OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; | 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
168 policy.DisableExtensionPoints = true; | 168 policy.DisableExtensionPoints = true; |
169 | 169 |
170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, | 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, |
171 &policy, sizeof(policy)) && | 171 &policy, sizeof(policy)) && |
172 ERROR_ACCESS_DENIED != ::GetLastError()) { | 172 ERROR_ACCESS_DENIED != ::GetLastError()) { |
173 return false; | 173 return false; |
174 } | 174 } |
175 } | 175 } |
176 | 176 |
| 177 if (version < base::win::VERSION_WIN10) |
| 178 return true; |
| 179 |
| 180 // Enable font policies. |
| 181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {0}; |
| 183 policy.DisableNonSystemFonts = true; |
| 184 |
| 185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, |
| 186 sizeof(policy)) && |
| 187 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 188 return false; |
| 189 } |
| 190 } |
| 191 |
| 192 if (version < base::win::VERSION_WIN10_10586) |
| 193 return true; |
| 194 |
| 195 // Enable image load policies. |
| 196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || |
| 197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {0}; |
| 199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) |
| 200 policy.NoRemoteImages = true; |
| 201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) |
| 202 policy.NoLowMandatoryLabelImages = true; |
| 203 |
| 204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, |
| 205 sizeof(policy)) && |
| 206 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 207 return false; |
| 208 } |
| 209 } |
| 210 |
177 return true; | 211 return true; |
178 } | 212 } |
179 | 213 |
180 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, | 214 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, |
181 DWORD64* policy_flags, size_t* size) { | 215 DWORD64* policy_flags, |
| 216 size_t* size, |
| 217 bool* no_child_processes) { |
182 base::win::Version version = base::win::GetVersion(); | 218 base::win::Version version = base::win::GetVersion(); |
183 | 219 |
184 *policy_flags = 0; | 220 *policy_flags = 0; |
185 #if defined(_WIN64) | 221 #if defined(_WIN64) |
186 *size = sizeof(*policy_flags); | 222 *size = sizeof(*policy_flags); |
187 #elif defined(_M_IX86) | 223 #elif defined(_M_IX86) |
188 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. | 224 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. |
189 if (version < base::win::VERSION_WIN8) | 225 if (version < base::win::VERSION_WIN8) |
190 *size = sizeof(DWORD); | 226 *size = sizeof(DWORD); |
191 else | 227 else |
192 *size = sizeof(*policy_flags); | 228 *size = sizeof(*policy_flags); |
193 #else | 229 #else |
194 #error This platform is not supported. | 230 #error This platform is not supported. |
195 #endif | 231 #endif |
| 232 *no_child_processes = false; |
196 | 233 |
197 // Nothing for Win XP or Vista. | 234 // Nothing for Win XP or Vista. |
198 if (version <= base::win::VERSION_VISTA) | 235 if (version <= base::win::VERSION_VISTA) |
199 return; | 236 return; |
200 | 237 |
201 // DEP and SEHOP are not valid for 64-bit Windows | 238 // DEP and SEHOP are not valid for 64-bit Windows |
202 #if !defined(_WIN64) | 239 #if !defined(_WIN64) |
203 if (flags & MITIGATION_DEP) { | 240 if (flags & MITIGATION_DEP) { |
204 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; | 241 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; |
205 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) | 242 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
245 | 282 |
246 if (flags & MITIGATION_WIN32K_DISABLE) { | 283 if (flags & MITIGATION_WIN32K_DISABLE) { |
247 *policy_flags |= | 284 *policy_flags |= |
248 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; | 285 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; |
249 } | 286 } |
250 | 287 |
251 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 288 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
252 *policy_flags |= | 289 *policy_flags |= |
253 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; | 290 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; |
254 } | 291 } |
| 292 |
| 293 if (version < base::win::VERSION_WIN10) |
| 294 return; |
| 295 |
| 296 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 297 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON; |
| 298 } |
| 299 |
| 300 if (version < base::win::VERSION_WIN10_10586) |
| 301 return; |
| 302 |
| 303 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) { |
| 304 *policy_flags |= |
| 305 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON; |
| 306 } |
| 307 |
| 308 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 309 *policy_flags |= |
| 310 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON; |
| 311 } |
| 312 |
| 313 if (flags & MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED) { |
| 314 *no_child_processes = true; |
| 315 } |
255 } | 316 } |
256 | 317 |
257 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { | 318 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { |
258 base::win::Version version = base::win::GetVersion(); | 319 base::win::Version version = base::win::GetVersion(); |
259 | 320 |
260 // Windows XP SP2+. | 321 // Windows XP SP2+. |
261 if (version < base::win::VERSION_VISTA) { | 322 if (version < base::win::VERSION_VISTA) { |
262 return flags & (MITIGATION_DEP | | 323 return flags & (MITIGATION_DEP | |
263 MITIGATION_DEP_NO_ATL_THUNK); | 324 MITIGATION_DEP_NO_ATL_THUNK); |
264 } | 325 } |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
304 ptr += size; | 365 ptr += size; |
305 } | 366 } |
306 } | 367 } |
307 #endif | 368 #endif |
308 | 369 |
309 return true; | 370 return true; |
310 } | 371 } |
311 | 372 |
312 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { | 373 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { |
313 // All of these mitigations can be enabled after startup. | 374 // All of these mitigations can be enabled after startup. |
314 return !(flags & ~(MITIGATION_HEAP_TERMINATE | | 375 return !( |
315 MITIGATION_DEP | | 376 flags & |
316 MITIGATION_DEP_NO_ATL_THUNK | | 377 ~(MITIGATION_HEAP_TERMINATE | |
317 MITIGATION_RELOCATE_IMAGE | | 378 MITIGATION_DEP | |
318 MITIGATION_RELOCATE_IMAGE_REQUIRED | | 379 MITIGATION_DEP_NO_ATL_THUNK | |
319 MITIGATION_BOTTOM_UP_ASLR | | 380 MITIGATION_RELOCATE_IMAGE | |
320 MITIGATION_STRICT_HANDLE_CHECKS | | 381 MITIGATION_RELOCATE_IMAGE_REQUIRED | |
321 MITIGATION_EXTENSION_DLL_DISABLE | | 382 MITIGATION_BOTTOM_UP_ASLR | |
322 MITIGATION_DLL_SEARCH_ORDER | | 383 MITIGATION_STRICT_HANDLE_CHECKS | |
323 MITIGATION_HARDEN_TOKEN_IL_POLICY)); | 384 MITIGATION_EXTENSION_DLL_DISABLE | |
| 385 MITIGATION_DLL_SEARCH_ORDER | |
| 386 MITIGATION_HARDEN_TOKEN_IL_POLICY | |
| 387 MITIGATION_WIN32K_DISABLE | |
| 388 MITIGATION_NONSYSTEM_FONT_DISABLE | |
| 389 MITIGATION_IMAGE_LOAD_NO_REMOTE | |
| 390 MITIGATION_IMAGE_LOAD_NO_LOW_LABEL)); |
324 } | 391 } |
325 | 392 |
326 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 393 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
327 // These mitigations cannot be enabled prior to startup. | 394 // These mitigations cannot be enabled prior to startup. |
328 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 395 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
329 MITIGATION_DLL_SEARCH_ORDER)); | 396 MITIGATION_DLL_SEARCH_ORDER)); |
330 } | 397 } |
331 | 398 |
332 } // namespace sandbox | 399 } // namespace sandbox |
333 | 400 |
OLD | NEW |