| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/strings/stringprintf.h" | 5 #include "base/strings/stringprintf.h" |
| 6 #include "base/win/scoped_handle.h" | 6 #include "base/win/scoped_handle.h" |
| 7 | 7 |
| 8 #include "base/win/windows_version.h" | 8 #include "base/win/windows_version.h" |
| 9 #include "sandbox/win/src/nt_internals.h" | 9 #include "sandbox/win/src/nt_internals.h" |
| 10 #include "sandbox/win/src/process_mitigations.h" | 10 #include "sandbox/win/src/process_mitigations.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 | 81 |
| 82 } // namespace | 82 } // namespace |
| 83 | 83 |
| 84 namespace sandbox { | 84 namespace sandbox { |
| 85 | 85 |
| 86 SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) { | 86 SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) { |
| 87 get_process_mitigation_policy = | 87 get_process_mitigation_policy = |
| 88 reinterpret_cast<GetProcessMitigationPolicyFunction>( | 88 reinterpret_cast<GetProcessMitigationPolicyFunction>( |
| 89 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"), | 89 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"), |
| 90 "GetProcessMitigationPolicy")); | 90 "GetProcessMitigationPolicy")); |
| 91 | |
| 92 if (!get_process_mitigation_policy) | 91 if (!get_process_mitigation_policy) |
| 93 return SBOX_TEST_NOT_FOUND; | 92 return SBOX_TEST_NOT_FOUND; |
| 94 | 93 |
| 95 if (!CheckWin8DepPolicy()) | 94 if (!CheckWin8DepPolicy()) |
| 96 return SBOX_TEST_FIRST_ERROR; | 95 return SBOX_TEST_FIRST_ERROR; |
| 97 | 96 |
| 98 #if defined(NDEBUG) // ASLR cannot be forced in debug builds. | 97 #if defined(NDEBUG) // ASLR cannot be forced in debug builds. |
| 99 if (!CheckWin8AslrPolicy()) | 98 if (!CheckWin8AslrPolicy()) |
| 100 return SBOX_TEST_SECOND_ERROR; | 99 return SBOX_TEST_SECOND_ERROR; |
| 101 #endif | 100 #endif |
| 102 | 101 |
| 103 if (!CheckWin8StrictHandlePolicy()) | 102 if (!CheckWin8StrictHandlePolicy()) |
| 104 return SBOX_TEST_THIRD_ERROR; | 103 return SBOX_TEST_THIRD_ERROR; |
| 105 | 104 |
| 106 if (!CheckWin8Win32CallPolicy()) | |
| 107 return SBOX_TEST_FOURTH_ERROR; | |
| 108 | |
| 109 if (!CheckWin8DllExtensionPolicy()) | 105 if (!CheckWin8DllExtensionPolicy()) |
| 110 return SBOX_TEST_FIFTH_ERROR; | 106 return SBOX_TEST_FIFTH_ERROR; |
| 111 | 107 |
| 112 return SBOX_TEST_SUCCEEDED; | 108 return SBOX_TEST_SUCCEEDED; |
| 113 } | 109 } |
| 114 | 110 |
| 115 TEST(ProcessMitigationsTest, CheckWin8) { | 111 TEST(ProcessMitigationsTest, CheckWin8) { |
| 116 if (base::win::GetVersion() < base::win::VERSION_WIN8) | 112 if (base::win::GetVersion() < base::win::VERSION_WIN8) |
| 117 return; | 113 return; |
| 118 | 114 |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 194 | 190 |
| 195 EXPECT_EQ(policy->SetProcessMitigations( | 191 EXPECT_EQ(policy->SetProcessMitigations( |
| 196 MITIGATION_DEP | | 192 MITIGATION_DEP | |
| 197 MITIGATION_DEP_NO_ATL_THUNK | | 193 MITIGATION_DEP_NO_ATL_THUNK | |
| 198 MITIGATION_SEHOP), | 194 MITIGATION_SEHOP), |
| 199 SBOX_ALL_OK); | 195 SBOX_ALL_OK); |
| 200 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDep")); | 196 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDep")); |
| 201 } | 197 } |
| 202 #endif | 198 #endif |
| 203 | 199 |
| 200 SBOX_TESTS_COMMAND int CheckWin8Lockdown(int argc, wchar_t **argv) { |
| 201 get_process_mitigation_policy = |
| 202 reinterpret_cast<GetProcessMitigationPolicyFunction>( |
| 203 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"), |
| 204 "GetProcessMitigationPolicy")); |
| 205 if (!get_process_mitigation_policy) |
| 206 return SBOX_TEST_NOT_FOUND; |
| 207 |
| 208 if (!CheckWin8Win32CallPolicy()) |
| 209 return SBOX_TEST_FIRST_ERROR; |
| 210 return SBOX_TEST_SUCCEEDED; |
| 211 } |
| 212 |
| 213 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on |
| 214 // the target process causes the launch to fail in process initialization. |
| 215 // The test process itself links against user32/gdi32. |
| 216 TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownFailure) { |
| 217 if (base::win::GetVersion() < base::win::VERSION_WIN8) |
| 218 return; |
| 219 |
| 220 TestRunner runner; |
| 221 sandbox::TargetPolicy* policy = runner.GetPolicy(); |
| 222 |
| 223 EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE), |
| 224 SBOX_ALL_OK); |
| 225 EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown")); |
| 226 } |
| 227 |
| 228 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation |
| 229 // along with the policy to fake user32 and gdi32 initialization successfully |
| 230 // launches the target process. |
| 231 // The test process itself links against user32/gdi32. |
| 232 TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownSuccess) { |
| 233 if (base::win::GetVersion() < base::win::VERSION_WIN8) |
| 234 return; |
| 235 |
| 236 TestRunner runner; |
| 237 sandbox::TargetPolicy* policy = runner.GetPolicy(); |
| 238 |
| 239 EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE), |
| 240 SBOX_ALL_OK); |
| 241 EXPECT_EQ(policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN, |
| 242 sandbox::TargetPolicy::FAKE_USER_GDI_INIT, NULL), |
| 243 sandbox::SBOX_ALL_OK); |
| 244 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown")); |
| 245 } |
| 246 |
| 204 } // namespace sandbox | 247 } // namespace sandbox |
| 205 | 248 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 318603003:
Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src