From 43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 3 May 2018 05:55:15 +0200 Subject: Nuke the sandbox --- .../sandbox/chromium-shim/base/MissingBasicTypes.h | 25 --- .../chromium-shim/base/debug/debugging_flags.h | 19 -- .../chromium-shim/base/file_version_info_win.h | 29 ---- .../sandbox/chromium-shim/base/files/file_path.cpp | 19 -- .../sandbox/chromium-shim/base/gtest_prod_util.h | 17 -- security/sandbox/chromium-shim/base/logging.cpp | 156 ----------------- .../chromium-shim/base/third_party/nspr/prtime.h | 8 - .../chromium-shim/base/third_party/nspr/prtypes.h | 8 - .../sandbox/chromium-shim/base/tracked_objects.h | 19 -- security/sandbox/chromium-shim/base/win/registry.h | 34 ---- security/sandbox/chromium-shim/base/win/sdkdecls.h | 191 --------------------- .../chromium-shim/sandbox/win/loggingCallbacks.h | 98 ----------- .../chromium-shim/sandbox/win/loggingTypes.h | 27 --- .../chromium-shim/sandbox/win/sandboxLogging.cpp | 82 --------- .../chromium-shim/sandbox/win/sandboxLogging.h | 51 ------ 15 files changed, 783 deletions(-) delete mode 100644 security/sandbox/chromium-shim/base/MissingBasicTypes.h delete mode 100644 security/sandbox/chromium-shim/base/debug/debugging_flags.h delete mode 100644 security/sandbox/chromium-shim/base/file_version_info_win.h delete mode 100644 security/sandbox/chromium-shim/base/files/file_path.cpp delete mode 100644 security/sandbox/chromium-shim/base/gtest_prod_util.h delete mode 100644 security/sandbox/chromium-shim/base/logging.cpp delete mode 100644 security/sandbox/chromium-shim/base/third_party/nspr/prtime.h delete mode 100644 security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h delete mode 100644 security/sandbox/chromium-shim/base/tracked_objects.h delete mode 100644 security/sandbox/chromium-shim/base/win/registry.h delete mode 100644 security/sandbox/chromium-shim/base/win/sdkdecls.h delete mode 100644 security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h delete mode 100644 security/sandbox/chromium-shim/sandbox/win/loggingTypes.h delete mode 100644 security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp delete mode 100644 security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h (limited to 'security/sandbox/chromium-shim') diff --git a/security/sandbox/chromium-shim/base/MissingBasicTypes.h b/security/sandbox/chromium-shim/base/MissingBasicTypes.h deleted file mode 100644 index 20eef00ab..000000000 --- a/security/sandbox/chromium-shim/base/MissingBasicTypes.h +++ /dev/null @@ -1,25 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef security_sandbox_MissingBasicTypes_h__ -#define security_sandbox_MissingBasicTypes_h__ - -#include - -// These types are still used by the Chromium sandbox code. When referencing -// Chromium sandbox code from Gecko we can't use the normal base/basictypes.h as -// it clashes with the one from ipc/chromium/src/base/. These types have been -// removed from the one in ipc/chromium/src/base/. -typedef int8_t int8; -typedef uint8_t uint8; -typedef int16_t int16; -typedef uint16_t uint16; -typedef int32_t int32; -typedef uint32_t uint32; -typedef int64_t int64; -typedef uint64_t uint64; - -#endif // security_sandbox_MissingBasicTypes_h__ diff --git a/security/sandbox/chromium-shim/base/debug/debugging_flags.h b/security/sandbox/chromium-shim/base/debug/debugging_flags.h deleted file mode 100644 index ebb96dfca..000000000 --- a/security/sandbox/chromium-shim/base/debug/debugging_flags.h +++ /dev/null @@ -1,19 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// This is a copy of a file that is generated by the chromium build. - -// Generated by build/write_buildflag_header.py -// From "//base:debugging_flags" - -#ifndef BASE_DEBUG_DEBUGGING_FLAGS_H_ -#define BASE_DEBUG_DEBUGGING_FLAGS_H_ - -#include "build/buildflag.h" - -#define BUILDFLAG_INTERNAL_ENABLE_PROFILING() (0) - -#endif // BASE_DEBUG_DEBUGGING_FLAGS_H_ diff --git a/security/sandbox/chromium-shim/base/file_version_info_win.h b/security/sandbox/chromium-shim/base/file_version_info_win.h deleted file mode 100644 index 8276900bd..000000000 --- a/security/sandbox/chromium-shim/base/file_version_info_win.h +++ /dev/null @@ -1,29 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// This is a dummy version of Chromium source file base/file_version_info_win.h -// Within our copy of Chromium files FileVersionInfoWin is only used in -// base/win/windows_version.cc in GetVersionFromKernel32, which we don't use. - -#ifndef BASE_FILE_VERSION_INFO_WIN_H_ -#define BASE_FILE_VERSION_INFO_WIN_H_ - -struct tagVS_FIXEDFILEINFO; -typedef tagVS_FIXEDFILEINFO VS_FIXEDFILEINFO; - -namespace base { -class FilePath; -} - -class FileVersionInfoWin { - public: - static FileVersionInfoWin* - CreateFileVersionInfo(const base::FilePath& file_path) { return nullptr; } - - VS_FIXEDFILEINFO* fixed_file_info() { return nullptr; } -}; - -#endif // BASE_FILE_VERSION_INFO_WIN_H_ diff --git a/security/sandbox/chromium-shim/base/files/file_path.cpp b/security/sandbox/chromium-shim/base/files/file_path.cpp deleted file mode 100644 index 245118f9e..000000000 --- a/security/sandbox/chromium-shim/base/files/file_path.cpp +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// This is a dummy version of Chromium source file base/file/file_path.cc. -// To provide the functions required in base/win/windows_version.cc -// GetVersionFromKernel32, which we don't use. - -#include "base/files/file_path.h" - -namespace base { - -FilePath::FilePath(FilePath::StringPieceType path) { -} - -FilePath::~FilePath() { -} - -} // namespace base diff --git a/security/sandbox/chromium-shim/base/gtest_prod_util.h b/security/sandbox/chromium-shim/base/gtest_prod_util.h deleted file mode 100644 index 3eb93fa2a..000000000 --- a/security/sandbox/chromium-shim/base/gtest_prod_util.h +++ /dev/null @@ -1,17 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef FRIEND_TEST -#define FRIEND_TEST(A, B) -#endif - -#ifndef FRIEND_TEST_ALL_PREFIXES -#define FRIEND_TEST_ALL_PREFIXES(test_case_name, test_name) -#endif - -#ifndef FORWARD_DECLARE_TEST -#define FORWARD_DECLARE_TEST(test_case_name, test_name) -#endif diff --git a/security/sandbox/chromium-shim/base/logging.cpp b/security/sandbox/chromium-shim/base/logging.cpp deleted file mode 100644 index 9c2113dcb..000000000 --- a/security/sandbox/chromium-shim/base/logging.cpp +++ /dev/null @@ -1,156 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// This is a stripped down version of the Chromium source file base/logging.cc -// This prevents dependency on the Chromium logging and dependency creep in -// general. -// At some point we should find a way to hook this into our own logging see -// bug 1013988. -// The formatting in this file matches the original Chromium file to aid future -// merging. - -#include "base/logging.h" - -#if defined(OS_WIN) -#include -#endif - -#if defined(OS_POSIX) -#include -#endif - -#if defined(OS_WIN) -#include "base/strings/utf_string_conversions.h" -#endif - -#include - -namespace logging { - -namespace { - -int g_min_log_level = 0; - -LoggingDestination g_logging_destination = LOG_DEFAULT; - -// For LOG_ERROR and above, always print to stderr. -const int kAlwaysPrintErrorLevel = LOG_ERROR; - -// A log message handler that gets notified of every log message we process. -LogMessageHandlerFunction log_message_handler = nullptr; - -} // namespace - -void SetMinLogLevel(int level) { - g_min_log_level = std::min(LOG_FATAL, level); -} - -int GetMinLogLevel() { - return g_min_log_level; -} - -bool ShouldCreateLogMessage(int severity) { - if (severity < g_min_log_level) - return false; - - // Return true here unless we know ~LogMessage won't do anything. Note that - // ~LogMessage writes to stderr if severity_ >= kAlwaysPrintErrorLevel, even - // when g_logging_destination is LOG_NONE. - return g_logging_destination != LOG_NONE || log_message_handler || - severity >= kAlwaysPrintErrorLevel; -} - -int GetVlogLevelHelper(const char* file, size_t N) { - return 0; -} - -// Explicit instantiations for commonly used comparisons. -template std::string* MakeCheckOpString( - const int&, const int&, const char* names); -template std::string* MakeCheckOpString( - const unsigned long&, const unsigned long&, const char* names); -template std::string* MakeCheckOpString( - const unsigned long&, const unsigned int&, const char* names); -template std::string* MakeCheckOpString( - const unsigned int&, const unsigned long&, const char* names); -template std::string* MakeCheckOpString( - const std::string&, const std::string&, const char* name); - -#if defined(OS_WIN) -LogMessage::SaveLastError::SaveLastError() : last_error_(::GetLastError()) { -} - -LogMessage::SaveLastError::~SaveLastError() { - ::SetLastError(last_error_); -} -#endif // defined(OS_WIN) - -LogMessage::LogMessage(const char* file, int line, LogSeverity severity) - : severity_(severity), file_(file), line_(line) { -} - -LogMessage::LogMessage(const char* file, int line, const char* condition) - : severity_(LOG_FATAL), file_(file), line_(line) { -} - -LogMessage::LogMessage(const char* file, int line, std::string* result) - : severity_(LOG_FATAL), file_(file), line_(line) { - delete result; -} - -LogMessage::LogMessage(const char* file, int line, LogSeverity severity, - std::string* result) - : severity_(severity), file_(file), line_(line) { - delete result; -} - -LogMessage::~LogMessage() { -} - -SystemErrorCode GetLastSystemErrorCode() { -#if defined(OS_WIN) - return ::GetLastError(); -#elif defined(OS_POSIX) - return errno; -#else -#error Not implemented -#endif -} - -#if defined(OS_WIN) -Win32ErrorLogMessage::Win32ErrorLogMessage(const char* file, - int line, - LogSeverity severity, - SystemErrorCode err) - : err_(err), - log_message_(file, line, severity) { -} - -Win32ErrorLogMessage::~Win32ErrorLogMessage() { -} -#elif defined(OS_POSIX) -ErrnoLogMessage::ErrnoLogMessage(const char* file, - int line, - LogSeverity severity, - SystemErrorCode err) - : err_(err), - log_message_(file, line, severity) { -} - -ErrnoLogMessage::~ErrnoLogMessage() { -} -#endif // OS_WIN - -void RawLog(int level, const char* message) { -} - -} // namespace logging - -#if defined(OS_WIN) -std::ostream& std::operator<<(std::ostream& out, const wchar_t* wstr) { - return out << base::WideToUTF8(std::wstring(wstr)); -} -#endif diff --git a/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h b/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h deleted file mode 100644 index 9a18a3637..000000000 --- a/security/sandbox/chromium-shim/base/third_party/nspr/prtime.h +++ /dev/null @@ -1,8 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// Grab the copy from in our tree -#include "pr/include/prtime.h" diff --git a/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h b/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h deleted file mode 100644 index 6aec5e08f..000000000 --- a/security/sandbox/chromium-shim/base/third_party/nspr/prtypes.h +++ /dev/null @@ -1,8 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// Grab the copy from in our tree -#include "pr/include/prtypes.h" diff --git a/security/sandbox/chromium-shim/base/tracked_objects.h b/security/sandbox/chromium-shim/base/tracked_objects.h deleted file mode 100644 index 837705ee9..000000000 --- a/security/sandbox/chromium-shim/base/tracked_objects.h +++ /dev/null @@ -1,19 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef _SECURITY_SANDBOX_TRACKED_OBJECTS_H_ -#define _SECURITY_SANDBOX_TRACKED_OBJECTS_H_ -namespace tracked_objects -{ - class ThreadData - { - public: - static void InitializeThreadContext(const std::string& name) - { - } - }; -} -#endif diff --git a/security/sandbox/chromium-shim/base/win/registry.h b/security/sandbox/chromium-shim/base/win/registry.h deleted file mode 100644 index 9fba57277..000000000 --- a/security/sandbox/chromium-shim/base/win/registry.h +++ /dev/null @@ -1,34 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// This is a stripped down version of Chromium source file base/win/registry.h -// Within our copy of Chromium files this is only used in base/win/windows_version.cc -// in OSInfo::processor_model_name, which we don't use. - -#ifndef BASE_WIN_REGISTRY_H_ -#define BASE_WIN_REGISTRY_H_ - -namespace base { -namespace win { - -class BASE_EXPORT RegKey { - public: - RegKey(HKEY rootkey, const wchar_t* subkey, REGSAM access) {} - ~RegKey() {} - - LONG ReadValue(const wchar_t* name, std::wstring* out_value) const - { - return 0; - } - - private: - DISALLOW_COPY_AND_ASSIGN(RegKey); -}; - -} // namespace win -} // namespace base - -#endif // BASE_WIN_REGISTRY_H_ diff --git a/security/sandbox/chromium-shim/base/win/sdkdecls.h b/security/sandbox/chromium-shim/base/win/sdkdecls.h deleted file mode 100644 index e999ab967..000000000 --- a/security/sandbox/chromium-shim/base/win/sdkdecls.h +++ /dev/null @@ -1,191 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ -#define _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ - -#include - -// This file contains definitions required for things dynamically loaded -// while building or targetting lower platform versions or lower SDKs. - -#if (_WIN32_WINNT < 0x0600) -typedef struct _STARTUPINFOEXA { - STARTUPINFOA StartupInfo; - LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; -} STARTUPINFOEXA, *LPSTARTUPINFOEXA; -typedef struct _STARTUPINFOEXW { - STARTUPINFOW StartupInfo; - LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; -} STARTUPINFOEXW, *LPSTARTUPINFOEXW; -#ifdef UNICODE -typedef STARTUPINFOEXW STARTUPINFOEX; -typedef LPSTARTUPINFOEXW LPSTARTUPINFOEX; -#else -typedef STARTUPINFOEXA STARTUPINFOEX; -typedef LPSTARTUPINFOEXA LPSTARTUPINFOEX; -#endif // UNICODE - -#define PROC_THREAD_ATTRIBUTE_NUMBER 0x0000FFFF -#define PROC_THREAD_ATTRIBUTE_THREAD 0x00010000 // Attribute may be used with thread creation -#define PROC_THREAD_ATTRIBUTE_INPUT 0x00020000 // Attribute is input only -#define PROC_THREAD_ATTRIBUTE_ADDITIVE 0x00040000 // Attribute may be "accumulated," e.g. bitmasks, counters, etc. - -#define ProcThreadAttributeValue(Number, Thread, Input, Additive) \ - (((Number) & PROC_THREAD_ATTRIBUTE_NUMBER) | \ - ((Thread != FALSE) ? PROC_THREAD_ATTRIBUTE_THREAD : 0) | \ - ((Input != FALSE) ? PROC_THREAD_ATTRIBUTE_INPUT : 0) | \ - ((Additive != FALSE) ? PROC_THREAD_ATTRIBUTE_ADDITIVE : 0)) - -#define ProcThreadAttributeHandleList 2 - -#define PROC_THREAD_ATTRIBUTE_HANDLE_LIST \ - ProcThreadAttributeValue (ProcThreadAttributeHandleList, FALSE, TRUE, FALSE) - -#define PROCESS_DEP_ENABLE 0x00000001 -#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 - -// They dynamically load these, but they still use the functions to describe the -// function pointers! -WINBASEAPI -int -WINAPI -GetUserDefaultLocaleName( - _Out_writes_(cchLocaleName) LPWSTR lpLocaleName, - _In_ int cchLocaleName -); - -WINBASEAPI -BOOL -WINAPI -QueryThreadCycleTime( - _In_ HANDLE ThreadHandle, - _Out_ PULONG64 CycleTime - ); - -#endif // (_WIN32_WINNT >= 0x0600) - -#if (_WIN32_WINNT < 0x0601) -#define ProcThreadAttributeMitigationPolicy 7 -#define PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY \ - ProcThreadAttributeValue (ProcThreadAttributeMitigationPolicy, FALSE, TRUE, FALSE) - -#define PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE 0x01 -#define PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE 0x02 -#define PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE 0x04 -#endif // (_WIN32_WINNT >= 0x0601) - -#if (_WIN32_WINNT < 0x0602) -#define ProcThreadAttributeSecurityCapabilities 9 -#define PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES \ - ProcThreadAttributeValue (ProcThreadAttributeSecurityCapabilities, FALSE, TRUE, FALSE) - -#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_MASK (0x00000003 << 8) -#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_DEFER (0x00000000 << 8) -#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8) -#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8) -#define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8) -#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_MASK (0x00000003 << 12) -#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_DEFER (0x00000000 << 12) -#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12) -#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12) -#define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_RESERVED (0x00000003 << 12) -#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_MASK (0x00000003 << 16) -#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_DEFER (0x00000000 << 16) -#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16) -#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16) -#define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_RESERVED (0x00000003 << 16) -#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_MASK (0x00000003 << 20) -#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_DEFER (0x00000000 << 20) -#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20) -#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20) -#define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_RESERVED (0x00000003 << 20) -#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_MASK (0x00000003 << 24) -#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_DEFER (0x00000000 << 24) -#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24) -#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24) -#define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_RESERVED (0x00000003 << 24) -#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_MASK (0x00000003 << 28) -#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_DEFER (0x00000000 << 28) -#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28) -#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28) -#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_RESERVED (0x00000003 << 28) -#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_MASK (0x00000003ui64 << 32) -#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_DEFER (0x00000000ui64 << 32) -#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001ui64 << 32) -#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002ui64 << 32) -#define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_RESERVED (0x00000003ui64 << 32) - -// Check if we're including >= win8 winnt.h -#ifndef NTDDI_WIN8 - -typedef struct _SECURITY_CAPABILITIES { - PSID AppContainerSid; - PSID_AND_ATTRIBUTES Capabilities; - DWORD CapabilityCount; - DWORD Reserved; -} SECURITY_CAPABILITIES, *PSECURITY_CAPABILITIES, *LPSECURITY_CAPABILITIES; - -typedef enum _PROCESS_MITIGATION_POLICY { - ProcessDEPPolicy, - ProcessASLRPolicy, - ProcessReserved1MitigationPolicy, - ProcessStrictHandleCheckPolicy, - ProcessSystemCallDisablePolicy, - ProcessMitigationOptionsMask, - ProcessExtensionPointDisablePolicy, - MaxProcessMitigationPolicy -} PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY; - -#define LOAD_LIBRARY_SEARCH_DEFAULT_DIRS 0x00001000 - -typedef struct _PROCESS_MITIGATION_ASLR_POLICY { - union { - DWORD Flags; - struct { - DWORD EnableBottomUpRandomization : 1; - DWORD EnableForceRelocateImages : 1; - DWORD EnableHighEntropy : 1; - DWORD DisallowStrippedImages : 1; - DWORD ReservedFlags : 28; - }; - }; -} PROCESS_MITIGATION_ASLR_POLICY, *PPROCESS_MITIGATION_ASLR_POLICY; - -typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { - union { - DWORD Flags; - struct { - DWORD RaiseExceptionOnInvalidHandleReference : 1; - DWORD HandleExceptionsPermanentlyEnabled : 1; - DWORD ReservedFlags : 30; - }; - }; -} PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; - -typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { - union { - DWORD Flags; - struct { - DWORD DisallowWin32kSystemCalls : 1; - DWORD ReservedFlags : 31; - }; - }; -} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; - -typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { - union { - DWORD Flags; - struct { - DWORD DisableExtensionPoints : 1; - DWORD ReservedFlags : 31; - }; - }; -} PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; - -#endif // NTDDI_WIN8 -#endif // (_WIN32_WINNT < 0x0602) -#endif // _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ diff --git a/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h b/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h deleted file mode 100644 index 27b6e5239..000000000 --- a/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h +++ /dev/null @@ -1,98 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef security_sandbox_loggingCallbacks_h__ -#define security_sandbox_loggingCallbacks_h__ - -#include -#include - -#include "mozilla/Logging.h" -#include "mozilla/Preferences.h" -#include "mozilla/sandboxing/loggingTypes.h" -#include "nsContentUtils.h" - -#include "mozilla/StackWalk.h" - -namespace mozilla { - -static LazyLogModule sSandboxTargetLog("SandboxTarget"); - -#define LOG_D(...) MOZ_LOG(sSandboxTargetLog, LogLevel::Debug, (__VA_ARGS__)) - -namespace sandboxing { - -static uint32_t sStackTraceDepth = 0; - -// NS_WalkStackCallback to write a formatted stack frame to an ostringstream. -static void -StackFrameToOStringStream(uint32_t aFrameNumber, void* aPC, void* aSP, - void* aClosure) -{ - std::ostringstream* stream = static_cast(aClosure); - MozCodeAddressDetails details; - char buf[1024]; - MozDescribeCodeAddress(aPC, &details); - MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details); - *stream << std::endl << "--" << buf; - stream->flush(); -} - -// Log to the browser console and, if DEBUG build, stderr. -static void -Log(const char* aMessageType, - const char* aFunctionName, - const char* aContext, - const bool aShouldLogStackTrace = false, - uint32_t aFramesToSkip = 0) -{ - std::ostringstream msgStream; - msgStream << "Process Sandbox " << aMessageType << ": " << aFunctionName; - if (aContext) { - msgStream << " for : " << aContext; - } - - if (aShouldLogStackTrace) { - if (sStackTraceDepth) { - msgStream << std::endl << "Stack Trace:"; - MozStackWalk(StackFrameToOStringStream, aFramesToSkip, sStackTraceDepth, - &msgStream, 0, nullptr); - } - } - - std::string msg = msgStream.str(); -#if defined(DEBUG) - // Use NS_DebugBreak directly as we want child process prefix, but not source - // file or line number. - NS_DebugBreak(NS_DEBUG_WARNING, nullptr, msg.c_str(), nullptr, -1); -#endif - - if (nsContentUtils::IsInitialized()) { - nsContentUtils::LogMessageToConsole(msg.c_str()); - } - - // As we don't always have the facility to log to console use MOZ_LOG as well. - LOG_D("%s", msg.c_str()); -} - -// Initialize sandbox logging if required. -static void -InitLoggingIfRequired(ProvideLogFunctionCb aProvideLogFunctionCb) -{ - if (!aProvideLogFunctionCb) { - return; - } - - if (Preferences::GetBool("security.sandbox.windows.log") || - PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING")) { - aProvideLogFunctionCb(Log); - } -} - -} // sandboxing -} // mozilla - -#endif // security_sandbox_loggingCallbacks_h__ diff --git a/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h b/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h deleted file mode 100644 index c9b74c14e..000000000 --- a/security/sandbox/chromium-shim/sandbox/win/loggingTypes.h +++ /dev/null @@ -1,27 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef security_sandbox_loggingTypes_h__ -#define security_sandbox_loggingTypes_h__ - -#include - -namespace mozilla { -namespace sandboxing { - -// We are using callbacks here that are passed in from the core code to prevent -// a circular dependency in the linking during the build. -typedef void (*LogFunction) (const char* aMessageType, - const char* aFunctionName, - const char* aContext, - const bool aShouldLogStackTrace, - uint32_t aFramesToSkip); -typedef void (*ProvideLogFunctionCb) (LogFunction aLogFunction); - -} // sandboxing -} // mozilla - -#endif // security_sandbox_loggingTypes_h__ diff --git a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp deleted file mode 100644 index fa2314f69..000000000 --- a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "sandboxLogging.h" - -#include "base/strings/utf_string_conversions.h" -#include "sandbox/win/src/sandbox_policy.h" - -namespace mozilla { -namespace sandboxing { - -static LogFunction sLogFunction = nullptr; - -void -ProvideLogFunction(LogFunction aLogFunction) -{ - sLogFunction = aLogFunction; -} - -void -LogBlocked(const char* aFunctionName, const char* aContext, uint32_t aFramesToSkip) -{ - if (sLogFunction) { - sLogFunction("BLOCKED", aFunctionName, aContext, - /* aShouldLogStackTrace */ true, aFramesToSkip); - } -} - -void -LogBlocked(const char* aFunctionName, const wchar_t* aContext) -{ - if (sLogFunction) { - // Skip an extra frame to allow for this function. - LogBlocked(aFunctionName, base::WideToUTF8(aContext).c_str(), - /* aFramesToSkip */ 3); - } -} - -void -LogBlocked(const char* aFunctionName, const wchar_t* aContext, - uint16_t aLengthInBytes) -{ - if (sLogFunction) { - // Skip an extra frame to allow for this function. - LogBlocked(aFunctionName, - base::WideToUTF8(std::wstring(aContext, aLengthInBytes / sizeof(wchar_t))).c_str(), - /* aFramesToSkip */ 3); - } -} - -void -LogAllowed(const char* aFunctionName, const char* aContext) -{ - if (sLogFunction) { - sLogFunction("Broker ALLOWED", aFunctionName, aContext, - /* aShouldLogStackTrace */ false, /* aFramesToSkip */ 0); - } -} - -void -LogAllowed(const char* aFunctionName, const wchar_t* aContext) -{ - if (sLogFunction) { - LogAllowed(aFunctionName, base::WideToUTF8(aContext).c_str()); - } -} - -void -LogAllowed(const char* aFunctionName, const wchar_t* aContext, - uint16_t aLengthInBytes) -{ - if (sLogFunction) { - LogAllowed(aFunctionName, - base::WideToUTF8(std::wstring(aContext, aLengthInBytes / sizeof(wchar_t))).c_str()); - } -} - -} // sandboxing -} // mozilla diff --git a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h b/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h deleted file mode 100644 index 365afa574..000000000 --- a/security/sandbox/chromium-shim/sandbox/win/sandboxLogging.h +++ /dev/null @@ -1,51 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* - * Set of helper methods to implement logging for Windows sandbox. - */ - -#ifndef security_sandbox_sandboxLogging_h__ -#define security_sandbox_sandboxLogging_h__ - -#include "loggingTypes.h" - -namespace sandbox { -class TargetPolicy; -} - -namespace mozilla { -namespace sandboxing { - -// This is used to pass a LogCallback to the sandboxing code, as the logging -// requires code to which we cannot link directly. -void ProvideLogFunction(LogFunction aLogFunction); - -// Log a "BLOCKED" msg to the browser console and, if DEBUG build, stderr. -// If the logging of a stack trace is enabled then the default aFramesToSkip -// will start from our caller's caller, which should normally be the function -// that triggered the interception. -void LogBlocked(const char* aFunctionName, const char* aContext = nullptr, - uint32_t aFramesToSkip = 2); - -// Convenience functions to convert to char*. -void LogBlocked(const char* aFunctionName, const wchar_t* aContext); -void LogBlocked(const char* aFunctionName, const wchar_t* aContext, - uint16_t aLengthInBytes); - -// Log a "ALLOWED" msg to the browser console and, if DEBUG build, stderr. -void LogAllowed(const char* aFunctionName, const char* aContext = nullptr); - -// Convenience functions to convert to char*. -void LogAllowed(const char* aFunctionName, const wchar_t* aContext); -void LogAllowed(const char* aFunctionName, const wchar_t* aContext, - uint16_t aLengthInBytes); - - -} // sandboxing -} // mozilla - -#endif // security_sandbox_sandboxLogging_h__ -- cgit v1.2.3