mozglue/misc/WindowsProcessMitigations.cpp
author David Parks <dparks@mozilla.com>
Mon, 29 Apr 2019 21:07:20 +0000
changeset 471823 17c0c0c8627c4a18f3824a3e62d6e58dbb300ad7
parent 470389 74eb8e5f7143ed073a993df7a3abdce04b58f830
child 486768 20cdaeefd4e13d46282cec4f95aa9392b48f6b94
permissions -rw-r--r--
Bug 1546545: Part 2 - Create empty TrampolineCollection if the process sandbox forbids dynamic code r=aklotz TrampolineCollection iterates over an array of Trampolines that it has set 'write' permissions for. If this happens in a process whose sandbox forbids dynamic code then these permissions cannot be set. This patch detects that condition and returns an empty TrampolineCollection in that case. We ASSERT if we fail to set permissions for any other reason. Differential Revision: https://phabricator.services.mozilla.com/D28613

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "mozilla/DynamicallyLinkedFunctionPtr.h"
#include "mozilla/WindowsProcessMitigations.h"

#include <processthreadsapi.h>

#if (_WIN32_WINNT < 0x0602)
BOOL WINAPI GetProcessMitigationPolicy(
    HANDLE hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, PVOID lpBuffer,
    SIZE_T dwLength);
#endif  // (_WIN32_WINNT < 0x0602)

namespace mozilla {

static const DynamicallyLinkedFunctionPtr<
    decltype(&::GetProcessMitigationPolicy)>&
FetchGetProcessMitigationPolicyFunc() {
  static const DynamicallyLinkedFunctionPtr<decltype(
      &::GetProcessMitigationPolicy)>
      pGetProcessMitigationPolicy(L"kernel32.dll",
                                  "GetProcessMitigationPolicy");
  return pGetProcessMitigationPolicy;
}

MFBT_API bool IsWin32kLockedDown() {
  auto& pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  if (!pGetProcessMitigationPolicy) {
    return false;
  }

  PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY polInfo;
  if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
                                   ProcessSystemCallDisablePolicy, &polInfo,
                                   sizeof(polInfo))) {
    return false;
  }

  return polInfo.DisallowWin32kSystemCalls;
}

MFBT_API bool IsDynamicCodeDisabled() {
  auto& pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  if (!pGetProcessMitigationPolicy) {
    return false;
  }

  PROCESS_MITIGATION_DYNAMIC_CODE_POLICY polInfo;
  if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
                                   ProcessDynamicCodePolicy, &polInfo,
                                   sizeof(polInfo))) {
    return false;
  }

  return polInfo.ProhibitDynamicCode;
}

}  // namespace mozilla