Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(868)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/process_mitigations.cc

Issue 1814863004: Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: revert disabled reparse point check Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/policy_target_test.cc ('k') | sandbox/win/src/registry_dispatcher.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/process_mitigations.cc
diff --git a/sandbox/win/src/process_mitigations.cc b/sandbox/win/src/process_mitigations.cc
index ba191d6ba6f86113a9efee080466dd7bf827b1df..adcc17c9af91aa3cff6412be073941841df2b20f 100644
--- a/sandbox/win/src/process_mitigations.cc
+++ b/sandbox/win/src/process_mitigations.cc
@@ -38,8 +38,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
base::win::Version version = base::win::GetVersion();
HMODULE module = ::GetModuleHandleA("kernel32.dll");
- if (version >= base::win::VERSION_VISTA &&
- (flags & MITIGATION_DLL_SEARCH_ORDER)) {
+ if (flags & MITIGATION_DLL_SEARCH_ORDER) {
SetDefaultDllDirectoriesFunction set_default_dll_directories =
reinterpret_cast<SetDefaultDllDirectoriesFunction>(
::GetProcAddress(module, "SetDefaultDllDirectories"));
@@ -54,8 +53,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
}
// Set the heap to terminate on corruption
- if (version >= base::win::VERSION_VISTA &&
- (flags & MITIGATION_HEAP_TERMINATE)) {
+ if (flags & MITIGATION_HEAP_TERMINATE) {
if (!::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption,
NULL, 0) &&
ERROR_ACCESS_DENIED != ::GetLastError()) {
@@ -63,8 +61,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
}
}
- if (version >= base::win::VERSION_WIN7 &&
- (flags & MITIGATION_HARDEN_TOKEN_IL_POLICY)) {
+ if (flags & MITIGATION_HARDEN_TOKEN_IL_POLICY) {
DWORD error = HardenProcessIntegrityLevelPolicy();
if ((error != ERROR_SUCCESS) && (error != ERROR_ACCESS_DENIED))
return false;
@@ -73,8 +70,6 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
#if !defined(_WIN64) // DEP is always enabled on 64-bit.
if (flags & MITIGATION_DEP) {
DWORD dep_flags = PROCESS_DEP_ENABLE;
- // DEP support is quirky on XP, so don't force a failure in that case.
- const bool return_on_fail = version >= base::win::VERSION_VISTA;
if (flags & MITIGATION_DEP_NO_ATL_THUNK)
dep_flags |= PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION;
@@ -84,31 +79,11 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
::GetProcAddress(module, "SetProcessDEPPolicy"));
if (set_process_dep_policy) {
if (!set_process_dep_policy(dep_flags) &&
- ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) {
- return false;
- }
- } else {
- // We're on XP sp2, so use the less standard approach.
- // For reference: http://www.uninformed.org/?v=2&a=4
- static const int MEM_EXECUTE_OPTION_DISABLE = 2;
- static const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4;
- static const int MEM_EXECUTE_OPTION_PERMANENT = 8;
-
- NtSetInformationProcessFunction set_information_process = NULL;
- ResolveNTFunctionPtr("NtSetInformationProcess",
- &set_information_process);
- if (!set_information_process)
- return false;
- ULONG dep = MEM_EXECUTE_OPTION_DISABLE | MEM_EXECUTE_OPTION_PERMANENT;
- if (!(dep_flags & PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION))
- dep |= MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION;
- if (!SUCCEEDED(set_information_process(GetCurrentProcess(),
- ProcessExecuteFlags,
- &dep, sizeof(dep))) &&
- ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) {
+ ERROR_ACCESS_DENIED != ::GetLastError()) {
return false;
}
- }
+ } else
+ return false;
}
#endif
@@ -229,10 +204,6 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
#error This platform is not supported.
#endif
- // Nothing for Win XP or Vista.
- if (version <= base::win::VERSION_VISTA)
- return;
-
// DEP and SEHOP are not valid for 64-bit Windows
#if !defined(_WIN64)
if (flags & MITIGATION_DEP) {
@@ -312,19 +283,6 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) {
base::win::Version version = base::win::GetVersion();
- // Windows XP SP2+.
- if (version < base::win::VERSION_VISTA) {
- return flags & (MITIGATION_DEP |
- MITIGATION_DEP_NO_ATL_THUNK);
- }
-
- // Windows Vista
- if (version < base::win::VERSION_WIN7) {
- return flags & (MITIGATION_BOTTOM_UP_ASLR |
- MITIGATION_DLL_SEARCH_ORDER |
- MITIGATION_HEAP_TERMINATE);
- }
-
// Windows 7.
if (version < base::win::VERSION_WIN8) {
return flags & (MITIGATION_BOTTOM_UP_ASLR |
« no previous file with comments | « sandbox/win/src/policy_target_test.cc ('k') | sandbox/win/src/registry_dispatcher.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698