Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Unified Diff: sandbox/win/src/process_mitigations.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nacl compile issues Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/process_mitigations.h ('k') | sandbox/win/src/process_mitigations_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/process_mitigations.cc
diff --git a/sandbox/win/src/process_mitigations.cc b/sandbox/win/src/process_mitigations.cc
deleted file mode 100644
index adcc17c9af91aa3cff6412be073941841df2b20f..0000000000000000000000000000000000000000
--- a/sandbox/win/src/process_mitigations.cc
+++ /dev/null
@@ -1,352 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/win/src/process_mitigations.h"
-
-#include <stddef.h>
-
-#include <algorithm>
-
-#include "base/win/windows_version.h"
-#include "sandbox/win/src/nt_internals.h"
-#include "sandbox/win/src/restricted_token_utils.h"
-#include "sandbox/win/src/sandbox_rand.h"
-#include "sandbox/win/src/win_utils.h"
-
-namespace {
-
-// Functions for enabling policies.
-typedef BOOL (WINAPI *SetProcessDEPPolicyFunction)(DWORD dwFlags);
-
-typedef BOOL (WINAPI *SetProcessMitigationPolicyFunction)(
- PROCESS_MITIGATION_POLICY mitigation_policy,
- PVOID buffer,
- SIZE_T length);
-
-typedef BOOL (WINAPI *SetDefaultDllDirectoriesFunction)(
- DWORD DirectoryFlags);
-
-} // namespace
-
-namespace sandbox {
-
-bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
- if (!CanSetProcessMitigationsPostStartup(flags))
- return false;
-
- base::win::Version version = base::win::GetVersion();
- HMODULE module = ::GetModuleHandleA("kernel32.dll");
-
- if (flags & MITIGATION_DLL_SEARCH_ORDER) {
- SetDefaultDllDirectoriesFunction set_default_dll_directories =
- reinterpret_cast<SetDefaultDllDirectoriesFunction>(
- ::GetProcAddress(module, "SetDefaultDllDirectories"));
-
- // Check for SetDefaultDllDirectories since it requires KB2533623.
- if (set_default_dll_directories) {
- if (!set_default_dll_directories(LOAD_LIBRARY_SEARCH_DEFAULT_DIRS) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
- }
-
- // Set the heap to terminate on corruption
- if (flags & MITIGATION_HEAP_TERMINATE) {
- if (!::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption,
- NULL, 0) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- if (flags & MITIGATION_HARDEN_TOKEN_IL_POLICY) {
- DWORD error = HardenProcessIntegrityLevelPolicy();
- if ((error != ERROR_SUCCESS) && (error != ERROR_ACCESS_DENIED))
- return false;
- }
-
-#if !defined(_WIN64) // DEP is always enabled on 64-bit.
- if (flags & MITIGATION_DEP) {
- DWORD dep_flags = PROCESS_DEP_ENABLE;
-
- if (flags & MITIGATION_DEP_NO_ATL_THUNK)
- dep_flags |= PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION;
-
- SetProcessDEPPolicyFunction set_process_dep_policy =
- reinterpret_cast<SetProcessDEPPolicyFunction>(
- ::GetProcAddress(module, "SetProcessDEPPolicy"));
- if (set_process_dep_policy) {
- if (!set_process_dep_policy(dep_flags) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- } else
- return false;
- }
-#endif
-
- // This is all we can do in Win7 and below.
- if (version < base::win::VERSION_WIN8)
- return true;
-
- SetProcessMitigationPolicyFunction set_process_mitigation_policy =
- reinterpret_cast<SetProcessMitigationPolicyFunction>(
- ::GetProcAddress(module, "SetProcessMitigationPolicy"));
- if (!set_process_mitigation_policy)
- return false;
-
- // Enable ASLR policies.
- if (flags & MITIGATION_RELOCATE_IMAGE) {
- PROCESS_MITIGATION_ASLR_POLICY policy = {};
- policy.EnableForceRelocateImages = true;
- policy.DisallowStrippedImages = (flags &
- MITIGATION_RELOCATE_IMAGE_REQUIRED) ==
- MITIGATION_RELOCATE_IMAGE_REQUIRED;
-
- if (!set_process_mitigation_policy(ProcessASLRPolicy, &policy,
- sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- // Enable strict handle policies.
- if (flags & MITIGATION_STRICT_HANDLE_CHECKS) {
- PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {};
- policy.HandleExceptionsPermanentlyEnabled =
- policy.RaiseExceptionOnInvalidHandleReference = true;
-
- if (!set_process_mitigation_policy(ProcessStrictHandleCheckPolicy, &policy,
- sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- // Enable system call policies.
- if (flags & MITIGATION_WIN32K_DISABLE) {
- PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {};
- policy.DisallowWin32kSystemCalls = true;
-
- if (!set_process_mitigation_policy(ProcessSystemCallDisablePolicy, &policy,
- sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- // Enable dll extension policies.
- if (flags & MITIGATION_EXTENSION_DLL_DISABLE) {
- PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {};
- policy.DisableExtensionPoints = true;
-
- if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy,
- &policy, sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- if (version < base::win::VERSION_WIN10)
- return true;
-
- // Enable font policies.
- if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) {
- PROCESS_MITIGATION_FONT_DISABLE_POLICY policy = {};
- policy.DisableNonSystemFonts = true;
-
- if (!set_process_mitigation_policy(ProcessFontDisablePolicy, &policy,
- sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- if (version < base::win::VERSION_WIN10_TH2)
- return true;
-
- // Enable image load policies.
- if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE ||
- flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) {
- PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {};
- if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE)
- policy.NoRemoteImages = true;
- if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL)
- policy.NoLowMandatoryLabelImages = true;
-
- if (!set_process_mitigation_policy(ProcessImageLoadPolicy, &policy,
- sizeof(policy)) &&
- ERROR_ACCESS_DENIED != ::GetLastError()) {
- return false;
- }
- }
-
- return true;
-}
-
-void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
- DWORD64* policy_flags,
- size_t* size) {
- base::win::Version version = base::win::GetVersion();
-
- *policy_flags = 0;
-#if defined(_WIN64)
- *size = sizeof(*policy_flags);
-#elif defined(_M_IX86)
- // A 64-bit flags attribute is illegal on 32-bit Win 7 and below.
- if (version < base::win::VERSION_WIN8)
- *size = sizeof(DWORD);
- else
- *size = sizeof(*policy_flags);
-#else
-#error This platform is not supported.
-#endif
-
- // DEP and SEHOP are not valid for 64-bit Windows
-#if !defined(_WIN64)
- if (flags & MITIGATION_DEP) {
- *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE;
- if (!(flags & MITIGATION_DEP_NO_ATL_THUNK))
- *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE;
- }
-
- if (flags & MITIGATION_SEHOP)
- *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE;
-#endif
-
- // Win 7
- if (version < base::win::VERSION_WIN8)
- return;
-
- if (flags & MITIGATION_RELOCATE_IMAGE) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON;
- if (flags & MITIGATION_RELOCATE_IMAGE_REQUIRED) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS;
- }
- }
-
- if (flags & MITIGATION_HEAP_TERMINATE) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_BOTTOM_UP_ASLR) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_HIGH_ENTROPY_ASLR) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_STRICT_HANDLE_CHECKS) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_WIN32K_DISABLE) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_EXTENSION_DLL_DISABLE) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON;
- }
-
- if (version < base::win::VERSION_WIN10)
- return;
-
- if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) {
- *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON;
- }
-
- if (version < base::win::VERSION_WIN10_TH2)
- return;
-
- if (flags & MITIGATION_IMAGE_LOAD_NO_REMOTE) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON;
- }
-
- if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) {
- *policy_flags |=
- PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON;
- }
-}
-
-MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) {
- base::win::Version version = base::win::GetVersion();
-
- // Windows 7.
- if (version < base::win::VERSION_WIN8) {
- return flags & (MITIGATION_BOTTOM_UP_ASLR |
- MITIGATION_DLL_SEARCH_ORDER |
- MITIGATION_HEAP_TERMINATE);
- }
-
- // Windows 8 and above.
- return flags & (MITIGATION_BOTTOM_UP_ASLR |
- MITIGATION_DLL_SEARCH_ORDER);
-}
-
-bool ApplyProcessMitigationsToSuspendedProcess(HANDLE process,
- MitigationFlags flags) {
-// This is a hack to fake a weak bottom-up ASLR on 32-bit Windows.
-#if !defined(_WIN64)
- if (flags & MITIGATION_BOTTOM_UP_ASLR) {
- unsigned int limit;
- GetRandom(&limit);
- char* ptr = 0;
- const size_t kMask64k = 0xFFFF;
- // Random range (512k-16.5mb) in 64k steps.
- const char* end = ptr + ((((limit % 16384) + 512) * 1024) & ~kMask64k);
- while (ptr < end) {
- MEMORY_BASIC_INFORMATION memory_info;
- if (!::VirtualQueryEx(process, ptr, &memory_info, sizeof(memory_info)))
- break;
- size_t size = std::min((memory_info.RegionSize + kMask64k) & ~kMask64k,
- static_cast<SIZE_T>(end - ptr));
- if (ptr && memory_info.State == MEM_FREE)
- ::VirtualAllocEx(process, ptr, size, MEM_RESERVE, PAGE_NOACCESS);
- ptr += size;
- }
- }
-#endif
-
- return true;
-}
-
-bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) {
- // All of these mitigations can be enabled after startup.
- return !(
- flags &
- ~(MITIGATION_HEAP_TERMINATE |
- MITIGATION_DEP |
- MITIGATION_DEP_NO_ATL_THUNK |
- MITIGATION_RELOCATE_IMAGE |
- MITIGATION_RELOCATE_IMAGE_REQUIRED |
- MITIGATION_BOTTOM_UP_ASLR |
- MITIGATION_STRICT_HANDLE_CHECKS |
- MITIGATION_EXTENSION_DLL_DISABLE |
- MITIGATION_DLL_SEARCH_ORDER |
- MITIGATION_HARDEN_TOKEN_IL_POLICY |
- MITIGATION_WIN32K_DISABLE |
- MITIGATION_NONSYSTEM_FONT_DISABLE |
- MITIGATION_IMAGE_LOAD_NO_REMOTE |
- MITIGATION_IMAGE_LOAD_NO_LOW_LABEL));
-}
-
-bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) {
- // These mitigations cannot be enabled prior to startup.
- return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS |
- MITIGATION_DLL_SEARCH_ORDER));
-}
-
-} // namespace sandbox
-
« no previous file with comments | « sandbox/win/src/process_mitigations.h ('k') | sandbox/win/src/process_mitigations_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698