OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome_elf/chrome_elf_security.h" | 5 #include "chrome_elf/chrome_elf_security.h" |
6 | 6 |
7 #include <assert.h> | 7 #include <assert.h> |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <versionhelpers.h> // windows.h must be before | 9 #include <versionhelpers.h> // windows.h must be before |
10 | 10 |
| 11 #include "chrome/install_static/install_util.h" |
11 #include "chrome_elf/chrome_elf_constants.h" | 12 #include "chrome_elf/chrome_elf_constants.h" |
12 #include "chrome_elf/nt_registry/nt_registry.h" | 13 #include "chrome_elf/nt_registry/nt_registry.h" |
13 | 14 |
14 namespace elf_security { | 15 namespace elf_security { |
15 | 16 |
16 void EarlyBrowserSecurity() { | 17 void EarlyBrowserSecurity() { |
17 typedef decltype(SetProcessMitigationPolicy)* SetProcessMitigationPolicyFunc; | 18 typedef decltype(SetProcessMitigationPolicy)* SetProcessMitigationPolicyFunc; |
18 | 19 |
19 // This function is called from within DllMain. | 20 // This function is called from within DllMain. |
20 // Don't do anything naughty while we have the loader lock. | 21 // Don't do anything naughty while we have the loader lock. |
21 NTSTATUS ret_val = STATUS_SUCCESS; | 22 NTSTATUS ret_val = STATUS_SUCCESS; |
22 HANDLE handle = INVALID_HANDLE_VALUE; | 23 HANDLE handle = INVALID_HANDLE_VALUE; |
23 | 24 |
24 // Check for kRegistrySecurityFinchPath. If it exists, | 25 // Check for kRegistrySecurityFinchPath. If it exists, |
25 // we do NOT disable extension points. (Emergency off flag.) | 26 // we do NOT disable extension points. (Emergency off flag.) |
26 if (nt::OpenRegKey(nt::HKCU, elf_sec::kRegSecurityFinchPath, KEY_QUERY_VALUE, | 27 if (nt::OpenRegKey(nt::HKCU, |
27 &handle, &ret_val)) { | 28 install_static::GetRegistryPath() |
| 29 .append(elf_sec::kRegSecurityFinchKeyName) |
| 30 .c_str(), |
| 31 KEY_QUERY_VALUE, &handle, &ret_val)) { |
28 nt::CloseRegKey(handle); | 32 nt::CloseRegKey(handle); |
29 return; | 33 return; |
30 } | 34 } |
31 #ifdef _DEBUG | 35 #ifdef _DEBUG |
32 // The only failure expected is for the path not existing. | 36 // The only failure expected is for the path not existing. |
33 if (ret_val != STATUS_OBJECT_NAME_NOT_FOUND) | 37 if (ret_val != STATUS_OBJECT_NAME_NOT_FOUND) |
34 assert(false); | 38 assert(false); |
35 #endif | 39 #endif |
36 | 40 |
37 if (::IsWindows8OrGreater()) { | 41 if (::IsWindows8OrGreater()) { |
38 SetProcessMitigationPolicyFunc set_process_mitigation_policy = | 42 SetProcessMitigationPolicyFunc set_process_mitigation_policy = |
39 reinterpret_cast<SetProcessMitigationPolicyFunc>(::GetProcAddress( | 43 reinterpret_cast<SetProcessMitigationPolicyFunc>(::GetProcAddress( |
40 ::GetModuleHandleW(L"kernel32.dll"), "SetProcessMitigationPolicy")); | 44 ::GetModuleHandleW(L"kernel32.dll"), "SetProcessMitigationPolicy")); |
41 if (set_process_mitigation_policy) { | 45 if (set_process_mitigation_policy) { |
42 // Disable extension points in this process. | 46 // Disable extension points in this process. |
43 // (Legacy hooking.) | 47 // (Legacy hooking.) |
44 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; | 48 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
45 policy.DisableExtensionPoints = true; | 49 policy.DisableExtensionPoints = true; |
46 set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, &policy, | 50 set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, &policy, |
47 sizeof(policy)); | 51 sizeof(policy)); |
48 } | 52 } |
49 } | 53 } |
50 return; | 54 return; |
51 } | 55 } |
52 } // namespace elf_security | 56 } // namespace elf_security |
OLD | NEW |