Tidy win7/8 comments in sandbox

Bug: 1385495
Change-Id: Ic751fc48dd9f8ca073f0c551b45fea919817e5e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4193257
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1096551}

This commit is contained in:

Alex Gough

2023-01-25 01:29:37 +00:00

committed by

Chromium LUCI CQ

parent 82dcc814d3

commit 665e875dbf

5 changed files with 13 additions and 19 deletions

docs/design

sandbox.md

sandbox/win/src

handle_closer_agent.cc process_mitigations_win32k_dispatcher.h service_resolver_64.cc win_utils.h

									
										12

docs/design/sandbox.md
									
				@ -53,8 +53,7 @@ found in the FAQ.

				The Windows sandbox is a user-mode only sandbox. There are no special kernel

				mode drivers, and the user does not need to be an administrator in order for the

				sandbox to operate correctly. The sandbox is designed for both 32-bit and 64-bit

				processes and has been tested on all Windows OS flavors between Windows 7 and

				Windows 10, both 32-bit and 64-bit.

				processes and has been tested on all Windows OS flavors from Windows 10.

				Sandbox operates at process-level granularity. Anything that needs to be

				sandboxed needs to live on a separate process. The minimal sandbox configuration

				@ -332,11 +331,11 @@ policies on the target process for enforcing security characteristics.

				* &gt;= Win8

				* `ProcessExtensionPointDisablePolicy`

				* The following injection vectors are blocked: 

				* The following injection vectors are blocked:

				  * AppInit DLLs Winsock Layered Service Providers (LSPs)

				  * Global Window Hooks (not thread-targeted hooks)

				  * Legacy Input Method Editors (IMEs) 

				  * Legacy Input Method Editors (IMEs)

				#### Control Flow Guard (CFG):

				* &gt;= Win8.1 Update 3 (KB3000850)

				@ -563,6 +562,3 @@ the policy.

				Make sure any sensitive OS handles obtained with the initial token are closed

				before calling LowerToken(). Any leaked handle can be abused by malware to

				escape the sandbox.

									
										3

sandbox/win/src/handle_closer_agent.cc
									
				@ -147,8 +147,7 @@ bool HandleCloserAgent::CloseHandles() {

				  // avoid invalid-handle exceptions.

				  if (base::win::IsAppVerifierLoaded())

				    return true;

				  // If the accurate handle enumeration fails then fallback to the old brute

				  // force approach. This should only happen on Windows 7 and 8.0.

				  absl::optional<ProcessHandleMap> handle_map = GetCurrentProcessHandles();

				  if (!handle_map)

				    return false;

									
										3

sandbox/win/src/process_mitigations_win32k_dispatcher.h
									
				@ -13,8 +13,7 @@

				namespace sandbox {

				// This class sets up intercepts for the Win32K lockdown policy which is set

				// on Windows 8 and beyond.

				// This class sets up intercepts for the Win32K lockdown policy.

				class ProcessMitigationsWin32KDispatcher : public Dispatcher {

				 public:

				  explicit ProcessMitigationsWin32KDispatcher(PolicyBase* policy_base);

									
										4

sandbox/win/src/service_resolver_64.cc
									
				@ -46,7 +46,7 @@ struct ServiceEntry {

				  USHORT xchg_ax_ax2;         // = 66 90

				};

				// Service code for 64 bit Windows 8.

				// Service code for 64 bit Windows 8 and Windows 10 1507 (build 10240).

				struct ServiceEntryW8 {

				  // This struct contains the following code:

				  // 00 48894c2408      mov     [rsp+8], rcx

				@ -69,7 +69,7 @@ struct ServiceEntryW8 {

				  BYTE nop;                   // = 90

				};

				// Service code for 64 bit systems with int 2e fallback.

				// Service code for 64 bit systems with int 2e fallback. Windows 10 1511+

				struct ServiceEntryWithInt2E {

				  // This struct contains roughly the following code:

				  // 00 4c8bd1           mov     r10,rcx

									
										10

sandbox/win/src/win_utils.h
									
				@ -116,11 +116,11 @@ DWORD GetLastErrorFromNtStatus(NTSTATUS status);

				// the base address. This should only be called on new, suspended processes.

				void* GetProcessBaseAddress(HANDLE process);

				// Returns a map of handles open in the current process. The call will only

				// works on Windows 8+. The map is keyed by the kernel object type name. If

				// querying the handles fails an empty optional value is returned. Note that

				// unless all threads are suspended in the process the valid handles could

				// change between the return of the list and when you use them.

				// Returns a map of handles open in the current process. The map is keyed by the

				// kernel object type name. If querying the handles fails an empty optional

				// value is returned. Note that unless all threads are suspended in the process

				// the valid handles could change between the return of the list and when you

				// use them.

				absl::optional<ProcessHandleMap> GetCurrentProcessHandles();

				}  // namespace sandbox

Tidy win7/8 comments in sandbox

12 docs/design/sandbox.md

3 sandbox/win/src/handle_closer_agent.cc

3 sandbox/win/src/process_mitigations_win32k_dispatcher.h

4 sandbox/win/src/service_resolver_64.cc

10 sandbox/win/src/win_utils.h

12

docs/design/sandbox.md

3

sandbox/win/src/handle_closer_agent.cc

3

sandbox/win/src/process_mitigations_win32k_dispatcher.h

4

sandbox/win/src/service_resolver_64.cc

10

sandbox/win/src/win_utils.h