Chromium Code Reviews Chromium Code Reviews
Issue 2369563002:
Add header comments documenting extra constraints for some sandbox mitigations: MITIGATION_RELOCATE… (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2011 The Chromium Authors. All rights reserved. | 1 // Copyright 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
| 6 | 6 |
| 7 #include <d3d9.h> | 7 #include <d3d9.h> |
| 8 #include <initguid.h> | 8 #include <initguid.h> |
| 9 #include <opmapi.h> | 9 #include <opmapi.h> |
| 10 #include <psapi.h> | 10 #include <psapi.h> |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 63 bool CheckWin8DepPolicy() { | 63 bool CheckWin8DepPolicy() { |
| 64 PROCESS_MITIGATION_DEP_POLICY policy = {}; | 64 PROCESS_MITIGATION_DEP_POLICY policy = {}; |
| 65 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessDEPPolicy, | 65 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessDEPPolicy, |
| 66 &policy, sizeof(policy))) { | 66 &policy, sizeof(policy))) { |
| 67 return false; | 67 return false; |
| 68 } | 68 } |
| 69 return policy.Enable && policy.Permanent; | 69 return policy.Enable && policy.Permanent; |
| 70 } | 70 } |
| 71 #endif // !defined(_WIN64) | 71 #endif // !defined(_WIN64) |
| 72 | 72 |
| 73 #if defined(NDEBUG) | |
| 74 bool CheckWin8AslrPolicy() { | 73 bool CheckWin8AslrPolicy() { |
| 75 PROCESS_MITIGATION_ASLR_POLICY policy = {}; | 74 PROCESS_MITIGATION_ASLR_POLICY policy = {}; |
| 76 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy, | 75 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy, |
| 77 &policy, sizeof(policy))) { | 76 &policy, sizeof(policy))) { |
| 78 return false; | 77 return false; |
| 79 } | 78 } |
| 80 return policy.EnableForceRelocateImages && policy.DisallowStrippedImages; | 79 return policy.EnableForceRelocateImages && policy.DisallowStrippedImages; |
| 81 } | 80 } |
| 82 #endif // defined(NDEBUG) | |
| 83 | 81 |
| 84 bool CheckWin8StrictHandlePolicy() { | 82 bool CheckWin8StrictHandlePolicy() { |
| 85 PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {}; | 83 PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {}; |
| 86 if (!get_process_mitigation_policy(::GetCurrentProcess(), | 84 if (!get_process_mitigation_policy(::GetCurrentProcess(), |
| 87 ProcessStrictHandleCheckPolicy, &policy, | 85 ProcessStrictHandleCheckPolicy, &policy, |
| 88 sizeof(policy))) { | 86 sizeof(policy))) { |
| 89 return false; | 87 return false; |
| 90 } | 88 } |
| 91 return policy.RaiseExceptionOnInvalidHandleReference && | 89 return policy.RaiseExceptionOnInvalidHandleReference && |
| 92 policy.HandleExceptionsPermanentlyEnabled; | 90 policy.HandleExceptionsPermanentlyEnabled; |
| (...skipping 743 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 836 setup_proc.Terminate(desired_exit_code, false); | 834 setup_proc.Terminate(desired_exit_code, false); |
| 837 return SBOX_TEST_SUCCEEDED; | 835 return SBOX_TEST_SUCCEEDED; |
| 838 } | 836 } |
| 839 // Note: GetLastError from CreateProcess returns 5, "ERROR_ACCESS_DENIED". | 837 // Note: GetLastError from CreateProcess returns 5, "ERROR_ACCESS_DENIED". |
| 840 return SBOX_TEST_FAILED; | 838 return SBOX_TEST_FAILED; |
| 841 } | 839 } |
| 842 | 840 |
| 843 //------------------------------------------------------------------------------ | 841 //------------------------------------------------------------------------------ |
| 844 // Win8 Checks: | 842 // Win8 Checks: |
| 845 // MITIGATION_DEP(_NO_ATL_THUNK) | 843 // MITIGATION_DEP(_NO_ATL_THUNK) |
| 846 // MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR, release only | 844 // MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR |
| 847 // MITIGATION_STRICT_HANDLE_CHECKS | 845 // MITIGATION_STRICT_HANDLE_CHECKS |
| 848 // >= Win8 | 846 // >= Win8 |
| 849 //------------------------------------------------------------------------------ | 847 //------------------------------------------------------------------------------ |
| 850 | 848 |
| 851 SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t** argv) { | 849 SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t** argv) { |
| 852 get_process_mitigation_policy = | 850 get_process_mitigation_policy = |
| 853 reinterpret_cast<GetProcessMitigationPolicyFunction>(::GetProcAddress( | 851 reinterpret_cast<GetProcessMitigationPolicyFunction>(::GetProcAddress( |
| 854 ::GetModuleHandleW(L"kernel32.dll"), "GetProcessMitigationPolicy")); | 852 ::GetModuleHandleW(L"kernel32.dll"), "GetProcessMitigationPolicy")); |
| 855 if (!get_process_mitigation_policy) | 853 if (!get_process_mitigation_policy) |
| 856 return SBOX_TEST_NOT_FOUND; | 854 return SBOX_TEST_NOT_FOUND; |
| 857 | 855 |
| 858 #if !defined(_WIN64) // DEP is always enabled on 64-bit. | 856 #if !defined(_WIN64) // DEP is always enabled on 64-bit. |
| 859 if (!CheckWin8DepPolicy()) | 857 if (!CheckWin8DepPolicy()) |
| 860 return SBOX_TEST_FIRST_ERROR; | 858 return SBOX_TEST_FIRST_ERROR; |
| 861 #endif | 859 #endif |
| 862 | 860 |
| 863 #if defined(NDEBUG) // ASLR cannot be forced in debug builds. | |
| 864 if (!CheckWin8AslrPolicy()) | 861 if (!CheckWin8AslrPolicy()) |
| 865 return SBOX_TEST_SECOND_ERROR; | 862 return SBOX_TEST_SECOND_ERROR; |
| 866 #endif | |
| 867 | 863 |
| 868 if (!CheckWin8StrictHandlePolicy()) | 864 if (!CheckWin8StrictHandlePolicy()) |
| 869 return SBOX_TEST_THIRD_ERROR; | 865 return SBOX_TEST_THIRD_ERROR; |
| 870 | 866 |
| 871 return SBOX_TEST_SUCCEEDED; | 867 return SBOX_TEST_SUCCEEDED; |
| 872 } | 868 } |
| 873 | 869 |
| 874 TEST(ProcessMitigationsTest, CheckWin8) { | 870 TEST(ProcessMitigationsTest, CheckWin8) { |
| 875 if (base::win::GetVersion() < base::win::VERSION_WIN8) | 871 if (base::win::GetVersion() < base::win::VERSION_WIN8) |
| 876 return; | 872 return; |
| 877 | 873 |
| 878 TestRunner runner; | 874 TestRunner runner; |
| 879 sandbox::TargetPolicy* policy = runner.GetPolicy(); | 875 sandbox::TargetPolicy* policy = runner.GetPolicy(); |
| 880 | 876 |
| 877 // ASLR cannot be forced on start in debug builds. | |
| 878 constexpr sandbox::MitigationFlags kDebugDelayedMitigations = | |
| 879 MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED; | |
| 880 | |
| 881 sandbox::MitigationFlags mitigations = | 881 sandbox::MitigationFlags mitigations = |
| 882 MITIGATION_DEP | MITIGATION_DEP_NO_ATL_THUNK; | 882 MITIGATION_DEP | MITIGATION_DEP_NO_ATL_THUNK; |
| 883 #if defined(NDEBUG) // ASLR cannot be forced in debug builds. | 883 #if defined(NDEBUG) |
| 884 mitigations |= MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED; | 884 mitigations |= kDebugDelayedMitigations; |
| 885 #endif | 885 #endif |
| 886 | 886 |
| 887 EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK); | 887 EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK); |
| 888 | 888 |
| 889 mitigations |= MITIGATION_STRICT_HANDLE_CHECKS; | 889 mitigations |= MITIGATION_STRICT_HANDLE_CHECKS; |
| 890 | 890 |
| 891 #if !defined(NDEBUG) | |
| 892 mitigations |= kDebugDelayedMitigations; | |
|
Will Harris
2016/09/26 18:31:38
do you really mean to add these mitigations twice,
Joe Mason
2016/09/26 19:39:57
That's NDEBUG, this is !NDEBUG. "DebugDelayedMitig
| |
| 893 #endif | |
| 894 | |
| 891 EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK); | 895 EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK); |
| 892 | 896 |
| 893 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8")); | 897 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8")); |
| 894 } | 898 } |
| 895 | 899 |
| 896 //------------------------------------------------------------------------------ | 900 //------------------------------------------------------------------------------ |
| 897 // DEP (MITIGATION_DEP) | 901 // DEP (MITIGATION_DEP) |
| 898 // < Win8 x86 | 902 // < Win8 x86 |
| 899 //------------------------------------------------------------------------------ | 903 //------------------------------------------------------------------------------ |
| 900 | 904 |
| (...skipping 898 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1799 cmd = cmd.Append(L"calc.exe"); | 1803 cmd = cmd.Append(L"calc.exe"); |
| 1800 | 1804 |
| 1801 std::wstring test_command(base::StringPrintf(L"TestChildProcess %ls 0x%08X", | 1805 std::wstring test_command(base::StringPrintf(L"TestChildProcess %ls 0x%08X", |
| 1802 cmd.value().c_str(), | 1806 cmd.value().c_str(), |
| 1803 STATUS_ACCESS_VIOLATION)); | 1807 STATUS_ACCESS_VIOLATION)); |
| 1804 | 1808 |
| 1805 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_command.c_str())); | 1809 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_command.c_str())); |
| 1806 } | 1810 } |
| 1807 | 1811 |
| 1808 } // namespace sandbox | 1812 } // namespace sandbox |
| OLD | NEW |
