OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
155 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {}; | 155 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {}; |
156 policy.DisallowWin32kSystemCalls = true; | 156 policy.DisallowWin32kSystemCalls = true; |
157 | 157 |
158 if (!set_process_mitigation_policy(ProcessSystemCallDisablePolicy, &policy, | 158 if (!set_process_mitigation_policy(ProcessSystemCallDisablePolicy, &policy, |
159 sizeof(policy)) && | 159 sizeof(policy)) && |
160 ERROR_ACCESS_DENIED != ::GetLastError()) { | 160 ERROR_ACCESS_DENIED != ::GetLastError()) { |
161 return false; | 161 return false; |
162 } | 162 } |
163 } | 163 } |
164 | 164 |
165 // Enable system call policies. | 165 // Enable dll extension policies. |
166 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 166 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; | 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
168 policy.DisableExtensionPoints = true; | 168 policy.DisableExtensionPoints = true; |
169 | 169 |
170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, | 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, |
171 &policy, sizeof(policy)) && | 171 &policy, sizeof(policy)) && |
172 ERROR_ACCESS_DENIED != ::GetLastError()) { | 172 ERROR_ACCESS_DENIED != ::GetLastError()) { |
173 return false; | 173 return false; |
174 } | 174 } |
175 } | 175 } |
176 | 176 |
| 177 if (version < base::win::VERSION_WIN10) |
| 178 return true; |
| 179 |
| 180 // Enable font policies. |
| 181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {0}; |
| 183 policy.DisableNonSystemFonts = true; |
| 184 |
| 185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, |
| 186 sizeof(policy)) && |
| 187 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 188 return false; |
| 189 } |
| 190 } |
| 191 |
| 192 if (version < base::win::VERSION_WIN10_TH2) |
| 193 return true; |
| 194 |
| 195 // Enable image load policies. |
| 196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || |
| 197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {0}; |
| 199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) |
| 200 policy.NoRemoteImages = true; |
| 201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) |
| 202 policy.NoLowMandatoryLabelImages = true; |
| 203 |
| 204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, |
| 205 sizeof(policy)) && |
| 206 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 207 return false; |
| 208 } |
| 209 } |
| 210 |
177 return true; | 211 return true; |
178 } | 212 } |
179 | 213 |
180 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, | 214 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, |
181 DWORD64* policy_flags, size_t* size) { | 215 DWORD64* policy_flags, |
| 216 size_t* size) { |
182 base::win::Version version = base::win::GetVersion(); | 217 base::win::Version version = base::win::GetVersion(); |
183 | 218 |
184 *policy_flags = 0; | 219 *policy_flags = 0; |
185 #if defined(_WIN64) | 220 #if defined(_WIN64) |
186 *size = sizeof(*policy_flags); | 221 *size = sizeof(*policy_flags); |
187 #elif defined(_M_IX86) | 222 #elif defined(_M_IX86) |
188 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. | 223 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. |
189 if (version < base::win::VERSION_WIN8) | 224 if (version < base::win::VERSION_WIN8) |
190 *size = sizeof(DWORD); | 225 *size = sizeof(DWORD); |
191 else | 226 else |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
245 | 280 |
246 if (flags & MITIGATION_WIN32K_DISABLE) { | 281 if (flags & MITIGATION_WIN32K_DISABLE) { |
247 *policy_flags |= | 282 *policy_flags |= |
248 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; | 283 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; |
249 } | 284 } |
250 | 285 |
251 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 286 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
252 *policy_flags |= | 287 *policy_flags |= |
253 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; | 288 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; |
254 } | 289 } |
| 290 |
| 291 if (version < base::win::VERSION_WIN10) |
| 292 return; |
| 293 |
| 294 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 295 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON; |
| 296 } |
| 297 |
| 298 if (version < base::win::VERSION_WIN10_TH2) |
| 299 return; |
| 300 |
| 301 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) { |
| 302 *policy_flags |= |
| 303 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON; |
| 304 } |
| 305 |
| 306 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 307 *policy_flags |= |
| 308 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON; |
| 309 } |
255 } | 310 } |
256 | 311 |
257 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { | 312 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { |
258 base::win::Version version = base::win::GetVersion(); | 313 base::win::Version version = base::win::GetVersion(); |
259 | 314 |
260 // Windows XP SP2+. | 315 // Windows XP SP2+. |
261 if (version < base::win::VERSION_VISTA) { | 316 if (version < base::win::VERSION_VISTA) { |
262 return flags & (MITIGATION_DEP | | 317 return flags & (MITIGATION_DEP | |
263 MITIGATION_DEP_NO_ATL_THUNK); | 318 MITIGATION_DEP_NO_ATL_THUNK); |
264 } | 319 } |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
304 ptr += size; | 359 ptr += size; |
305 } | 360 } |
306 } | 361 } |
307 #endif | 362 #endif |
308 | 363 |
309 return true; | 364 return true; |
310 } | 365 } |
311 | 366 |
312 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { | 367 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { |
313 // All of these mitigations can be enabled after startup. | 368 // All of these mitigations can be enabled after startup. |
314 return !(flags & ~(MITIGATION_HEAP_TERMINATE | | 369 return !( |
315 MITIGATION_DEP | | 370 flags & |
316 MITIGATION_DEP_NO_ATL_THUNK | | 371 ~(MITIGATION_HEAP_TERMINATE | |
317 MITIGATION_RELOCATE_IMAGE | | 372 MITIGATION_DEP | |
318 MITIGATION_RELOCATE_IMAGE_REQUIRED | | 373 MITIGATION_DEP_NO_ATL_THUNK | |
319 MITIGATION_BOTTOM_UP_ASLR | | 374 MITIGATION_RELOCATE_IMAGE | |
320 MITIGATION_STRICT_HANDLE_CHECKS | | 375 MITIGATION_RELOCATE_IMAGE_REQUIRED | |
321 MITIGATION_EXTENSION_DLL_DISABLE | | 376 MITIGATION_BOTTOM_UP_ASLR | |
322 MITIGATION_DLL_SEARCH_ORDER | | 377 MITIGATION_STRICT_HANDLE_CHECKS | |
323 MITIGATION_HARDEN_TOKEN_IL_POLICY)); | 378 MITIGATION_EXTENSION_DLL_DISABLE | |
| 379 MITIGATION_DLL_SEARCH_ORDER | |
| 380 MITIGATION_HARDEN_TOKEN_IL_POLICY | |
| 381 MITIGATION_WIN32K_DISABLE | |
| 382 MITIGATION_NONSYSTEM_FONT_DISABLE | |
| 383 MITIGATION_IMAGE_LOAD_NO_REMOTE | |
| 384 MITIGATION_IMAGE_LOAD_NO_LOW_LABEL)); |
324 } | 385 } |
325 | 386 |
326 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 387 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
327 // These mitigations cannot be enabled prior to startup. | 388 // These mitigations cannot be enabled prior to startup. |
328 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 389 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
329 MITIGATION_DLL_SEARCH_ORDER)); | 390 MITIGATION_DLL_SEARCH_ORDER)); |
330 } | 391 } |
331 | 392 |
332 } // namespace sandbox | 393 } // namespace sandbox |
333 | 394 |
OLD | NEW |