[Windows Sandbox] Turn on MITIGATION_EXTENSION_POINT_DISABLE for browser processes.

chrome_elf/chrome_elf_main.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome_elf/chrome_elf_main.h"
 
 #include <windows.h>
 #include <algorithm>
 
 #include "base/lazy_instance.h"
 #include "base/strings/string16.h"
 #include "base/win/iat_patch_function.h"
 #include "build/build_config.h"
 #include "chrome/app/chrome_crash_reporter_client_win.h"
 #include "chrome/install_static/install_util.h"
 #include "chrome_elf/blacklist/blacklist.h"
 #include "chrome_elf/blacklist/crashpad_helper.h"
 #include "chrome_elf/chrome_elf_constants.h"
+#include "chrome_elf/chrome_elf_security.h"
 #include "components/crash/content/app/crashpad.h"
 #include "components/crash/core/common/crash_keys.h"
 
 namespace {
 
 base::LazyInstance<std::vector<crash_reporter::Report>>::Leaky g_crash_reports =
     LAZY_INSTANCE_INITIALIZER;
 
 // Gets the exe name from the full path of the exe.
 base::string16 GetExeName() {
@@ skipping 13 matching lines @@
   return file_name_string;
 }
 
 void InitializeCrashReportingForProcess() {
   // We want to initialize crash reporting only in chrome.exe
   if (GetExeName() != L"chrome.exe")
     return;
   ChromeCrashReporterClient::InitializeCrashReportingForProcess();
 }
 
-#if !defined(ADDRESS_SANITIZER)
 // chrome_elf loads early in the process and initializes Crashpad. That in turn
 // uses the SetUnhandledExceptionFilter API to set a top level exception
 // handler for the process. When the process eventually initializes, CRT sets
 // an exception handler which calls TerminateProcess which effectively bypasses
 // us. Ideally we want to be at the top of the unhandled exception filter
 // chain. However we don't have a good way of intercepting the
 // SetUnhandledExceptionFilter API in the sandbox. EAT patching kernel32 or
 // kernelbase should ideally work. However the kernel32 kernelbase dlls are
 // prebound which causes EAT patching to not work. Sidestep works. However it
 // is only supported for 32 bit. For now we use IAT patching for the
@@ skipping 10 matching lines @@
 }
 
 // Please refer above to more information about why we intercept the
 // SetUnhandledExceptionFilter API.
 void DisableSetUnhandledExceptionFilter() {
   DWORD patched = g_set_unhandled_exception_filter.PatchFromModule(
       GetModuleHandle(nullptr), "kernel32.dll", "SetUnhandledExceptionFilter",
       SetUnhandledExceptionFilterPatch);
   CHECK(patched == 0);
 }
-#endif // !defined(ADDRESS_SANITIZER)
 
 }  // namespace
 
 void SignalChromeElf() {
   blacklist::ResetBeacon();
 }
 
 // This helper is invoked by code in chrome.dll to retrieve the crash reports.
 // See CrashUploadListCrashpad. Note that we do not pass an std::vector here,
 // because we do not want to allocate/free in different modules. The returned
@@ skipping 12 matching lines @@
     const char* client_id) {
   if (client_id)
     crash_keys::SetMetricsClientIdFromGUID(client_id);
 }
 
 BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) {
   if (reason == DLL_PROCESS_ATTACH) {
     InitializeCrashReportingForProcess();
     // CRT on initialization installs an exception filter which calls
     // TerminateProcess. We need to hook CRT's attempt to set an exception
-    // handler and ignore it. Don't do this when ASan is present, or ASan will
-    // fail to install its own unhandled exception filter.
-#if !defined(ADDRESS_SANITIZER)
+    // handler and ignore it.
     DisableSetUnhandledExceptionFilter();
-#endif
 
     install_static::InitializeProcessType();
+    if (install_static::g_process_type ==
+        install_static::ProcessType::BROWSER_PROCESS)
+      EarlyBrowserSecurity();
 
     __try {
       blacklist::Initialize(false);  // Don't force, abort if beacon is present.
     } __except(GenerateCrashDump(GetExceptionInformation())) {
     }
   }
   return TRUE;
 }