Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(556)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 2227453002: Revert of [Windows Sandbox] Turn on MITIGATION_EXTENSION_POINT_DISABLE. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/app/sandbox_helper_win.cc ('k') | content/public/common/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <string> 9 #include <string>
10 10
(...skipping 13 matching lines...) Expand all
24 #include "base/strings/string_util.h" 24 #include "base/strings/string_util.h"
25 #include "base/strings/stringprintf.h" 25 #include "base/strings/stringprintf.h"
26 #include "base/trace_event/trace_event.h" 26 #include "base/trace_event/trace_event.h"
27 #include "base/win/iat_patch_function.h" 27 #include "base/win/iat_patch_function.h"
28 #include "base/win/scoped_handle.h" 28 #include "base/win/scoped_handle.h"
29 #include "base/win/scoped_process_information.h" 29 #include "base/win/scoped_process_information.h"
30 #include "base/win/win_util.h" 30 #include "base/win/win_util.h"
31 #include "base/win/windows_version.h" 31 #include "base/win/windows_version.h"
32 #include "content/common/content_switches_internal.h" 32 #include "content/common/content_switches_internal.h"
33 #include "content/public/common/content_client.h" 33 #include "content/public/common/content_client.h"
34 #include "content/public/common/content_features.h"
35 #include "content/public/common/content_switches.h" 34 #include "content/public/common/content_switches.h"
36 #include "content/public/common/sandbox_init.h" 35 #include "content/public/common/sandbox_init.h"
37 #include "content/public/common/sandboxed_process_launcher_delegate.h" 36 #include "content/public/common/sandboxed_process_launcher_delegate.h"
38 #include "sandbox/win/src/process_mitigations.h" 37 #include "sandbox/win/src/process_mitigations.h"
39 #include "sandbox/win/src/sandbox.h" 38 #include "sandbox/win/src/sandbox.h"
40 #include "sandbox/win/src/sandbox_nt_util.h" 39 #include "sandbox/win/src/sandbox_nt_util.h"
41 #include "sandbox/win/src/sandbox_policy_base.h" 40 #include "sandbox/win/src/sandbox_policy_base.h"
42 #include "sandbox/win/src/win_utils.h" 41 #include "sandbox/win/src/win_utils.h"
43 42
44 #if !defined(NACL_WIN64) 43 #if !defined(NACL_WIN64)
(...skipping 664 matching lines...) Expand 10 before | Expand all | Expand 10 after
709 sandbox::MitigationFlags mitigations = 708 sandbox::MitigationFlags mitigations =
710 sandbox::MITIGATION_HEAP_TERMINATE | 709 sandbox::MITIGATION_HEAP_TERMINATE |
711 sandbox::MITIGATION_BOTTOM_UP_ASLR | 710 sandbox::MITIGATION_BOTTOM_UP_ASLR |
712 sandbox::MITIGATION_DEP | 711 sandbox::MITIGATION_DEP |
713 sandbox::MITIGATION_DEP_NO_ATL_THUNK | 712 sandbox::MITIGATION_DEP_NO_ATL_THUNK |
714 sandbox::MITIGATION_SEHOP | 713 sandbox::MITIGATION_SEHOP |
715 sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE | 714 sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
716 sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE | 715 sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
717 sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL; 716 sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL;
718 717
719 if (base::FeatureList::IsEnabled(features::kWinSboxDisableExtensionPoints)) 718 sandbox::ResultCode result = sandbox::SBOX_ERROR_GENERIC;
720 mitigations |= sandbox::MITIGATION_EXTENSION_POINT_DISABLE;
721 719
722 sandbox::ResultCode result = sandbox::SBOX_ERROR_GENERIC;
723 result = policy->SetProcessMitigations(mitigations); 720 result = policy->SetProcessMitigations(mitigations);
724 721
725 if (result != sandbox::SBOX_ALL_OK) 722 if (result != sandbox::SBOX_ALL_OK)
726 return result; 723 return result;
727 724
728 #if !defined(NACL_WIN64) 725 #if !defined(NACL_WIN64)
729 if (type_str == switches::kRendererProcess && 726 if (type_str == switches::kRendererProcess &&
730 IsWin32kRendererLockdownEnabled()) { 727 IsWin32kRendererLockdownEnabled()) {
731 result = AddWin32kLockdownPolicy(policy, false); 728 result = AddWin32kLockdownPolicy(policy, false);
732 if (result != sandbox::SBOX_ALL_OK) 729 if (result != sandbox::SBOX_ALL_OK)
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
828 } 825 }
829 826
830 delegate->PostSpawnTarget(target.process_handle()); 827 delegate->PostSpawnTarget(target.process_handle());
831 828
832 CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1)); 829 CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1));
833 *process = base::Process(target.TakeProcessHandle()); 830 *process = base::Process(target.TakeProcessHandle());
834 return sandbox::SBOX_ALL_OK; 831 return sandbox::SBOX_ALL_OK;
835 } 832 }
836 833
837 } // namespace content 834 } // namespace content
OLDNEW
« no previous file with comments | « content/app/sandbox_helper_win.cc ('k') | content/public/common/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698