OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
172 ERROR_ACCESS_DENIED != ::GetLastError()) { | 172 ERROR_ACCESS_DENIED != ::GetLastError()) { |
173 return false; | 173 return false; |
174 } | 174 } |
175 } | 175 } |
176 | 176 |
177 if (version < base::win::VERSION_WIN10) | 177 if (version < base::win::VERSION_WIN10) |
178 return true; | 178 return true; |
179 | 179 |
180 // Enable font policies. | 180 // Enable font policies. |
181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { | 181 if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { |
182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {0}; | 182 PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {}; |
183 policy.DisableNonSystemFonts = true; | 183 policy.DisableNonSystemFonts = true; |
184 | 184 |
185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, | 185 if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy, |
186 sizeof(policy)) && | 186 sizeof(policy)) && |
187 ERROR_ACCESS_DENIED != ::GetLastError()) { | 187 ERROR_ACCESS_DENIED != ::GetLastError()) { |
188 return false; | 188 return false; |
189 } | 189 } |
190 } | 190 } |
191 | 191 |
192 if (version < base::win::VERSION_WIN10_TH2) | 192 if (version < base::win::VERSION_WIN10_TH2) |
193 return true; | 193 return true; |
194 | 194 |
195 // Enable image load policies. | 195 // Enable image load policies. |
196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || | 196 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE || |
197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { | 197 flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) { |
198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {0}; | 198 PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {}; |
199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) | 199 if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) |
200 policy.NoRemoteImages = true; | 200 policy.NoRemoteImages = true; |
201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) | 201 if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) |
202 policy.NoLowMandatoryLabelImages = true; | 202 policy.NoLowMandatoryLabelImages = true; |
203 | 203 |
204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, | 204 if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy, |
205 sizeof(policy)) && | 205 sizeof(policy)) && |
206 ERROR_ACCESS_DENIED != ::GetLastError()) { | 206 ERROR_ACCESS_DENIED != ::GetLastError()) { |
207 return false; | 207 return false; |
208 } | 208 } |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
385 } | 385 } |
386 | 386 |
387 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 387 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
388 // These mitigations cannot be enabled prior to startup. | 388 // These mitigations cannot be enabled prior to startup. |
389 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 389 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
390 MITIGATION_DLL_SEARCH_ORDER)); | 390 MITIGATION_DLL_SEARCH_ORDER)); |
391 } | 391 } |
392 | 392 |
393 } // namespace sandbox | 393 } // namespace sandbox |
394 | 394 |
OLD | NEW |