+    return flags & (MITIGATION_DEP |
+                    MITIGATION_DEP_NO_ATL_THUNK);
 
+  // Windows Vista
+  if (version < base::win::VERSION_WIN7) {
+    return flags & (MITIGATION_DEP |
+                    MITIGATION_DEP_NO_ATL_THUNK |
+                    MITIGATION_BOTTOM_UP_ASLR |
+                    MITIGATION_DLL_SEARCH_ORDER |
+                    MITIGATION_HEAP_TERMINATE);
+  }
+
+  // Windows 7 and Vista.
   } else if (version < base::win::VERSION_WIN8) {
-    return flags & (MITIGATION_DLL_SEARCH_ORDER |
+    return flags & (MITIGATION_BOTTOM_UP_ASLR |
+                    MITIGATION_DLL_SEARCH_ORDER |
                     MITIGATION_HEAP_TERMINATE);
   }
 
   // Windows 8 and above.
-  return flags & (MITIGATION_DLL_SEARCH_ORDER);
+  return flags & (MITIGATION_BOTTOM_UP_ASLR |
+                  MITIGATION_DLL_SEARCH_ORDER);
 }
 
-bool ApplyProcessMitigationsToSuspendedTarget(TargetProcess* target,
-                                              MitigationFlags flags) {
+bool ApplyProcessMitigationsToSuspendedProcess(HANDLE process,
+                                               MitigationFlags flags) {
+// This is a hack to fake a weak bottom-up ASLR on 32-bit Windows.
 #if !defined(_WIN64)
-  // This is a hack to fake a weak bottom-up ASLR on 32-bit Windows.
   if (flags & MITIGATION_BOTTOM_UP_ASLR) {
     unsigned int limit;
     rand_s(&limit);
     char* ptr = 0;
     const size_t kMask64k = 0xFFFF;
     // Random range (512k-16.5mb) in 64k steps.
     const char* end = ptr + ((((limit % 16384) + 512) * 1024) & ~kMask64k);
-    HANDLE process = target->Process();
     while (ptr < end) {
       MEMORY_BASIC_INFORMATION memory_info;
       if (!::VirtualQueryEx(process, ptr, &memory_info, sizeof(memory_info)))
         break;
       size_t size = std::min((memory_info.RegionSize + kMask64k) & ~kMask64k,
                              static_cast<SIZE_T>(end - ptr));
       if (ptr && memory_info.State == MEM_FREE)
         ::VirtualAllocEx(process, ptr, size, MEM_RESERVE, PAGE_NOACCESS);
       ptr += size;
     }
   }
-
-  // Since the process is suspended, we can schedule an APC to set the DEP
-  // policy immediately after then loader finishes.
-  ULONG_PTR dep_flags = flags & (MITIGATION_DEP | MITIGATION_DEP_NO_ATL_THUNK);
-  if (dep_flags && base::win::GetVersion() < base::win::VERSION_WIN7) {
-    if (!::QueueUserAPC(ApplyMitigationsCallback, target->MainThread(),
-                        static_cast<ULONG_PTR>(dep_flags))) {
-      return false;
-    }
-  }
 #endif
 
   return true;
 }
 
 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) {
   // All of these mitigations can be enabled after startup.
   return !(flags & ~(MITIGATION_HEAP_TERMINATE |
                      MITIGATION_DEP |
                      MITIGATION_DEP_NO_ATL_THUNK |
                      MITIGATION_RELOCATE_IMAGE |
                      MITIGATION_RELOCATE_IMAGE_REQUIRED |
                      MITIGATION_BOTTOM_UP_ASLR |
                      MITIGATION_STRICT_HANDLE_CHECKS |
                      MITIGATION_WIN32K_DISABLE |
                      MITIGATION_EXTENSION_DLL_DISABLE |
                      MITIGATION_DLL_SEARCH_ORDER));
 }
 
 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) {
   // These mitigations cannot be enabled prior to startup.
   return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS |
                     MITIGATION_WIN32K_DISABLE |
                     MITIGATION_DLL_SEARCH_ORDER));
 }
 
 }  // namespace sandbox