[Chrome ELF] Early browser security support.

chrome_elf/chrome_elf_util_unittest.cc

Index: chrome_elf/chrome_elf_util_unittest.cc
diff --git a/chrome_elf/chrome_elf_util_unittest.cc b/chrome_elf/chrome_elf_util_unittest.cc
index 565785f95d6cd9020a5379d625118cdf0d15cbe1..f6ca4e17bb3cad1f0d4c9eb6d26015c62381856a 100644
--- a/chrome_elf/chrome_elf_util_unittest.cc
+++ b/chrome_elf/chrome_elf_util_unittest.cc
@@ -36,6 +36,30 @@ const wchar_t kChromeUserExePath[] =
 const wchar_t kChromiumExePath[] =
     L"C:\\Users\\user\\AppData\\Local\\Chromium\\Application\\chrome.exe";
 
+typedef decltype(GetProcessMitigationPolicy)* GetProcessMitigationPolicyFunc;
+
+bool IsSecuritySet() {
+  // Check the settings from EarlyBrowserSecurity().
+  if (::IsWindows8OrGreater()) {
+    GetProcessMitigationPolicyFunc get_process_mitigation_policy =
+        reinterpret_cast<GetProcessMitigationPolicyFunc>(::GetProcAddress(
+            ::GetModuleHandleW(L"kernel32.dll"), "GetProcessMitigationPolicy"));
+    if (!get_process_mitigation_policy)
+      return false;
+
+    // Check that extension DLLs are disabled.
+    // (Legacy hooking.)
+    PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {};
+    if (!get_process_mitigation_policy(::GetCurrentProcess(),
+                                       ProcessExtensionPointDisablePolicy,
+                                       &policy, sizeof(policy)))
+      return false;
+
+    return policy.DisableExtensionPoints;
+  }
+
+  return true;
+}
 
 TEST(ChromeElfUtilTest, CanaryTest) {
   EXPECT_TRUE(IsCanary(kCanaryExePath));
@@ -54,6 +78,11 @@ TEST(ChromeElfUtilTest, BrowserProcessTest) {
   EXPECT_FALSE(IsNonBrowserProcess());
 }
 
+TEST(ChromeElfUtilTest, BrowserProcessSecurityTest) {
+  EarlyBrowserSecurity();
+  EXPECT_TRUE(IsSecuritySet());
+}
+
 // Parameterized test with paramters:
 // 1: product: "canary" or "google"
 // 2: install level: "user" or "system"