diff options
Diffstat (limited to 'security/sandbox/chromium-shim')
15 files changed, 792 insertions, 0 deletions
diff --git a/security/sandbox/chromium-shim/base/MissingBasicTypes.h b/security/sandbox/chromium-shim/base/MissingBasicTypes.h new file mode 100644 index 000000000..20eef00ab --- /dev/null +++ b/security/sandbox/chromium-shim/base/MissingBasicTypes.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef security_sandbox_MissingBasicTypes_h__ +#define security_sandbox_MissingBasicTypes_h__ + +#include <stdint.h> + +// These types are still used by the Chromium sandbox code. When referencing +// Chromium sandbox code from Gecko we can't use the normal base/basictypes.h as +// it clashes with the one from ipc/chromium/src/base/. These types have been +// removed from the one in ipc/chromium/src/base/. +typedef int8_t int8; +typedef uint8_t uint8; +typedef int16_t int16; +typedef uint16_t uint16; +typedef int32_t int32; +typedef uint32_t uint32; +typedef int64_t int64; +typedef uint64_t uint64; + +#endif // security_sandbox_MissingBasicTypes_h__ diff --git a/security/sandbox/chromium-shim/base/debug/debugging_flags.h b/security/sandbox/chromium-shim/base/debug/debugging_flags.h new file mode 100644 index 000000000..ebb96dfca --- /dev/null +++ b/security/sandbox/chromium-shim/base/debug/debugging_flags.h @@ -0,0 +1,19 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a copy of a file that is generated by the chromium build. + +// Generated by build/write_buildflag_header.py +// From "//base:debugging_flags" + +#ifndef BASE_DEBUG_DEBUGGING_FLAGS_H_ +#define BASE_DEBUG_DEBUGGING_FLAGS_H_ + +#include "build/buildflag.h" + +#define BUILDFLAG_INTERNAL_ENABLE_PROFILING() (0) + +#endif // BASE_DEBUG_DEBUGGING_FLAGS_H_ diff --git a/security/sandbox/chromium-shim/base/file_version_info_win.h b/security/sandbox/chromium-shim/base/file_version_info_win.h new file mode 100644 index 000000000..8276900bd --- /dev/null +++ b/security/sandbox/chromium-shim/base/file_version_info_win.h @@ -0,0 +1,29 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a dummy version of Chromium source file base/file_version_info_win.h +// Within our copy of Chromium files FileVersionInfoWin is only used in +// base/win/windows_version.cc in GetVersionFromKernel32, which we don't use. + +#ifndef BASE_FILE_VERSION_INFO_WIN_H_ +#define BASE_FILE_VERSION_INFO_WIN_H_ + +struct tagVS_FIXEDFILEINFO; +typedef tagVS_FIXEDFILEINFO VS_FIXEDFILEINFO; + +namespace base { +class FilePath; +} + +class FileVersionInfoWin { + public: + static FileVersionInfoWin* + CreateFileVersionInfo(const base::FilePath& file_path) { return nullptr; } + + VS_FIXEDFILEINFO* fixed_file_info() { return nullptr; } +}; + +#endif // BASE_FILE_VERSION_INFO_WIN_H_ diff --git a/security/sandbox/chromium-shim/base/files/file_path.cpp b/security/sandbox/chromium-shim/base/files/file_path.cpp new file mode 100644 index 000000000..245118f9e --- /dev/null +++ b/security/sandbox/chromium-shim/base/files/file_path.cpp @@ -0,0 +1,19 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a dummy version of Chromium source file base/file/file_path.cc. +// To provide the functions required in base/win/windows_version.cc +// GetVersionFromKernel32, which we don't use. + +#include "base/files/file_path.h" + +namespace base { + +FilePath::FilePath(FilePath::StringPieceType path) { +} + +FilePath::~FilePath() { +} + +} // namespace base diff --git a/security/sandbox/chromium-shim/base/gtest_prod_util.h b/security/sandbox/chromium-shim/base/gtest_prod_util.h new file mode 100644 index 000000000..3eb93fa2a --- /dev/null +++ b/security/sandbox/chromium-shim/base/gtest_prod_util.h @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FRIEND_TEST +#define FRIEND_TEST(A, B) +#endif + +#ifndef FRIEND_TEST_ALL_PREFIXES +#define FRIEND_TEST_ALL_PREFIXES(test_case_name, test_name) +#endif + +#ifndef FORWARD_DECLARE_TEST +#define FORWARD_DECLARE_TEST(test_case_name, test_name) +#endif diff --git a/security/sandbox/chromium-shim/base/logging.cpp b/security/sandbox/chromium-shim/base/logging.cpp new file mode 100644 index 000000000..9c2113dcb --- /dev/null +++ b/security/sandbox/chromium-shim/base/logging.cpp @@ -0,0 +1,156 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a stripped down version of the Chromium source file base/logging.cc +// This prevents dependency on the Chromium logging and dependency creep in +// general. +// At some point we should find a way to hook this into our own logging see +// bug 1013988. +// The formatting in this file matches the original Chromium file to aid future +// merging. + +#include "base/logging.h" + +#if defined(OS_WIN) +#include <windows.h> +#endif + +#if defined(OS_POSIX) +#include <errno.h> +#endif + +#if defined(OS_WIN) +#include "base/strings/utf_string_conversions.h" +#endif + +#include <algorithm> + +namespace logging { + +namespace { + +int g_min_log_level = 0; + +LoggingDestination g_logging_destination = LOG_DEFAULT; + +// For LOG_ERROR and above, always print to stderr. +const int kAlwaysPrintErrorLevel = LOG_ERROR; + +// A log message handler that gets notified of every log message we process. +LogMessageHandlerFunction log_message_handler = nullptr; + +} // namespace + +void SetMinLogLevel(int level) { + g_min_log_level = std::min(LOG_FATAL, level); +} + +int GetMinLogLevel() { + return g_min_log_level; +} + +bool ShouldCreateLogMessage(int severity) { + if (severity < g_min_log_level) + return false; + + // Return true here unless we know ~LogMessage won't do anything. Note that + // ~LogMessage writes to stderr if severity_ >= kAlwaysPrintErrorLevel, even + // when g_logging_destination is LOG_NONE. + return g_logging_destination != LOG_NONE || log_message_handler || + severity >= kAlwaysPrintErrorLevel; +} + +int GetVlogLevelHelper(const char* file, size_t N) { + return 0; +} + +// Explicit instantiations for commonly used comparisons. +template std::string* MakeCheckOpString<int, int>( + const int&, const int&, const char* names); +template std::string* MakeCheckOpString<unsigned long, unsigned long>( + const unsigned long&, const unsigned long&, const char* names); +template std::string* MakeCheckOpString<unsigned long, unsigned int>( + const unsigned long&, const unsigned int&, const char* names); +template std::string* MakeCheckOpString<unsigned int, unsigned long>( + const unsigned int&, const unsigned long&, const char* names); +template std::string* MakeCheckOpString<std::string, std::string>( + const std::string&, const std::string&, const char* name); + +#if defined(OS_WIN) +LogMessage::SaveLastError::SaveLastError() : last_error_(::GetLastError()) { +} + +LogMessage::SaveLastError::~SaveLastError() { + ::SetLastError(last_error_); +} +#endif // defined(OS_WIN) + +LogMessage::LogMessage(const char* file, int line, LogSeverity severity) + : severity_(severity), file_(file), line_(line) { +} + +LogMessage::LogMessage(const char* file, int line, const char* condition) + : severity_(LOG_FATAL), file_(file), line_(line) { +} + +LogMessage::LogMessage(const char* file, int line, std::string* result) + : severity_(LOG_FATAL), file_(file), line_(line) { + delete result; +} + +LogMessage::LogMessage(const char* file, int line, LogSeverity severity, + std::string* result) + : severity_(severity), file_(file), line_(line) { + delete result; +} + +LogMessage::~LogMessage() { +} + +SystemErrorCode GetLastSystemErrorCode() { +#if defined(OS_WIN) + return ::GetLastError(); +#elif defined(OS_POSIX) + return errno; +#else +#error Not implemented +#endif +} + +#if defined(OS_WIN) +Win32ErrorLogMessage::Win32ErrorLogMessage(const char* file, + int line, + LogSeverity severity, + SystemErrorCode err) + : err_(err), + log_message_(file, line, severity) { +} + +Win32ErrorLogMessage::~Win32ErrorLogMessage() { +} +#elif defined(OS_POSIX) +ErrnoLogMessage::ErrnoLogMessage(const char* file, + int line, + LogSeverity severity, + SystemErrorCode err) + : err_(err), + log_message_(file, line, severity) { +} + +ErrnoLogMessage::~ErrnoLogMessage() { +} +#endif // OS_WIN + +void RawLog(int level, const char* message) { +} + +} // namespace logging + +#if defined(OS_WIN) +std::ostream& std::operator<<(std::ostream& out, const wchar_t* wstr) { + return out << base::WideToUTF8(std::wstring(wstr)); +} +#endif diff --git a/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h b/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h new file mode 100644 index 000000000..9a18a3637 --- /dev/null +++ b/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h @@ -0,0 +1,8 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Grab the copy from in our tree +#include "pr/include/prtime.h" diff --git a/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h b/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h new file mode 100644 index 000000000..6aec5e08f --- /dev/null +++ b/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h @@ -0,0 +1,8 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Grab the copy from in our tree +#include "pr/include/prtypes.h" diff --git a/security/sandbox/chromium-shim/base/tracked_objects.h b/security/sandbox/chromium-shim/base/tracked_objects.h new file mode 100644 index 000000000..837705ee9 --- /dev/null +++ b/security/sandbox/chromium-shim/base/tracked_objects.h @@ -0,0 +1,19 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _SECURITY_SANDBOX_TRACKED_OBJECTS_H_ +#define _SECURITY_SANDBOX_TRACKED_OBJECTS_H_ +namespace tracked_objects +{ + class ThreadData + { + public: + static void InitializeThreadContext(const std::string& name) + { + } + }; +} +#endif diff --git a/security/sandbox/chromium-shim/base/win/registry.h b/security/sandbox/chromium-shim/base/win/registry.h new file mode 100644 index 000000000..9fba57277 --- /dev/null +++ b/security/sandbox/chromium-shim/base/win/registry.h @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a stripped down version of Chromium source file base/win/registry.h +// Within our copy of Chromium files this is only used in base/win/windows_version.cc +// in OSInfo::processor_model_name, which we don't use. + +#ifndef BASE_WIN_REGISTRY_H_ +#define BASE_WIN_REGISTRY_H_ + +namespace base { +namespace win { + +class BASE_EXPORT RegKey { + public: + RegKey(HKEY rootkey, const wchar_t* subkey, REGSAM access) {} + ~RegKey() {} + + LONG ReadValue(const wchar_t* name, std::wstring* out_value) const + { + return 0; + } + + private: + DISALLOW_COPY_AND_ASSIGN(RegKey); +}; + +} // namespace win +} // namespace base + +#endif // BASE_WIN_REGISTRY_H_ diff --git a/security/sandbox/chromium-shim/base/win/sdkdecls.h b/security/sandbox/chromium-shim/base/win/sdkdecls.h new file mode 100644 index 000000000..e999ab967 --- /dev/null +++ b/security/sandbox/chromium-shim/base/win/sdkdecls.h @@ -0,0 +1,191 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ +#define _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ + +#include <windows.h> + +// This file contains definitions required for things dynamically loaded +// while building or targetting lower platform versions or lower SDKs. + +#if (_WIN32_WINNT < 0x0600) +typedef struct _STARTUPINFOEXA { + STARTUPINFOA StartupInfo; + LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; +} STARTUPINFOEXA, *LPSTARTUPINFOEXA; +typedef struct _STARTUPINFOEXW { + STARTUPINFOW StartupInfo; + LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; +} STARTUPINFOEXW, *LPSTARTUPINFOEXW; +#ifdef UNICODE +typedef STARTUPINFOEXW STARTUPINFOEX; +typedef LPSTARTUPINFOEXW LPSTARTUPINFOEX; +#else +typedef STARTUPINFOEXA STARTUPINFOEX; +typedef LPSTARTUPINFOEXA LPSTARTUPINFOEX; +#endif // UNICODE + +#define PROC_THREAD_ATTRIBUTE_NUMBER 0x0000FFFF +#define PROC_THREAD_ATTRIBUTE_THREAD 0x00010000 // Attribute may be used with thread creation +#define PROC_THREAD_ATTRIBUTE_INPUT 0x00020000 // Attribute is input only +#define PROC_THREAD_ATTRIBUTE_ADDITIVE 0x00040000 // Attribute may be "accumulated," e.g. bitmasks, counters, etc. + +#define ProcThreadAttributeValue(Number, Thread, Input, Additive) \ + (((Number) & PROC_THREAD_ATTRIBUTE_NUMBER) | \ + ((Thread != FALSE) ? PROC_THREAD_ATTRIBUTE_THREAD : 0) | \ + ((Input != FALSE) ? PROC_THREAD_ATTRIBUTE_INPUT : 0) | \ + ((Additive != FALSE) ? PROC_THREAD_ATTRIBUTE_ADDITIVE : 0)) + +#define ProcThreadAttributeHandleList 2 + +#define PROC_THREAD_ATTRIBUTE_HANDLE_LIST \ + ProcThreadAttributeValue (ProcThreadAttributeHandleList, FALSE, TRUE, FALSE) + +#define PROCESS_DEP_ENABLE 0x00000001 +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 + +// They dynamically load these, but they still use the functions to describe the +// function pointers! +WINBASEAPI +int +WINAPI +GetUserDefaultLocaleName( + _Out_writes_(cchLocaleName) LPWSTR lpLocaleName, + _In_ int cchLocaleName +); + +WINBASEAPI +BOOL +WINAPI +QueryThreadCycleTime( + _In_ HANDLE ThreadHandle, + _Out_ PULONG64 CycleTime + ); + +#endif // (_WIN32_WINNT >= 0x0600) + +#if (_WIN32_WINNT < 0x0601) +#define ProcThreadAttributeMitigationPolicy 7 +#define PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY \ + ProcThreadAttributeValue (ProcThreadAttributeMitigationPolicy, FALSE, TRUE, FALSE) + +#define PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE 0x01 +#define PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE 0x02 +#define PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE 0x04 +#endif // (_WIN32_WINNT >= 0x0601) + +#if (_WIN32_WINNT < 0x0602) +#define ProcThreadAttributeSecurityCapabilities 9 +#define PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES \ + ProcThreadAttributeValue (ProcThreadAttributeSecurityCapabilities, FALSE, TRUE, FALSE) + +#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_MASK (0x00000003 << 8) +#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_DEFER (0x00000000 << 8) +#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8) +#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8) +#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8) +#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_MASK (0x00000003 << 12) +#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_DEFER (0x00000000 << 12) +#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12) +#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12) +#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_RESERVED (0x00000003 << 12) +#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_MASK (0x00000003 << 16) +#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_DEFER (0x00000000 << 16) +#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16) +#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16) +#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_RESERVED (0x00000003 << 16) +#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_MASK (0x00000003 << 20) +#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_DEFER (0x00000000 << 20) +#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20) +#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20) +#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_RESERVED (0x00000003 << 20) +#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_MASK (0x00000003 << 24) +#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_DEFER (0x00000000 << 24) +#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24) +#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24) +#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_RESERVED (0x00000003 << 24) +#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_MASK (0x00000003 << 28) +#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_DEFER (0x00000000 << 28) +#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28) +#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28) +#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_RESERVED (0x00000003 << 28) +#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_MASK (0x00000003ui64 << 32) +#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_DEFER (0x00000000ui64 << 32) +#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001ui64 << 32) +#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002ui64 << 32) +#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_RESERVED (0x00000003ui64 << 32) + +// Check if we're including >= win8 winnt.h +#ifndef NTDDI_WIN8 + +typedef struct _SECURITY_CAPABILITIES { + PSID AppContainerSid; + PSID_AND_ATTRIBUTES Capabilities; + DWORD CapabilityCount; + DWORD Reserved; +} SECURITY_CAPABILITIES, *PSECURITY_CAPABILITIES, *LPSECURITY_CAPABILITIES; + +typedef enum _PROCESS_MITIGATION_POLICY { + ProcessDEPPolicy, + ProcessASLRPolicy, + ProcessReserved1MitigationPolicy, + ProcessStrictHandleCheckPolicy, + ProcessSystemCallDisablePolicy, + ProcessMitigationOptionsMask, + ProcessExtensionPointDisablePolicy, + MaxProcessMitigationPolicy +} PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY; + +#define LOAD_LIBRARY_SEARCH_DEFAULT_DIRS 0x00001000 + +typedef struct _PROCESS_MITIGATION_ASLR_POLICY { + union { + DWORD Flags; + struct { + DWORD EnableBottomUpRandomization : 1; + DWORD EnableForceRelocateImages : 1; + DWORD EnableHighEntropy : 1; + DWORD DisallowStrippedImages : 1; + DWORD ReservedFlags : 28; + }; + }; +} PROCESS_MITIGATION_ASLR_POLICY, *PPROCESS_MITIGATION_ASLR_POLICY; + +typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + union { + DWORD Flags; + struct { + DWORD RaiseExceptionOnInvalidHandleReference : 1; + DWORD HandleExceptionsPermanentlyEnabled : 1; + DWORD ReservedFlags : 30; + }; + }; +} PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; + +typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + union { + DWORD Flags; + struct { + DWORD DisallowWin32kSystemCalls : 1; + DWORD ReservedFlags : 31; + }; + }; +} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; + +typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + union { + DWORD Flags; + struct { + DWORD DisableExtensionPoints : 1; + DWORD ReservedFlags : 31; + }; + }; +} PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; + +#endif // NTDDI_WIN8 +#endif // (_WIN32_WINNT < 0x0602) +#endif // _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ diff --git a/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h b/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h new file mode 100644 index 000000000..f9402c527 --- /dev/null +++ b/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h @@ -0,0 +1,107 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef security_sandbox_loggingCallbacks_h__ +#define security_sandbox_loggingCallbacks_h__ + +#include <sstream> +#include <iostream> + +#include "mozilla/Logging.h" +#include "mozilla/Preferences.h" +#include "mozilla/sandboxing/loggingTypes.h" +#include "nsContentUtils.h" + +#include "mozilla/StackWalk.h" + +namespace mozilla { + +static LazyLogModule sSandboxTargetLog("SandboxTarget"); + +#define LOG_D(...) MOZ_LOG(sSandboxTargetLog, LogLevel::Debug, (__VA_ARGS__)) + +namespace sandboxing { + +static uint32_t sStackTraceDepth = 0; + +// NS_WalkStackCallback to write a formatted stack frame to an ostringstream. +static void +StackFrameToOStringStream(uint32_t aFrameNumber, void* aPC, void* aSP, + void* aClosure) +{ + std::ostringstream* stream = static_cast<std::ostringstream*>(aClosure); + MozCodeAddressDetails details; + char buf[1024]; + MozDescribeCodeAddress(aPC, &details); + MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details); + *stream << std::endl << "--" << buf; + stream->flush(); +} + +// Log to the browser console and, if DEBUG build, stderr. +static void +Log(const char* aMessageType, + const char* aFunctionName, + const char* aContext, + const bool aShouldLogStackTrace = false, + uint32_t aFramesToSkip = 0) +{ + std::ostringstream msgStream; + msgStream << "Process Sandbox " << aMessageType << ": " << aFunctionName; + if (aContext) { + msgStream << " for : " << aContext; + } + + if (aShouldLogStackTrace) { + if (sStackTraceDepth) { + msgStream << std::endl << "Stack Trace:"; + MozStackWalk(StackFrameToOStringStream, aFramesToSkip, sStackTraceDepth, + &msgStream, 0, nullptr); + } + } + + std::string msg = msgStream.str(); +#if defined(DEBUG) + // Use NS_DebugBreak directly as we want child process prefix, but not source + // file or line number. + NS_DebugBreak(NS_DEBUG_WARNING, nullptr, msg.c_str(), nullptr, -1); +#endif + + if (nsContentUtils::IsInitialized()) { + nsContentUtils::LogMessageToConsole(msg.c_str()); + } + + // As we don't always have the facility to log to console use MOZ_LOG as well. + LOG_D("%s", msg.c_str()); +} + +// Initialize sandbox logging if required. +static void +InitLoggingIfRequired(ProvideLogFunctionCb aProvideLogFunctionCb) +{ + if (!aProvideLogFunctionCb) { + return; + } + + if (Preferences::GetBool("security.sandbox.windows.log") || + PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING")) { + aProvideLogFunctionCb(Log); + +#if defined(MOZ_CONTENT_SANDBOX) + // We can only log the stack trace on process types where we know that the + // sandbox won't prevent it. + if (XRE_IsContentProcess()) { + Preferences::AddUintVarCache(&sStackTraceDepth, + "security.sandbox.windows.log.stackTraceDepth"); + } +#endif + } +} + +} // sandboxing +} // mozilla + +#endif // security_sandbox_loggingCallbacks_h__ diff --git a/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h b/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h new file mode 100644 index 000000000..c9b74c14e --- /dev/null +++ b/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h @@ -0,0 +1,27 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef security_sandbox_loggingTypes_h__ +#define security_sandbox_loggingTypes_h__ + +#include <stdint.h> + +namespace mozilla { +namespace sandboxing { + +// We are using callbacks here that are passed in from the core code to prevent +// a circular dependency in the linking during the build. +typedef void (*LogFunction) (const char* aMessageType, + const char* aFunctionName, + const char* aContext, + const bool aShouldLogStackTrace, + uint32_t aFramesToSkip); +typedef void (*ProvideLogFunctionCb) (LogFunction aLogFunction); + +} // sandboxing +} // mozilla + +#endif // security_sandbox_loggingTypes_h__ diff --git a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp new file mode 100644 index 000000000..fa2314f69 --- /dev/null +++ b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp @@ -0,0 +1,82 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "sandboxLogging.h" + +#include "base/strings/utf_string_conversions.h" +#include "sandbox/win/src/sandbox_policy.h" + +namespace mozilla { +namespace sandboxing { + +static LogFunction sLogFunction = nullptr; + +void +ProvideLogFunction(LogFunction aLogFunction) +{ + sLogFunction = aLogFunction; +} + +void +LogBlocked(const char* aFunctionName, const char* aContext, uint32_t aFramesToSkip) +{ + if (sLogFunction) { + sLogFunction("BLOCKED", aFunctionName, aContext, + /* aShouldLogStackTrace */ true, aFramesToSkip); + } +} + +void +LogBlocked(const char* aFunctionName, const wchar_t* aContext) +{ + if (sLogFunction) { + // Skip an extra frame to allow for this function. + LogBlocked(aFunctionName, base::WideToUTF8(aContext).c_str(), + /* aFramesToSkip */ 3); + } +} + +void +LogBlocked(const char* aFunctionName, const wchar_t* aContext, + uint16_t aLengthInBytes) +{ + if (sLogFunction) { + // Skip an extra frame to allow for this function. + LogBlocked(aFunctionName, + base::WideToUTF8(std::wstring(aContext, aLengthInBytes / sizeof(wchar_t))).c_str(), + /* aFramesToSkip */ 3); + } +} + +void +LogAllowed(const char* aFunctionName, const char* aContext) +{ + if (sLogFunction) { + sLogFunction("Broker ALLOWED", aFunctionName, aContext, + /* aShouldLogStackTrace */ false, /* aFramesToSkip */ 0); + } +} + +void +LogAllowed(const char* aFunctionName, const wchar_t* aContext) +{ + if (sLogFunction) { + LogAllowed(aFunctionName, base::WideToUTF8(aContext).c_str()); + } +} + +void +LogAllowed(const char* aFunctionName, const wchar_t* aContext, + uint16_t aLengthInBytes) +{ + if (sLogFunction) { + LogAllowed(aFunctionName, + base::WideToUTF8(std::wstring(aContext, aLengthInBytes / sizeof(wchar_t))).c_str()); + } +} + +} // sandboxing +} // mozilla diff --git a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h new file mode 100644 index 000000000..365afa574 --- /dev/null +++ b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Set of helper methods to implement logging for Windows sandbox. + */ + +#ifndef security_sandbox_sandboxLogging_h__ +#define security_sandbox_sandboxLogging_h__ + +#include "loggingTypes.h" + +namespace sandbox { +class TargetPolicy; +} + +namespace mozilla { +namespace sandboxing { + +// This is used to pass a LogCallback to the sandboxing code, as the logging +// requires code to which we cannot link directly. +void ProvideLogFunction(LogFunction aLogFunction); + +// Log a "BLOCKED" msg to the browser console and, if DEBUG build, stderr. +// If the logging of a stack trace is enabled then the default aFramesToSkip +// will start from our caller's caller, which should normally be the function +// that triggered the interception. +void LogBlocked(const char* aFunctionName, const char* aContext = nullptr, + uint32_t aFramesToSkip = 2); + +// Convenience functions to convert to char*. +void LogBlocked(const char* aFunctionName, const wchar_t* aContext); +void LogBlocked(const char* aFunctionName, const wchar_t* aContext, + uint16_t aLengthInBytes); + +// Log a "ALLOWED" msg to the browser console and, if DEBUG build, stderr. +void LogAllowed(const char* aFunctionName, const char* aContext = nullptr); + +// Convenience functions to convert to char*. +void LogAllowed(const char* aFunctionName, const wchar_t* aContext); +void LogAllowed(const char* aFunctionName, const wchar_t* aContext, + uint16_t aLengthInBytes); + + +} // sandboxing +} // mozilla + +#endif // security_sandbox_sandboxLogging_h__ |