Chromium Code Reviews Chromium Code Reviews
Issue 2369563002:
Add header comments documenting extra constraints for some sandbox mitigations: MITIGATION_RELOCATE… (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ | 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ |
| 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ | 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 namespace sandbox { | 10 namespace sandbox { |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 147 // Permanently Disables ATL thunk emulation when DEP is enabled. Valid | 147 // Permanently Disables ATL thunk emulation when DEP is enabled. Valid |
| 148 // only when MITIGATION_DEP is passed. Corresponds to not passing | 148 // only when MITIGATION_DEP is passed. Corresponds to not passing |
| 149 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE. | 149 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE. |
| 150 const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; | 150 const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; |
| 151 | 151 |
| 152 // Enables Structured exception handling override prevention. Must be | 152 // Enables Structured exception handling override prevention. Must be |
| 153 // enabled prior to process start. Corresponds to | 153 // enabled prior to process start. Corresponds to |
| 154 // PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE. | 154 // PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE. |
| 155 const MitigationFlags MITIGATION_SEHOP = 0x00000004; | 155 const MitigationFlags MITIGATION_SEHOP = 0x00000004; |
| 156 | 156 |
| 157 // Forces ASLR on all images in the child process. Corresponds to | 157 // Forces ASLR on all images in the child process. In debug builds, must be |
| 158 // enabled after startup. Corresponds to | |
| 158 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON . | 159 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON . |
| 159 const MitigationFlags MITIGATION_RELOCATE_IMAGE = 0x00000008; | 160 const MitigationFlags MITIGATION_RELOCATE_IMAGE = 0x00000008; |
| 160 | 161 |
| 161 // Refuses to load DLLs that cannot support ASLR. Corresponds to | 162 // Refuses to load DLLs that cannot support ASLR. In debug builds, must be |
| 163 // enabled after startup. Corresponds to | |
|
Will Harris
2016/09/23 19:31:10
hmm if this is true and these can be set post star
Joe Mason
2016/09/23 22:34:34
Done.
| |
| 162 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS . | 164 // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS . |
| 163 const MitigationFlags MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010; | 165 const MitigationFlags MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010; |
| 164 | 166 |
| 165 // Terminates the process on Windows heap corruption. Coresponds to | 167 // Terminates the process on Windows heap corruption. Coresponds to |
| 166 // PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON. | 168 // PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON. |
| 167 const MitigationFlags MITIGATION_HEAP_TERMINATE = 0x00000020; | 169 const MitigationFlags MITIGATION_HEAP_TERMINATE = 0x00000020; |
| 168 | 170 |
| 169 // Sets a random lower bound as the minimum user address. Must be | 171 // Sets a random lower bound as the minimum user address. Must be |
| 170 // enabled prior to process start. On 32-bit processes this is | 172 // enabled prior to process start. On 32-bit processes this is |
| 171 // emulated to a much smaller degree. Corresponds to | 173 // emulated to a much smaller degree. Corresponds to |
| 172 // PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON. | 174 // PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON. |
| 173 const MitigationFlags MITIGATION_BOTTOM_UP_ASLR = 0x00000040; | 175 const MitigationFlags MITIGATION_BOTTOM_UP_ASLR = 0x00000040; |
| 174 | 176 |
| 175 // Increases the randomness range of bottom-up ASLR to up to 1TB. Must be | 177 // Increases the randomness range of bottom-up ASLR to up to 1TB. Must be |
| 176 // enabled prior to process start and with MITIGATION_BOTTOM_UP_ASLR. | 178 // enabled prior to process start and with MITIGATION_BOTTOM_UP_ASLR. |
| 177 // Corresponds to | 179 // Corresponds to |
| 178 // PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON | 180 // PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON |
| 179 const MitigationFlags MITIGATION_HIGH_ENTROPY_ASLR = 0x00000080; | 181 const MitigationFlags MITIGATION_HIGH_ENTROPY_ASLR = 0x00000080; |
| 180 | 182 |
| 181 // Immediately raises an exception on a bad handle reference. Must be | 183 // Immediately raises an exception on a bad handle reference. Must be |
| 182 // enabled after startup. Corresponds to | 184 // enabled after startup. Corresponds to |
| 183 // PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON. | 185 // PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON. |
| 184 const MitigationFlags MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100; | 186 const MitigationFlags MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100; |
| 185 | 187 |
| 186 // Prevents the process from making Win32k calls. Corresponds to | 188 // Prevents the process from making Win32k calls. Corresponds to |
| 187 // PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON. | 189 // PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON. |
| 190 // | |
| 191 // Applications linked to user32.dll or gdi32.dll make Win32k calls during | |
| 192 // setup, even if Win32k is not otherwise used. So they also need to add a rule | |
| 193 // with SUBSYS_WIN32K_LOCKDOWN and semantics FAKE_USER_GDI_INIT to allow the | |
| 194 // initialization to succeed. | |
| 188 const MitigationFlags MITIGATION_WIN32K_DISABLE = 0x00000200; | 195 const MitigationFlags MITIGATION_WIN32K_DISABLE = 0x00000200; |
| 189 | 196 |
| 190 // Prevents certain built-in third party extension points from being used. | 197 // Prevents certain built-in third party extension points from being used. |
| 191 // - App_Init DLLs | 198 // - App_Init DLLs |
| 192 // - Winsock Layered Service Providers (LSPs) | 199 // - Winsock Layered Service Providers (LSPs) |
| 193 // - Global Windows Hooks (NOT thread-targeted hooks) | 200 // - Global Windows Hooks (NOT thread-targeted hooks) |
| 194 // - Legacy Input Method Editors (IMEs). | 201 // - Legacy Input Method Editors (IMEs). |
| 195 // I.e.: Disable legacy hooking mechanisms. Corresponds to | 202 // I.e.: Disable legacy hooking mechanisms. Corresponds to |
| 196 // PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON. | 203 // PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON. |
| 197 const MitigationFlags MITIGATION_EXTENSION_POINT_DISABLE = 0x00000400; | 204 const MitigationFlags MITIGATION_EXTENSION_POINT_DISABLE = 0x00000400; |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 216 // PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON. | 223 // PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_REMOTE_ALWAYS_ON. |
| 217 const MitigationFlags MITIGATION_IMAGE_LOAD_NO_REMOTE = 0x00000001ULL << 52; | 224 const MitigationFlags MITIGATION_IMAGE_LOAD_NO_REMOTE = 0x00000001ULL << 52; |
| 218 | 225 |
| 219 // Blocks mapping of images that have the low manditory label. Corresponds to | 226 // Blocks mapping of images that have the low manditory label. Corresponds to |
| 220 // PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON. | 227 // PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL_ALWAYS_ON. |
| 221 const MitigationFlags MITIGATION_IMAGE_LOAD_NO_LOW_LABEL = 0x00000001ULL << 56; | 228 const MitigationFlags MITIGATION_IMAGE_LOAD_NO_LOW_LABEL = 0x00000001ULL << 56; |
| 222 | 229 |
| 223 } // namespace sandbox | 230 } // namespace sandbox |
| 224 | 231 |
| 225 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ | 232 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ |
| OLD | NEW |
