| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/win/chrome_elf_init.h" | 5 #include "chrome/browser/win/chrome_elf_init.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| 11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 12 #include "base/metrics/sparse_histogram.h" | 12 #include "base/metrics/sparse_histogram.h" |
| 13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 14 #include "base/win/registry.h" | 14 #include "base/win/registry.h" |
| 15 #include "chrome/common/chrome_version.h" | 15 #include "chrome/common/chrome_version.h" |
| 16 #include "chrome/install_static/install_util.h" |
| 16 #include "chrome_elf/blacklist/blacklist.h" | 17 #include "chrome_elf/blacklist/blacklist.h" |
| 17 #include "chrome_elf/chrome_elf_constants.h" | 18 #include "chrome_elf/chrome_elf_constants.h" |
| 18 #include "chrome_elf/dll_hash/dll_hash.h" | 19 #include "chrome_elf/dll_hash/dll_hash.h" |
| 19 #include "components/variations/variations_associated_data.h" | 20 #include "components/variations/variations_associated_data.h" |
| 20 #include "content/public/browser/browser_thread.h" | 21 #include "content/public/browser/browser_thread.h" |
| 21 #include "content/public/common/content_features.h" | 22 #include "content/public/common/content_features.h" |
| 22 | 23 |
| 23 const char kBrowserBlacklistTrialName[] = "BrowserBlacklist"; | 24 const char kBrowserBlacklistTrialName[] = "BrowserBlacklist"; |
| 24 const char kBrowserBlacklistTrialDisabledGroupName[] = "NoBlacklist"; | 25 const char kBrowserBlacklistTrialDisabledGroupName[] = "NoBlacklist"; |
| 25 | 26 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 // Send up the hashes of the blocked dlls via UMA. | 81 // Send up the hashes of the blocked dlls via UMA. |
| 81 for (size_t i = 0; i < blocked_dlls.size(); ++i) { | 82 for (size_t i = 0; i < blocked_dlls.size(); ++i) { |
| 82 std::string dll_name_utf8; | 83 std::string dll_name_utf8; |
| 83 base::WideToUTF8(blocked_dlls[i], wcslen(blocked_dlls[i]), &dll_name_utf8); | 84 base::WideToUTF8(blocked_dlls[i], wcslen(blocked_dlls[i]), &dll_name_utf8); |
| 84 int uma_hash = DllNameToHash(dll_name_utf8); | 85 int uma_hash = DllNameToHash(dll_name_utf8); |
| 85 | 86 |
| 86 UMA_HISTOGRAM_SPARSE_SLOWLY("Blacklist.Blocked", uma_hash); | 87 UMA_HISTOGRAM_SPARSE_SLOWLY("Blacklist.Blocked", uma_hash); |
| 87 } | 88 } |
| 88 } | 89 } |
| 89 | 90 |
| 91 base::string16 GetBeaconRegistryPath() { |
| 92 return install_static::GetRegistryPath().append( |
| 93 blacklist::kRegistryBeaconKeyName); |
| 94 } |
| 95 |
| 90 } // namespace | 96 } // namespace |
| 91 | 97 |
| 92 void InitializeChromeElf() { | 98 void InitializeChromeElf() { |
| 93 if (base::FieldTrialList::FindFullName(kBrowserBlacklistTrialName) == | 99 if (base::FieldTrialList::FindFullName(kBrowserBlacklistTrialName) == |
| 94 kBrowserBlacklistTrialDisabledGroupName) { | 100 kBrowserBlacklistTrialDisabledGroupName) { |
| 95 // Disable the blacklist for all future runs by removing the beacon. | 101 // Disable the blacklist for all future runs by removing the beacon. |
| 96 base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER); | 102 base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER); |
| 97 blacklist_registry_key.DeleteKey(blacklist::kRegistryBeaconPath); | 103 blacklist_registry_key.DeleteKey(GetBeaconRegistryPath().c_str()); |
| 98 } else { | 104 } else { |
| 99 BrowserBlacklistBeaconSetup(); | 105 BrowserBlacklistBeaconSetup(); |
| 100 } | 106 } |
| 101 | 107 |
| 102 // Report all successful blacklist interceptions. | 108 // Report all successful blacklist interceptions. |
| 103 ReportSuccessfulBlocks(); | 109 ReportSuccessfulBlocks(); |
| 104 | 110 |
| 105 // Schedule another task to report all successful interceptions later. | 111 // Schedule another task to report all successful interceptions later. |
| 106 // This time delay should be long enough to catch any dlls that attempt to | 112 // This time delay should be long enough to catch any dlls that attempt to |
| 107 // inject after Chrome has started up. | 113 // inject after Chrome has started up. |
| 108 content::BrowserThread::PostDelayedTask( | 114 content::BrowserThread::PostDelayedTask( |
| 109 content::BrowserThread::UI, | 115 content::BrowserThread::UI, |
| 110 FROM_HERE, | 116 FROM_HERE, |
| 111 base::Bind(&ReportSuccessfulBlocks), | 117 base::Bind(&ReportSuccessfulBlocks), |
| 112 base::TimeDelta::FromSeconds(kBlacklistReportingDelaySec)); | 118 base::TimeDelta::FromSeconds(kBlacklistReportingDelaySec)); |
| 113 | 119 |
| 114 // Make sure the early finch emergency "off switch" for | 120 // Make sure the early finch emergency "off switch" for |
| 115 // sandbox::MITIGATION_EXTENSION_POINT_DISABLE is set properly in reg. | 121 // sandbox::MITIGATION_EXTENSION_POINT_DISABLE is set properly in reg. |
| 116 // Note: the very existence of this key signals elf to not enable | 122 // Note: the very existence of this key signals elf to not enable |
| 117 // this mitigation on browser next start. | 123 // this mitigation on browser next start. |
| 118 base::win::RegKey finch_security_registry_key( | 124 const base::string16 finch_path(install_static::GetRegistryPath().append( |
| 119 HKEY_CURRENT_USER, elf_sec::kRegSecurityFinchPath, KEY_READ); | 125 elf_sec::kRegSecurityFinchKeyName)); |
| 126 base::win::RegKey finch_security_registry_key(HKEY_CURRENT_USER, |
| 127 finch_path.c_str(), KEY_READ); |
| 120 | 128 |
| 121 if (base::FeatureList::IsEnabled(features::kWinSboxDisableExtensionPoints)) { | 129 if (base::FeatureList::IsEnabled(features::kWinSboxDisableExtensionPoints)) { |
| 122 if (finch_security_registry_key.Valid()) | 130 if (finch_security_registry_key.Valid()) |
| 123 finch_security_registry_key.DeleteKey(L""); | 131 finch_security_registry_key.DeleteKey(L""); |
| 124 } else { | 132 } else { |
| 125 if (!finch_security_registry_key.Valid()) | 133 if (!finch_security_registry_key.Valid()) { |
| 126 finch_security_registry_key.Create( | 134 finch_security_registry_key.Create(HKEY_CURRENT_USER, finch_path.c_str(), |
| 127 HKEY_CURRENT_USER, elf_sec::kRegSecurityFinchPath, KEY_WRITE); | 135 KEY_WRITE); |
| 136 } |
| 128 } | 137 } |
| 129 } | 138 } |
| 130 | 139 |
| 131 void BrowserBlacklistBeaconSetup() { | 140 void BrowserBlacklistBeaconSetup() { |
| 132 base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER, | 141 base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER, |
| 133 blacklist::kRegistryBeaconPath, | 142 GetBeaconRegistryPath().c_str(), |
| 134 KEY_QUERY_VALUE | KEY_SET_VALUE); | 143 KEY_QUERY_VALUE | KEY_SET_VALUE); |
| 135 | 144 |
| 136 // No point in trying to continue if the registry key isn't valid. | 145 // No point in trying to continue if the registry key isn't valid. |
| 137 if (!blacklist_registry_key.Valid()) | 146 if (!blacklist_registry_key.Valid()) |
| 138 return; | 147 return; |
| 139 | 148 |
| 140 // Record the results of the last blacklist setup. | 149 // Record the results of the last blacklist setup. |
| 141 DWORD blacklist_state = blacklist::BLACKLIST_STATE_MAX; | 150 DWORD blacklist_state = blacklist::BLACKLIST_STATE_MAX; |
| 142 blacklist_registry_key.ReadValueDW(blacklist::kBeaconState, &blacklist_state); | 151 blacklist_registry_key.ReadValueDW(blacklist::kBeaconState, &blacklist_state); |
| 143 | 152 |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 | 195 |
| 187 blacklist_registry_key.WriteValue(blacklist::kBeaconAttemptCount, | 196 blacklist_registry_key.WriteValue(blacklist::kBeaconAttemptCount, |
| 188 static_cast<DWORD>(0)); | 197 static_cast<DWORD>(0)); |
| 189 | 198 |
| 190 // Only report the blacklist as getting setup when both registry writes | 199 // Only report the blacklist as getting setup when both registry writes |
| 191 // succeed, since otherwise the blacklist wasn't properly setup. | 200 // succeed, since otherwise the blacklist wasn't properly setup. |
| 192 if (set_version == ERROR_SUCCESS && set_state == ERROR_SUCCESS) | 201 if (set_version == ERROR_SUCCESS && set_state == ERROR_SUCCESS) |
| 193 RecordBlacklistSetupEvent(BLACKLIST_SETUP_ENABLED); | 202 RecordBlacklistSetupEvent(BLACKLIST_SETUP_ENABLED); |
| 194 } | 203 } |
| 195 } | 204 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2760853002:
Remove use of PRODUCT_STRING_PATH in chrome_elf. (Closed)
