| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; | 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
| 168 policy.DisableExtensionPoints = true; | 168 policy.DisableExtensionPoints = true; |
| 169 | 169 |
| 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, | 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, |
| 171 &policy, sizeof(policy)) && | 171 &policy, sizeof(policy)) && |
| 172 ERROR_ACCESS_DENIED != ::GetLastError()) { | 172 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 173 return false; | 173 return false; |
| 174 } | 174 } |
| 175 } | 175 } |
| 176 | 176 |
| 177 if (version < base::win::VERSION_WIN10) |
| 178 return true; |
| 179 |
| 180 // Enable font policies. |
| 181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {0}; |
| 183 policy.DisableNonSystemFonts = true; |
| 184 |
| 185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, |
| 186 sizeof(policy)) && |
| 187 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 188 return false; |
| 189 } |
| 190 } |
| 191 |
| 192 if (version < base::win::VERSION_WIN10_10586) |
| 193 return true; |
| 194 |
| 195 // Enable image load policies. |
| 196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || |
| 197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {0}; |
| 199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) |
| 200 policy.NoRemoteImages = true; |
| 201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) |
| 202 policy.NoLowMandatoryLabelImages = true; |
| 203 |
| 204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, |
| 205 sizeof(policy)) && |
| 206 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 207 return false; |
| 208 } |
| 209 } |
| 210 |
| 177 return true; | 211 return true; |
| 178 } | 212 } |
| 179 | 213 |
| 180 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, | 214 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, |
| 181 DWORD64* policy_flags, size_t* size) { | 215 DWORD64* policy_flags, |
| 216 size_t* size, |
| 217 bool* no_child_processes) { |
| 182 base::win::Version version = base::win::GetVersion(); | 218 base::win::Version version = base::win::GetVersion(); |
| 183 | 219 |
| 184 *policy_flags = 0; | 220 *policy_flags = 0; |
| 185 #if defined(_WIN64) | 221 #if defined(_WIN64) |
| 186 *size = sizeof(*policy_flags); | 222 *size = sizeof(*policy_flags); |
| 187 #elif defined(_M_IX86) | 223 #elif defined(_M_IX86) |
| 188 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. | 224 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. |
| 189 if (version < base::win::VERSION_WIN8) | 225 if (version < base::win::VERSION_WIN8) |
| 190 *size = sizeof(DWORD); | 226 *size = sizeof(DWORD); |
| 191 else | 227 else |
| 192 *size = sizeof(*policy_flags); | 228 *size = sizeof(*policy_flags); |
| 193 #else | 229 #else |
| 194 #error This platform is not supported. | 230 #error This platform is not supported. |
| 195 #endif | 231 #endif |
| 232 *no_child_processes = false; |
| 196 | 233 |
| 197 // Nothing for Win XP or Vista. | 234 // Nothing for Win XP or Vista. |
| 198 if (version <= base::win::VERSION_VISTA) | 235 if (version <= base::win::VERSION_VISTA) |
| 199 return; | 236 return; |
| 200 | 237 |
| 201 // DEP and SEHOP are not valid for 64-bit Windows | 238 // DEP and SEHOP are not valid for 64-bit Windows |
| 202 #if !defined(_WIN64) | 239 #if !defined(_WIN64) |
| 203 if (flags & MITIGATION_DEP) { | 240 if (flags & MITIGATION_DEP) { |
| 204 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; | 241 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; |
| 205 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) | 242 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 | 282 |
| 246 if (flags & MITIGATION_WIN32K_DISABLE) { | 283 if (flags & MITIGATION_WIN32K_DISABLE) { |
| 247 *policy_flags |= | 284 *policy_flags |= |
| 248 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; | 285 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; |
| 249 } | 286 } |
| 250 | 287 |
| 251 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 288 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
| 252 *policy_flags |= | 289 *policy_flags |= |
| 253 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; | 290 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; |
| 254 } | 291 } |
| 292 |
| 293 if (version < base::win::VERSION_WIN10) |
| 294 return; |
| 295 |
| 296 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 297 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON; |
| 298 } |
| 299 |
| 300 if (version < base::win::VERSION_WIN10_10586) |
| 301 return; |
| 302 |
| 303 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) { |
| 304 *policy_flags |= |
| 305 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON; |
| 306 } |
| 307 |
| 308 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 309 *policy_flags |= |
| 310 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON; |
| 311 } |
| 312 |
| 313 if (flags & MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED) { |
| 314 *no_child_processes = true; |
| 315 } |
| 255 } | 316 } |
| 256 | 317 |
| 257 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { | 318 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { |
| 258 base::win::Version version = base::win::GetVersion(); | 319 base::win::Version version = base::win::GetVersion(); |
| 259 | 320 |
| 260 // Windows XP SP2+. | 321 // Windows XP SP2+. |
| 261 if (version < base::win::VERSION_VISTA) { | 322 if (version < base::win::VERSION_VISTA) { |
| 262 return flags & (MITIGATION_DEP | | 323 return flags & (MITIGATION_DEP | |
| 263 MITIGATION_DEP_NO_ATL_THUNK); | 324 MITIGATION_DEP_NO_ATL_THUNK); |
| 264 } | 325 } |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 304 ptr += size; | 365 ptr += size; |
| 305 } | 366 } |
| 306 } | 367 } |
| 307 #endif | 368 #endif |
| 308 | 369 |
| 309 return true; | 370 return true; |
| 310 } | 371 } |
| 311 | 372 |
| 312 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { | 373 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { |
| 313 // All of these mitigations can be enabled after startup. | 374 // All of these mitigations can be enabled after startup. |
| 314 return !(flags & ~(MITIGATION_HEAP_TERMINATE | | 375 return !( |
| 315 MITIGATION_DEP | | 376 flags & |
| 316 MITIGATION_DEP_NO_ATL_THUNK | | 377 ~(MITIGATION_HEAP_TERMINATE | |
| 317 MITIGATION_RELOCATE_IMAGE | | 378 MITIGATION_DEP | |
| 318 MITIGATION_RELOCATE_IMAGE_REQUIRED | | 379 MITIGATION_DEP_NO_ATL_THUNK | |
| 319 MITIGATION_BOTTOM_UP_ASLR | | 380 MITIGATION_RELOCATE_IMAGE | |
| 320 MITIGATION_STRICT_HANDLE_CHECKS | | 381 MITIGATION_RELOCATE_IMAGE_REQUIRED | |
| 321 MITIGATION_EXTENSION_DLL_DISABLE | | 382 MITIGATION_BOTTOM_UP_ASLR | |
| 322 MITIGATION_DLL_SEARCH_ORDER | | 383 MITIGATION_STRICT_HANDLE_CHECKS | |
| 323 MITIGATION_HARDEN_TOKEN_IL_POLICY)); | 384 MITIGATION_EXTENSION_DLL_DISABLE | |
| 385 MITIGATION_DLL_SEARCH_ORDER | |
| 386 MITIGATION_HARDEN_TOKEN_IL_POLICY | |
| 387 MITIGATION_WIN32K_DISABLE | |
| 388 MITIGATION_NONSYSTEM_FONT_DISABLE | |
| 389 MITIGATION_IMAGE_LOAD_NO_REMOTE | |
| 390 MITIGATION_IMAGE_LOAD_NO_LOW_LABEL)); |
| 324 } | 391 } |
| 325 | 392 |
| 326 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 393 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
| 327 // These mitigations cannot be enabled prior to startup. | 394 // These mitigations cannot be enabled prior to startup. |
| 328 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 395 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
| 329 MITIGATION_DLL_SEARCH_ORDER)); | 396 MITIGATION_DLL_SEARCH_ORDER)); |
| 330 } | 397 } |
| 331 | 398 |
| 332 } // namespace sandbox | 399 } // namespace sandbox |
| 333 | 400 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1626623003:
[Win10 sandbox mitigations] Four new Win10 mitigations added. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master