Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1027)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/sandbox_policy.h

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/win/src/process_mitigations.cc ('K') | « sandbox/win/src/process_mitigations_test.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/sandbox_policy.h
===================================================================
--- sandbox/win/src/sandbox_policy.h (revision 155197)
+++ sandbox/win/src/sandbox_policy.h (working copy)
@@ -164,6 +164,77 @@
// Sets a capability to be enabled for the sandboxed process' AppContainer.
virtual ResultCode SetCapability(const wchar_t* sid) = 0;
+ // These flags correspond to various process-level mitigations (eg. ASLR and
+ // DEP). Most are implemented via UpdateProcThreadAttribute() plus flags for
+ // the PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute argument; documented
+ // here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686880
+ // Some mitigations are implemented directly by the sandbox or emulated to
+ // the greatest extent possible when not directly supported by the OS.
+ // Flags that are unsupported for the target OS will be silently ignored.
+ // Flags that are invalid for their application (pre or post startup) will
+ // return SBOX_ERROR_BAD_PARAMS.
+ //
+ // Permanently enables DEP for the target process. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE.
+ static const uint64 MITIGATION_DEP = 0x00000001;
+ // Permanently Disables ATL thunk emulation when DEP is enabled. Valid
+ // only when MITIGATION_DEP is passed. Corresponds to not passing
+ // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE.
+ static const uint64 MITIGATION_DEP_NO_ATL_THUNK = 0x00000002;
+ // Enables Structured exception handling override prevention. Must be
+ // enabled prior to process start. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE.
+ static const uint64 MITIGATION_SEHOP = 0x00000004;
+ // Forces ASLR on all images in the child process. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON .
+ static const uint64 MITIGATION_RELOCATE_IMAGE = 0x00000008;
+ // Refuses to load DLLs that cannot support ASLR. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS.
+ static const uint64 MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010;
+ // Terminates the process on Windows heap corruption. Coresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON.
+ static const uint64 MITIGATION_HEAP_TERMINATE = 0x00000020;
+ // Sets a random lower bound as the minimum user address. Must be
+ // enabled prior to process start. On 32-bit processes this is
+ // emulated to a much smaller degree. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON.
+ static const uint64 MITIGATION_BOTTOM_UP_ASLR = 0x00000040;
+ // Increases the randomness range of bottom-up ASLR to up to 1TB. Must be
+ // enabled prior to process start and with MITIGATION_BOTTOM_UP_ASLR.
+ // Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON
+ static const uint64 MITIGATION_HIGH_ENTROPY_ASLR = 0x00000080;
+ // Immediately raises an exception on a bad handle reference. Must be
+ // enabled after startup. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON.
+ static const uint64 MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100;
+ // Prevents the process from making Win32k calls. Must be enabled after
+ // startup. Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON.
+ static const uint64 MITIGATION_WIN32K_DISABLE = 0x00000200;
+ // Disables common DLL injection methods (e.g. window hooks and
+ // App_InitDLLs). Corresponds to
+ // PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON.
+ static const uint64 MITIGATION_EXTENSION_DLL_DISABLE = 0x00000400;
+ // Sets the DLL search order to LOAD_LIBRARY_SEARCH_DEFAULT_DIRS. Additional
+ // directories can be added via the Windows AddDllDirectory() function.
+ // http://msdn.microsoft.com/en-us/library/windows/desktop/hh310515
+ // Must be enabled after startup.
+ static const uint64 MITIGATION_DLL_SEARCH_ORDER = 0x00000001ULL << 32;
+
+ // Sets the mitigation flags (described above) for starting the process.
+ virtual ResultCode SetProcessMitigations(uint64 flags) = 0;
+
+ // Returns the currently set mitigation flags (described above).
+ virtual uint64 GetProcessMitigations() = 0;
+
+ // Sets the process mitigation flags. These flags will not take effect
+ // in the call to LowerToken (described above).
+ virtual ResultCode SetDelayedProcessMitigations(uint64 flags) = 0;
+
+ // Returns the currently set delayed mitigation flags (described above).
+ virtual uint64 GetDelayedProcessMitigations() = 0;
+
// Sets the interceptions to operate in strict mode. By default, interceptions
// are performed in "relaxed" mode, where if something inside NTDLL.DLL is
// already patched we attempt to intercept it anyway. Setting interceptions
« sandbox/win/src/process_mitigations.cc ('K') | « sandbox/win/src/process_mitigations_test.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698