| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {}; | 155 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {}; |
| 156 policy.DisallowWin32kSystemCalls = true; | 156 policy.DisallowWin32kSystemCalls = true; |
| 157 | 157 |
| 158 if (!set_process_mitigation_policy(ProcessSystemCallDisablePolicy, &policy, | 158 if (!set_process_mitigation_policy(ProcessSystemCallDisablePolicy, &policy, |
| 159 sizeof(policy)) && | 159 sizeof(policy)) && |
| 160 ERROR_ACCESS_DENIED != ::GetLastError()) { | 160 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 161 return false; | 161 return false; |
| 162 } | 162 } |
| 163 } | 163 } |
| 164 | 164 |
| 165 // Enable system call policies. | 165 // Enable dll extension policies. |
| 166 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 166 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
| 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; | 167 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
| 168 policy.DisableExtensionPoints = true; | 168 policy.DisableExtensionPoints = true; |
| 169 | 169 |
| 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, | 170 if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, |
| 171 &policy, sizeof(policy)) && | 171 &policy, sizeof(policy)) && |
| 172 ERROR_ACCESS_DENIED != ::GetLastError()) { | 172 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 173 return false; | 173 return false; |
| 174 } | 174 } |
| 175 } | 175 } |
| 176 | 176 |
| 177 if (version < base::win::VERSION_WIN10) |
| 178 return true; |
| 179 |
| 180 // Enable font policies. |
| 181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {0}; |
| 183 policy.DisableNonSystemFonts = true; |
| 184 |
| 185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, |
| 186 sizeof(policy)) && |
| 187 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 188 return false; |
| 189 } |
| 190 } |
| 191 |
| 192 if (version < base::win::VERSION_WIN10_TH2) |
| 193 return true; |
| 194 |
| 195 // Enable image load policies. |
| 196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || |
| 197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {0}; |
| 199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) |
| 200 policy.NoRemoteImages = true; |
| 201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) |
| 202 policy.NoLowMandatoryLabelImages = true; |
| 203 |
| 204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, |
| 205 sizeof(policy)) && |
| 206 ERROR_ACCESS_DENIED != ::GetLastError()) { |
| 207 return false; |
| 208 } |
| 209 } |
| 210 |
| 177 return true; | 211 return true; |
| 178 } | 212 } |
| 179 | 213 |
| 180 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, | 214 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, |
| 181 DWORD64* policy_flags, size_t* size) { | 215 DWORD64* policy_flags, |
| 216 size_t* size) { |
| 182 base::win::Version version = base::win::GetVersion(); | 217 base::win::Version version = base::win::GetVersion(); |
| 183 | 218 |
| 184 *policy_flags = 0; | 219 *policy_flags = 0; |
| 185 #if defined(_WIN64) | 220 #if defined(_WIN64) |
| 186 *size = sizeof(*policy_flags); | 221 *size = sizeof(*policy_flags); |
| 187 #elif defined(_M_IX86) | 222 #elif defined(_M_IX86) |
| 188 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. | 223 // A 64-bit flags attribute is illegal on 32-bit Win 7 and below. |
| 189 if (version < base::win::VERSION_WIN8) | 224 if (version < base::win::VERSION_WIN8) |
| 190 *size = sizeof(DWORD); | 225 *size = sizeof(DWORD); |
| 191 else | 226 else |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 | 280 |
| 246 if (flags & MITIGATION_WIN32K_DISABLE) { | 281 if (flags & MITIGATION_WIN32K_DISABLE) { |
| 247 *policy_flags |= | 282 *policy_flags |= |
| 248 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; | 283 PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON; |
| 249 } | 284 } |
| 250 | 285 |
| 251 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { | 286 if (flags & MITIGATION_EXTENSION_DLL_DISABLE) { |
| 252 *policy_flags |= | 287 *policy_flags |= |
| 253 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; | 288 PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON; |
| 254 } | 289 } |
| 290 |
| 291 if (version < base::win::VERSION_WIN10) |
| 292 return; |
| 293 |
| 294 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
| 295 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON; |
| 296 } |
| 297 |
| 298 if (version < base::win::VERSION_WIN10_TH2) |
| 299 return; |
| 300 |
| 301 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) { |
| 302 *policy_flags |= |
| 303 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON; |
| 304 } |
| 305 |
| 306 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
| 307 *policy_flags |= |
| 308 PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON; |
| 309 } |
| 255 } | 310 } |
| 256 | 311 |
| 257 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { | 312 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { |
| 258 base::win::Version version = base::win::GetVersion(); | 313 base::win::Version version = base::win::GetVersion(); |
| 259 | 314 |
| 260 // Windows XP SP2+. | 315 // Windows XP SP2+. |
| 261 if (version < base::win::VERSION_VISTA) { | 316 if (version < base::win::VERSION_VISTA) { |
| 262 return flags & (MITIGATION_DEP | | 317 return flags & (MITIGATION_DEP | |
| 263 MITIGATION_DEP_NO_ATL_THUNK); | 318 MITIGATION_DEP_NO_ATL_THUNK); |
| 264 } | 319 } |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 304 ptr += size; | 359 ptr += size; |
| 305 } | 360 } |
| 306 } | 361 } |
| 307 #endif | 362 #endif |
| 308 | 363 |
| 309 return true; | 364 return true; |
| 310 } | 365 } |
| 311 | 366 |
| 312 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { | 367 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) { |
| 313 // All of these mitigations can be enabled after startup. | 368 // All of these mitigations can be enabled after startup. |
| 314 return !(flags & ~(MITIGATION_HEAP_TERMINATE | | 369 return !( |
| 315 MITIGATION_DEP | | 370 flags & |
| 316 MITIGATION_DEP_NO_ATL_THUNK | | 371 ~(MITIGATION_HEAP_TERMINATE | |
| 317 MITIGATION_RELOCATE_IMAGE | | 372 MITIGATION_DEP | |
| 318 MITIGATION_RELOCATE_IMAGE_REQUIRED | | 373 MITIGATION_DEP_NO_ATL_THUNK | |
| 319 MITIGATION_BOTTOM_UP_ASLR | | 374 MITIGATION_RELOCATE_IMAGE | |
| 320 MITIGATION_STRICT_HANDLE_CHECKS | | 375 MITIGATION_RELOCATE_IMAGE_REQUIRED | |
| 321 MITIGATION_EXTENSION_DLL_DISABLE | | 376 MITIGATION_BOTTOM_UP_ASLR | |
| 322 MITIGATION_DLL_SEARCH_ORDER | | 377 MITIGATION_STRICT_HANDLE_CHECKS | |
| 323 MITIGATION_HARDEN_TOKEN_IL_POLICY)); | 378 MITIGATION_EXTENSION_DLL_DISABLE | |
| 379 MITIGATION_DLL_SEARCH_ORDER | |
| 380 MITIGATION_HARDEN_TOKEN_IL_POLICY | |
| 381 MITIGATION_WIN32K_DISABLE | |
| 382 MITIGATION_NONSYSTEM_FONT_DISABLE | |
| 383 MITIGATION_IMAGE_LOAD_NO_REMOTE | |
| 384 MITIGATION_IMAGE_LOAD_NO_LOW_LABEL)); |
| 324 } | 385 } |
| 325 | 386 |
| 326 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 387 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
| 327 // These mitigations cannot be enabled prior to startup. | 388 // These mitigations cannot be enabled prior to startup. |
| 328 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 389 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
| 329 MITIGATION_DLL_SEARCH_ORDER)); | 390 MITIGATION_DLL_SEARCH_ORDER)); |
| 330 } | 391 } |
| 331 | 392 |
| 332 } // namespace sandbox | 393 } // namespace sandbox |
| 333 | 394 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1626623003:
[Win10 sandbox mitigations] Four new Win10 mitigations added. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master