Tidy win7/8 comments in sandbox
Bug: 1385495 Change-Id: Ic751fc48dd9f8ca073f0c551b45fea919817e5e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4193257 Commit-Queue: Alex Gough <ajgo@chromium.org> Reviewed-by: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/main@{#1096551}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
82dcc814d3
commit
665e875dbf
docs/design
sandbox/win/src
@@ -53,8 +53,7 @@ found in the FAQ.
|
|||||||
The Windows sandbox is a user-mode only sandbox. There are no special kernel
|
The Windows sandbox is a user-mode only sandbox. There are no special kernel
|
||||||
mode drivers, and the user does not need to be an administrator in order for the
|
mode drivers, and the user does not need to be an administrator in order for the
|
||||||
sandbox to operate correctly. The sandbox is designed for both 32-bit and 64-bit
|
sandbox to operate correctly. The sandbox is designed for both 32-bit and 64-bit
|
||||||
processes and has been tested on all Windows OS flavors between Windows 7 and
|
processes and has been tested on all Windows OS flavors from Windows 10.
|
||||||
Windows 10, both 32-bit and 64-bit.
|
|
||||||
|
|
||||||
Sandbox operates at process-level granularity. Anything that needs to be
|
Sandbox operates at process-level granularity. Anything that needs to be
|
||||||
sandboxed needs to live on a separate process. The minimal sandbox configuration
|
sandboxed needs to live on a separate process. The minimal sandbox configuration
|
||||||
@@ -332,11 +331,11 @@ policies on the target process for enforcing security characteristics.
|
|||||||
|
|
||||||
* >= Win8
|
* >= Win8
|
||||||
* `ProcessExtensionPointDisablePolicy`
|
* `ProcessExtensionPointDisablePolicy`
|
||||||
* The following injection vectors are blocked:
|
* The following injection vectors are blocked:
|
||||||
* AppInit DLLs Winsock Layered Service Providers (LSPs)
|
* AppInit DLLs Winsock Layered Service Providers (LSPs)
|
||||||
* Global Window Hooks (not thread-targeted hooks)
|
* Global Window Hooks (not thread-targeted hooks)
|
||||||
* Legacy Input Method Editors (IMEs)
|
* Legacy Input Method Editors (IMEs)
|
||||||
|
|
||||||
#### Control Flow Guard (CFG):
|
#### Control Flow Guard (CFG):
|
||||||
|
|
||||||
* >= Win8.1 Update 3 (KB3000850)
|
* >= Win8.1 Update 3 (KB3000850)
|
||||||
@@ -563,6 +562,3 @@ the policy.
|
|||||||
Make sure any sensitive OS handles obtained with the initial token are closed
|
Make sure any sensitive OS handles obtained with the initial token are closed
|
||||||
before calling LowerToken(). Any leaked handle can be abused by malware to
|
before calling LowerToken(). Any leaked handle can be abused by malware to
|
||||||
escape the sandbox.
|
escape the sandbox.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@@ -147,8 +147,7 @@ bool HandleCloserAgent::CloseHandles() {
|
|||||||
// avoid invalid-handle exceptions.
|
// avoid invalid-handle exceptions.
|
||||||
if (base::win::IsAppVerifierLoaded())
|
if (base::win::IsAppVerifierLoaded())
|
||||||
return true;
|
return true;
|
||||||
// If the accurate handle enumeration fails then fallback to the old brute
|
|
||||||
// force approach. This should only happen on Windows 7 and 8.0.
|
|
||||||
absl::optional<ProcessHandleMap> handle_map = GetCurrentProcessHandles();
|
absl::optional<ProcessHandleMap> handle_map = GetCurrentProcessHandles();
|
||||||
if (!handle_map)
|
if (!handle_map)
|
||||||
return false;
|
return false;
|
||||||
|
@@ -13,8 +13,7 @@
|
|||||||
|
|
||||||
namespace sandbox {
|
namespace sandbox {
|
||||||
|
|
||||||
// This class sets up intercepts for the Win32K lockdown policy which is set
|
// This class sets up intercepts for the Win32K lockdown policy.
|
||||||
// on Windows 8 and beyond.
|
|
||||||
class ProcessMitigationsWin32KDispatcher : public Dispatcher {
|
class ProcessMitigationsWin32KDispatcher : public Dispatcher {
|
||||||
public:
|
public:
|
||||||
explicit ProcessMitigationsWin32KDispatcher(PolicyBase* policy_base);
|
explicit ProcessMitigationsWin32KDispatcher(PolicyBase* policy_base);
|
||||||
|
@@ -46,7 +46,7 @@ struct ServiceEntry {
|
|||||||
USHORT xchg_ax_ax2; // = 66 90
|
USHORT xchg_ax_ax2; // = 66 90
|
||||||
};
|
};
|
||||||
|
|
||||||
// Service code for 64 bit Windows 8.
|
// Service code for 64 bit Windows 8 and Windows 10 1507 (build 10240).
|
||||||
struct ServiceEntryW8 {
|
struct ServiceEntryW8 {
|
||||||
// This struct contains the following code:
|
// This struct contains the following code:
|
||||||
// 00 48894c2408 mov [rsp+8], rcx
|
// 00 48894c2408 mov [rsp+8], rcx
|
||||||
@@ -69,7 +69,7 @@ struct ServiceEntryW8 {
|
|||||||
BYTE nop; // = 90
|
BYTE nop; // = 90
|
||||||
};
|
};
|
||||||
|
|
||||||
// Service code for 64 bit systems with int 2e fallback.
|
// Service code for 64 bit systems with int 2e fallback. Windows 10 1511+
|
||||||
struct ServiceEntryWithInt2E {
|
struct ServiceEntryWithInt2E {
|
||||||
// This struct contains roughly the following code:
|
// This struct contains roughly the following code:
|
||||||
// 00 4c8bd1 mov r10,rcx
|
// 00 4c8bd1 mov r10,rcx
|
||||||
|
@@ -116,11 +116,11 @@ DWORD GetLastErrorFromNtStatus(NTSTATUS status);
|
|||||||
// the base address. This should only be called on new, suspended processes.
|
// the base address. This should only be called on new, suspended processes.
|
||||||
void* GetProcessBaseAddress(HANDLE process);
|
void* GetProcessBaseAddress(HANDLE process);
|
||||||
|
|
||||||
// Returns a map of handles open in the current process. The call will only
|
// Returns a map of handles open in the current process. The map is keyed by the
|
||||||
// works on Windows 8+. The map is keyed by the kernel object type name. If
|
// kernel object type name. If querying the handles fails an empty optional
|
||||||
// querying the handles fails an empty optional value is returned. Note that
|
// value is returned. Note that unless all threads are suspended in the process
|
||||||
// unless all threads are suspended in the process the valid handles could
|
// the valid handles could change between the return of the list and when you
|
||||||
// change between the return of the list and when you use them.
|
// use them.
|
||||||
absl::optional<ProcessHandleMap> GetCurrentProcessHandles();
|
absl::optional<ProcessHandleMap> GetCurrentProcessHandles();
|
||||||
|
|
||||||
} // namespace sandbox
|
} // namespace sandbox
|
||||||
|
Reference in New Issue
Block a user