From a472fb1cfcac3170f798c3ddb72fd1d130160ec7 Mon Sep 17 00:00:00 2001 From: "jchaffraix@chromium.org" Date: Wed, 18 Dec 2013 14:40:47 +0000 Subject: [PATCH] Revert 241548 "Chrome browser process DLL blacklist." This is breaking the Win builders (and the blacklist_test is failing on 64 bits). > Chrome browser process DLL blacklist. > > This patch allows for blocking of module loading in the browser process. > It does not actually prevent any modules from loading. > > BUG=329023 > TEST=chrome_elf_unittests > > Review URL: https://codereview.chromium.org/107663008 TBR=robertshield@chromium.org Review URL: https://codereview.chromium.org/107443008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@241568 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/app/chrome_exe_main_win.cc | 5 +- chrome/chrome_exe.gypi | 3 +- chrome_elf/DEPS | 1 - chrome_elf/blacklist.gypi | 60 ---- chrome_elf/blacklist/blacklist.cc | 274 ------------------ chrome_elf/blacklist/blacklist.h | 52 ---- .../blacklist/blacklist_interceptions.cc | 226 --------------- .../blacklist/blacklist_interceptions.h | 33 --- chrome_elf/blacklist/test/blacklist_test.cc | 124 -------- .../blacklist/test/blacklist_test_dll_1.cc | 9 - .../blacklist/test/blacklist_test_dll_1.def | 5 - .../blacklist/test/blacklist_test_dll_2.cc | 19 -- .../blacklist/test/blacklist_test_dll_2.def | 8 - .../blacklist/test/blacklist_test_dll_3.cc | 14 - .../blacklist/test/blacklist_test_dll_3.lib | 1 - .../blacklist/test/blacklist_test_main.cc | 17 -- .../blacklist/test/blacklist_test_main_dll.cc | 17 -- .../test/blacklist_test_main_dll.def | 10 - .../blacklist/test/blacklist_test_main_dll.h | 10 - chrome_elf/chrome_elf.def | 2 +- chrome_elf/chrome_elf.gyp | 23 +- chrome_elf/chrome_elf_main.cc | 14 +- chrome_elf/chrome_elf_main.h | 2 +- .../version_assembly_manifest_action.gypi | 2 +- 24 files changed, 13 insertions(+), 918 deletions(-) delete mode 100644 chrome_elf/blacklist.gypi delete mode 100644 chrome_elf/blacklist/blacklist.cc delete mode 100644 chrome_elf/blacklist/blacklist.h delete mode 100644 chrome_elf/blacklist/blacklist_interceptions.cc delete mode 100644 chrome_elf/blacklist/blacklist_interceptions.h delete mode 100644 chrome_elf/blacklist/test/blacklist_test.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_1.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_1.def delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_2.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_2.def delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_3.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_dll_3.lib delete mode 100644 chrome_elf/blacklist/test/blacklist_test_main.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_main_dll.cc delete mode 100644 chrome_elf/blacklist/test/blacklist_test_main_dll.def delete mode 100644 chrome_elf/blacklist/test/blacklist_test_main_dll.h diff --git a/chrome/app/chrome_exe_main_win.cc b/chrome/app/chrome_exe_main_win.cc index 2dc2c948e54cd2..68a2519a1be3eb 100644 --- a/chrome/app/chrome_exe_main_win.cc +++ b/chrome/app/chrome_exe_main_win.cc @@ -128,8 +128,9 @@ int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev, wchar_t*, int) { if (AttemptFastNotify(*CommandLine::ForCurrentProcess())) return 0; - // Signal Chrome Elf that Chrome has begun to start. - SignalChromeElf(); + // The purpose of this call is to force the addition of an entry in the IAT + // for chrome_elf.dll to force a load time dependency. + InitChromeElf(); MetroDriver metro_driver; if (metro_driver.in_metro_mode()) diff --git a/chrome/chrome_exe.gypi b/chrome/chrome_exe.gypi index c8f9ceff6911c1..abd63a3c7d6663 100644 --- a/chrome/chrome_exe.gypi +++ b/chrome/chrome_exe.gypi @@ -465,8 +465,6 @@ }], ['OS=="win"', { 'dependencies': [ - # Note that chrome_elf must be listed first. Do not reorder it. - '../chrome_elf/chrome_elf.gyp:chrome_elf', 'chrome_dll', 'chrome_nacl_win64', 'chrome_process_finder', @@ -476,6 +474,7 @@ '../base/base.gyp:base', '../breakpad/breakpad.gyp:breakpad_handler', '../breakpad/breakpad.gyp:breakpad_sender', + '../chrome_elf/chrome_elf.gyp:chrome_elf', '../components/components.gyp:breakpad_component', '../components/components.gyp:policy', '../sandbox/sandbox.gyp:sandbox', diff --git a/chrome_elf/DEPS b/chrome_elf/DEPS index ec69c8f59a84fc..48e88750d4a4db 100644 --- a/chrome_elf/DEPS +++ b/chrome_elf/DEPS @@ -1,3 +1,2 @@ include_rules = [ - "+sandbox", ] diff --git a/chrome_elf/blacklist.gypi b/chrome_elf/blacklist.gypi deleted file mode 100644 index ab5597d7a1226c..00000000000000 --- a/chrome_elf/blacklist.gypi +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2013 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'targets': [ - { - 'target_name': 'blacklist', - 'type': 'static_library', - 'sources': [ - 'blacklist/blacklist.cc', - 'blacklist/blacklist.h', - 'blacklist/blacklist_interceptions.cc', - 'blacklist/blacklist_interceptions.h', - ], - 'dependencies': [ - # Depend on base_static, but do NOT take a dependency on base.gyp:base - # as that would risk pulling in base's link-time dependencies which - # chrome_elf cannot do. - '../base/base.gyp:base_static', - '../sandbox/sandbox.gyp:sandbox', - ], - }, - { - 'target_name': 'blacklist_test_main_dll', - 'type': 'shared_library', - 'sources': [ - 'blacklist/test/blacklist_test_main_dll.cc', - 'blacklist/test/blacklist_test_main_dll.def', - ], - 'dependencies': [ - '../base/base.gyp:base', - 'blacklist', - ], - }, - { - 'target_name': 'blacklist_test_dll_1', - 'type': 'loadable_module', - 'sources': [ - 'blacklist/test/blacklist_test_dll_1.cc', - 'blacklist/test/blacklist_test_dll_1.def', - ], - }, - { - 'target_name': 'blacklist_test_dll_2', - 'type': 'loadable_module', - 'sources': [ - 'blacklist/test/blacklist_test_dll_2.cc', - 'blacklist/test/blacklist_test_dll_2.def', - ], - }, - { - 'target_name': 'blacklist_test_dll_3', - 'type': 'loadable_module', - 'sources': [ - 'blacklist/test/blacklist_test_dll_3.cc', - ], - }, - ], -} - diff --git a/chrome_elf/blacklist/blacklist.cc b/chrome_elf/blacklist/blacklist.cc deleted file mode 100644 index f87c41a16a36b6..00000000000000 --- a/chrome_elf/blacklist/blacklist.cc +++ /dev/null @@ -1,274 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome_elf/blacklist/blacklist.h" - -#include - -#include "base/basictypes.h" -#include "chrome_elf/blacklist/blacklist_interceptions.h" -#include "sandbox/win/src/interception_internal.h" -#include "sandbox/win/src/internal_types.h" -#include "sandbox/win/src/sandbox_utils.h" -#include "sandbox/win/src/service_resolver.h" - -// http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx -extern "C" IMAGE_DOS_HEADER __ImageBase; - -namespace blacklist{ - -const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; -int g_troublesome_dlls_cur_index = 0; - -const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; - -} // namespace blacklist - -// Allocate storage for thunks in a RWX page of this module to save on doing -// an extra allocation at run time. -#if !defined(_WIN64) -// 64-bit images appear to not support writeable and executable pages. -// This would yield compile warning C4330. -// TODO(robertshield): Add 64 bit support. -#pragma section(".crthunk",read,write,execute) -__declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; -#endif - -namespace { - -enum Version { - VERSION_PRE_XP_SP2 = 0, // Not supported. - VERSION_XP_SP2, - VERSION_SERVER_2003, // Also includes XP Pro x64 and Server 2003 R2. - VERSION_VISTA, // Also includes Windows Server 2008. - VERSION_WIN7, // Also includes Windows Server 2008 R2. - VERSION_WIN8, // Also includes Windows Server 2012. - VERSION_WIN8_1, - VERSION_WIN_LAST, // Indicates error condition. -}; - -// Whether a process is running under WOW64 (the wrapper that allows 32-bit -// processes to run on 64-bit versions of Windows). This will return -// WOW64_DISABLED for both "32-bit Chrome on 32-bit Windows" and "64-bit -// Chrome on 64-bit Windows". WOW64_UNKNOWN means "an error occurred", e.g. -// the process does not have sufficient access rights to determine this. -enum WOW64Status { - WOW64_DISABLED, - WOW64_ENABLED, - WOW64_UNKNOWN, -}; - -WOW64Status GetWOW64StatusForCurrentProcess() { - typedef BOOL (WINAPI* IsWow64ProcessFunc)(HANDLE, PBOOL); - IsWow64ProcessFunc is_wow64_process = reinterpret_cast( - GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process")); - if (!is_wow64_process) - return WOW64_DISABLED; - BOOL is_wow64 = FALSE; - if (!(*is_wow64_process)(GetCurrentProcess(), &is_wow64)) - return WOW64_UNKNOWN; - return is_wow64 ? WOW64_ENABLED : WOW64_DISABLED; -} - -class OSInfo { - public: - struct VersionNumber { - int major; - int minor; - int build; - }; - - struct ServicePack { - int major; - int minor; - }; - - OSInfo() { - OSVERSIONINFOEX version_info = { sizeof(version_info) }; - GetVersionEx(reinterpret_cast(&version_info)); - version_number_.major = version_info.dwMajorVersion; - version_number_.minor = version_info.dwMinorVersion; - version_number_.build = version_info.dwBuildNumber; - if ((version_number_.major == 5) && (version_number_.minor > 0)) { - // Treat XP Pro x64, Home Server, and Server 2003 R2 as Server 2003. - version_ = (version_number_.minor == 1) ? VERSION_XP_SP2 : - VERSION_SERVER_2003; - if (version_ == VERSION_XP_SP2 && version_info.wServicePackMajor < 2) - version_ = VERSION_PRE_XP_SP2; - } else if (version_number_.major == 6) { - switch (version_number_.minor) { - case 0: - // Treat Windows Server 2008 the same as Windows Vista. - version_ = VERSION_VISTA; - break; - case 1: - // Treat Windows Server 2008 R2 the same as Windows 7. - version_ = VERSION_WIN7; - break; - case 2: - // Treat Windows Server 2012 the same as Windows 8. - version_ = VERSION_WIN8; - break; - default: - version_ = VERSION_WIN8_1; - break; - } - } else if (version_number_.major > 6) { - version_ = VERSION_WIN_LAST; - } else { - version_ = VERSION_PRE_XP_SP2; - } - - service_pack_.major = version_info.wServicePackMajor; - service_pack_.minor = version_info.wServicePackMinor; - } - - Version version() const { return version_; } - VersionNumber version_number() const { return version_number_; } - ServicePack service_pack() const { return service_pack_; } - - private: - Version version_; - VersionNumber version_number_; - ServicePack service_pack_; - - DISALLOW_COPY_AND_ASSIGN(OSInfo); -}; - -bool IsNonBrowserProcess() { - wchar_t* command_line = GetCommandLine(); - return (command_line && wcsstr(command_line, L"--type")); -} - -} // namespace - -namespace blacklist { - -bool CreateBeacon() { - HKEY beacon_key = NULL; - DWORD disposition = 0; - LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER, - kRegistryBeaconPath, - 0, - NULL, - 0, - KEY_WRITE, - NULL, - &beacon_key, - &disposition); - bool success = (result == ERROR_SUCCESS && - disposition != REG_OPENED_EXISTING_KEY); - if (result == ERROR_SUCCESS) - ::RegCloseKey(beacon_key); - return success; -} - -bool ClearBeacon() { - LONG result = ::RegDeleteKey(HKEY_CURRENT_USER, kRegistryBeaconPath); - return (result == ERROR_SUCCESS); -} - -bool AddDllToBlacklist(const wchar_t* dll_name) { - if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) - return false; - for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { - if (!wcscmp(g_troublesome_dlls[i], dll_name)) - return true; - } - - // Copy string to blacklist. - wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; - wcscpy(str_buffer, dll_name); - - g_troublesome_dlls[g_troublesome_dlls_cur_index] = str_buffer; - g_troublesome_dlls_cur_index++; - return true; -} - -bool RemoveDllFromBlacklist(const wchar_t* dll_name) { - for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { - if (!wcscmp(g_troublesome_dlls[i], dll_name)) { - // Found the thing to remove. Delete it then replace it with the last - // element. - g_troublesome_dlls_cur_index--; - delete[] g_troublesome_dlls[i]; - g_troublesome_dlls[i] = g_troublesome_dlls[g_troublesome_dlls_cur_index]; - g_troublesome_dlls[g_troublesome_dlls_cur_index] = NULL; - return true; - } - } - return false; -} - -bool Initialize(bool force) { -#if defined(_WIN64) - // TODO(robertshield): Implement 64-bit support by providing 64-bit - // interceptors. - return false; -#endif - - // Check to see that we found the functions we need in ntdll. - if (!InitializeInterceptImports()) - return false; - - // Check to see if this is a non-browser process, abort if so. - if (IsNonBrowserProcess()) - return false; - - // Check to see if a beacon is present, abort if so. - if (!force && !CreateBeacon()) - return false; - - // Don't try blacklisting on unsupported OS versions. - OSInfo os_info; - if (os_info.version() <= VERSION_PRE_XP_SP2) - return false; - - // Pseudo-handle, no need to close. - HANDLE current_process = ::GetCurrentProcess(); - - // Tells the resolver to patch already patched functions. - const bool kRelaxed = true; - - // Create a thunk via the appropriate ServiceResolver instance. - sandbox::ServiceResolverThunk* thunk; -#if defined(_WIN64) - // TODO(robertshield): Use the appropriate thunk for 64-bit support - // when said support is implemented. -#else - if (GetWOW64StatusForCurrentProcess() == WOW64_ENABLED) { - if (os_info.version() >= VERSION_WIN8) - thunk = new sandbox::Wow64W8ResolverThunk(current_process, kRelaxed); - else - thunk = new sandbox::Wow64ResolverThunk(current_process, kRelaxed); - } else if (os_info.version() >= VERSION_WIN8) { - thunk = new sandbox::Win8ResolverThunk(current_process, kRelaxed); - } else { - thunk = new sandbox::ServiceResolverThunk(current_process, kRelaxed); - } -#endif - -#if defined(_WIN64) - BYTE* thunk_storage = new BYTE[sizeof(sandbox::ThunkData)]; -#else - BYTE* thunk_storage = reinterpret_cast(&g_thunk_storage); -#endif - - thunk->AllowLocalPatches(); - - // Get ntdll base, target name, interceptor address, - NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName), - reinterpret_cast(&__ImageBase), - "NtMapViewOfSection", - NULL, - &blacklist::BlNtMapViewOfSection, - thunk_storage, - sizeof(sandbox::ThunkData), - NULL); - - delete thunk; - return NT_SUCCESS(ret); -} - -} // namespace blacklist diff --git a/chrome_elf/blacklist/blacklist.h b/chrome_elf/blacklist/blacklist.h deleted file mode 100644 index 5787ddd1421315..00000000000000 --- a/chrome_elf/blacklist/blacklist.h +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_BLACKLIST_BLACKLIST_H_ -#define CHROME_ELF_BLACKLIST_BLACKLIST_H_ - -namespace blacklist { - -// Max size of the DLL blacklist. -const int kTroublesomeDllsMaxCount = 64; - -// The DLL blacklist. -extern const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount]; - -// Cursor to the current last element in the blacklist. -extern int g_troublesome_dlls_cur_index; - -// The registry path of the blacklist beacon. Exposed here for testing. -extern const wchar_t kRegistryBeaconPath[]; - -// Attempts to create a beacon in the current user's registry hive. -// If the beacon already exists or any other error occurs when creating the -// beacon, returns false. Otherwise returns true. -// The intent of the beacon is to act as an extra failure mode protection -// whereby if Chrome for some reason fails to start during blacklist setup, -// it will skip blacklisting on the subsequent run. -bool CreateBeacon(); - -// Looks for the beacon that CreateBeacon() creates and attempts to delete it. -// Returns true if the beacon was found and deleted. -bool ClearBeacon(); - -// Adds the given dll name to the blacklist. Returns true if the dll name is in -// the blacklist when this returns, false on error. Note that this will copy -// |dll_name| and will leak it on exit if the string is not subsequently removed -// using RemoveDllFromBlacklist. -extern "C" bool AddDllToBlacklist(const wchar_t* dll_name); - -// Removes the given dll name from the blacklist. Returns true if it was -// removed, false on error. -extern "C" bool RemoveDllFromBlacklist(const wchar_t* dll_name); - -// Initializes the DLL blacklist in the current process. This should be called -// before any undesirable DLLs might be loaded. If |force| is set to true, then -// initialization will take place even if a beacon is present. This is useful -// for tests. -bool Initialize(bool force); - -} // namespace blacklist - -#endif // CHROME_ELF_BLACKLIST_BLACKLIST_H_ diff --git a/chrome_elf/blacklist/blacklist_interceptions.cc b/chrome_elf/blacklist/blacklist_interceptions.cc deleted file mode 100644 index 477fc1dc41683d..00000000000000 --- a/chrome_elf/blacklist/blacklist_interceptions.cc +++ /dev/null @@ -1,226 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Implementation of NtMapViewOfSection intercept for 32 bit builds. -// -// TODO(robertshield): Implement the 64 bit intercept. - -#include "chrome_elf/blacklist/blacklist_interceptions.h" - -#include -#include - -// Note that only #includes from base that are either header-only or built into -// base_static (see base/base.gyp) are allowed here. -#include "base/basictypes.h" -#include "base/strings/string16.h" -#include "base/win/pe_image.h" -#include "chrome_elf/blacklist/blacklist.h" -#include "sandbox/win/src/internal_types.h" -#include "sandbox/win/src/nt_internals.h" -#include "sandbox/win/src/sandbox_nt_util.h" -#include "sandbox/win/src/sandbox_types.h" - -namespace { - -NtQuerySectionFunction g_nt_query_section_func = NULL; -NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; -NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; - -// TODO(robertshield): Merge with ntdll exports cache. -FARPROC GetNtDllExportByName(const char* export_name) { - HMODULE ntdll = ::GetModuleHandle(sandbox::kNtdllName); - return ::GetProcAddress(ntdll, export_name); -} - -bool DllMatch(const string16& module_name) { - for (int i = 0; i < blacklist::g_troublesome_dlls_cur_index; ++i) { - if (module_name == blacklist::g_troublesome_dlls[i]) - return true; - } - return false; -} - -// TODO(robertshield): Some of the helper functions below overlap somewhat with -// code in sandbox_nt_util.cc. See if they can be unified. - -// Native reimplementation of PSAPIs GetMappedFileName. -string16 GetBackingModuleFilePath(PVOID address) { - DCHECK_NT(g_nt_query_virtual_memory_func); - - // We'll start with something close to max_path characters for the name. - ULONG buffer_bytes = MAX_PATH * 2; - std::vector buffer_data(buffer_bytes); - - for (;;) { - MEMORY_SECTION_NAME* section_name = - reinterpret_cast(&buffer_data[0]); - - if (!section_name) - break; - - ULONG returned_bytes; - NTSTATUS ret = g_nt_query_virtual_memory_func( - NtCurrentProcess, address, MemorySectionName, section_name, - buffer_bytes, &returned_bytes); - - if (STATUS_BUFFER_OVERFLOW == ret) { - // Retry the call with the given buffer size. - buffer_bytes = returned_bytes + 1; - buffer_data.resize(buffer_bytes); - section_name = NULL; - continue; - } - if (!NT_SUCCESS(ret)) - break; - - UNICODE_STRING* section_string = - reinterpret_cast(section_name); - return string16(section_string->Buffer, - section_string->Length / sizeof(wchar_t)); - } - - return string16(); -} - -bool IsModuleValidImageSection(HANDLE section, - PVOID *base, - PLARGE_INTEGER offset, - PSIZE_T view_size) { - DCHECK_NT(g_nt_query_section_func); - - if (!section || !base || !view_size || offset) - return false; - - SECTION_BASIC_INFORMATION basic_info; - SIZE_T bytes_returned; - NTSTATUS ret = g_nt_query_section_func(section, SectionBasicInformation, - &basic_info, sizeof(basic_info), - &bytes_returned); - - if (!NT_SUCCESS(ret) || sizeof(basic_info) != bytes_returned) - return false; - - if (!(basic_info.Attributes & SEC_IMAGE)) - return false; - - return true; -} - -string16 ExtractLoadedModuleName(const string16& module_path) { - if (module_path.empty() || module_path[module_path.size() - 1] == L'\\') - return string16(); - - size_t sep = module_path.find_last_of(L'\\'); - if (sep == string16::npos) - return module_path; - else - return module_path.substr(sep+1); -} - -// Fills |out_name| with the image name from the given |pe| image and |flags| -// with additional info about the image. -void SafeGetImageInfo(const base::win::PEImage& pe, - std::string* out_name, - uint32* flags) { - out_name->clear(); - out_name->reserve(MAX_PATH); - *flags = 0; - __try { - if (pe.VerifyMagic()) { - *flags |= sandbox::MODULE_IS_PE_IMAGE; - - PIMAGE_EXPORT_DIRECTORY exports = pe.GetExportDirectory(); - if (exports) { - char* image_name = reinterpret_cast(pe.RVAToAddr(exports->Name)); - size_t i = 0; - for (; i < MAX_PATH && *image_name; ++i, ++image_name) - out_name->push_back(*image_name); - } - - PIMAGE_NT_HEADERS headers = pe.GetNTHeaders(); - if (headers) { - if (headers->OptionalHeader.AddressOfEntryPoint) - *flags |= sandbox::MODULE_HAS_ENTRY_POINT; - if (headers->OptionalHeader.SizeOfCode) - *flags |= sandbox::MODULE_HAS_CODE; - } - } - } __except(GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ? - EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH) { - out_name->clear(); - } -} - -string16 GetImageInfoFromLoadedModule(HMODULE module, uint32* flags) { - std::string out_name; - base::win::PEImage pe(module); - SafeGetImageInfo(pe, &out_name, flags); - return string16(out_name.begin(), out_name.end()); -} - -} // namespace - -namespace blacklist { - -bool InitializeInterceptImports() { - g_nt_query_section_func = reinterpret_cast( - GetNtDllExportByName("NtQuerySection")); - g_nt_query_virtual_memory_func = - reinterpret_cast( - GetNtDllExportByName("NtQueryVirtualMemory")); - g_nt_unmap_view_of_section_func = - reinterpret_cast( - GetNtDllExportByName("NtUnmapViewOfSection")); - - return g_nt_query_section_func && g_nt_query_virtual_memory_func && - g_nt_unmap_view_of_section_func; -} - -SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( - NtMapViewOfSectionFunction orig_MapViewOfSection, - HANDLE section, - HANDLE process, - PVOID *base, - ULONG_PTR zero_bits, - SIZE_T commit_size, - PLARGE_INTEGER offset, - PSIZE_T view_size, - SECTION_INHERIT inherit, - ULONG allocation_type, - ULONG protect) { - NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits, - commit_size, offset, view_size, inherit, - allocation_type, protect); - - if (!NT_SUCCESS(ret) || !sandbox::IsSameProcess(process) || - !IsModuleValidImageSection(section, base, offset, view_size)) { - return ret; - } - - HMODULE module = reinterpret_cast(*base); - if (module) { - UINT image_flags; - - string16 module_name(GetImageInfoFromLoadedModule( - reinterpret_cast(*base), &image_flags)); - string16 file_name(GetBackingModuleFilePath(*base)); - - if (module_name.empty() && (image_flags & sandbox::MODULE_HAS_CODE)) { - // If the module has no exports we retrieve the module name from the - // full path of the mapped section. - module_name = ExtractLoadedModuleName(file_name); - } - - if (!module_name.empty() && DllMatch(module_name)) { - DCHECK_NT(g_nt_unmap_view_of_section_func); - g_nt_unmap_view_of_section_func(process, *base); - ret = STATUS_UNSUCCESSFUL; - } - - } - return ret; -} - -} // namespace blacklist diff --git a/chrome_elf/blacklist/blacklist_interceptions.h b/chrome_elf/blacklist/blacklist_interceptions.h deleted file mode 100644 index dfb4495c413171..00000000000000 --- a/chrome_elf/blacklist/blacklist_interceptions.h +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_BLACKLIST_BLACKLIST_INTERCEPTIONS_H_ -#define CHROME_ELF_BLACKLIST_BLACKLIST_INTERCEPTIONS_H_ - -#include "sandbox/win/src/nt_internals.h" -#include "sandbox/win/src/sandbox_types.h" - -namespace blacklist { - -bool InitializeInterceptImports(); - -// Interception of NtMapViewOfSection within the current process. -// It should never be called directly. This function provides the means to -// detect dlls being loaded, so we can patch them if needed. -SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( - NtMapViewOfSectionFunction orig_MapViewOfSection, - HANDLE section, - HANDLE process, - PVOID *base, - ULONG_PTR zero_bits, - SIZE_T commit_size, - PLARGE_INTEGER offset, - PSIZE_T view_size, - SECTION_INHERIT inherit, - ULONG allocation_type, - ULONG protect); - -} // namespace blacklist - -#endif // CHROME_ELF_BLACKLIST_BLACKLIST_INTERCEPTIONS_H_ diff --git a/chrome_elf/blacklist/test/blacklist_test.cc b/chrome_elf/blacklist/test/blacklist_test.cc deleted file mode 100644 index b0b428b6723a8e..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test.cc +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "base/environment.h" -#include "base/files/file_path.h" -#include "base/files/scoped_temp_dir.h" -#include "base/path_service.h" -#include "base/scoped_native_library.h" -#include "base/strings/string16.h" -#include "base/strings/string_number_conversions.h" -#include "base/strings/utf_string_conversions.h" -#include "base/test/test_reg_util_win.h" -#include "chrome_elf/blacklist/blacklist.h" -#include "chrome_elf/blacklist/test/blacklist_test_main_dll.h" -#include "testing/gtest/include/gtest/gtest.h" - -const wchar_t kTestDllName1[] = L"blacklist_test_dll_1.dll"; -const wchar_t kTestDllName2[] = L"blacklist_test_dll_2.dll"; -const wchar_t kTestDllName3[] = L"blacklist_test_dll_3.dll"; - -const wchar_t kDll2Beacon[] = L"{F70A0100-2889-4629-9B44-610FE5C73231}"; -const wchar_t kDll3Beacon[] = L"{9E056AEC-169E-400c-B2D0-5A07E3ACE2EB}"; - -extern const wchar_t* kEnvVars[]; - -extern "C" { -// When modifying the blacklist in the test process, use the exported test dll -// functions on the test blacklist dll, not the ones linked into the test -// executable itself. -__declspec(dllimport) void TestDll_AddDllToBlacklist(const wchar_t* dll_name); -__declspec(dllimport) void TestDll_RemoveDllFromBlacklist( - const wchar_t* dll_name); -} - -class BlacklistTest : public testing::Test { - virtual void SetUp() { - // Force an import from blacklist_test_main_dll. - InitBlacklistTestDll(); - - // Ensure that the beacon state starts off cleared. - blacklist::ClearBeacon(); - } - - virtual void TearDown() { - TestDll_RemoveDllFromBlacklist(kTestDllName1); - TestDll_RemoveDllFromBlacklist(kTestDllName2); - } -}; - -TEST_F(BlacklistTest, Beacon) { - registry_util::RegistryOverrideManager override_manager; - override_manager.OverrideRegistry(HKEY_CURRENT_USER, L"beacon_test"); - - // First call should succeed as the beacon is newly created. - EXPECT_TRUE(blacklist::CreateBeacon()); - - // Second call should fail indicating the beacon already existed. - EXPECT_FALSE(blacklist::CreateBeacon()); - - // First call should find the beacon and delete it. - EXPECT_TRUE(blacklist::ClearBeacon()); - - // Second call should fail to find the beacon and delete it. - EXPECT_FALSE(blacklist::ClearBeacon()); -} - -TEST_F(BlacklistTest, AddAndRemoveModules) { - EXPECT_TRUE(blacklist::AddDllToBlacklist(L"foo.dll")); - // Adding the same item twice should be idempotent. - EXPECT_TRUE(blacklist::AddDllToBlacklist(L"foo.dll")); - EXPECT_TRUE(blacklist::RemoveDllFromBlacklist(L"foo.dll")); - EXPECT_FALSE(blacklist::RemoveDllFromBlacklist(L"foo.dll")); - - std::vector added_dlls; - added_dlls.reserve(blacklist::kTroublesomeDllsMaxCount); - for (int i = 0; i < blacklist::kTroublesomeDllsMaxCount; ++i) { - added_dlls.push_back(base::IntToString16(i) + L".dll"); - EXPECT_TRUE(blacklist::AddDllToBlacklist(added_dlls[i].c_str())) << i; - } - EXPECT_FALSE(blacklist::AddDllToBlacklist(L"overflow.dll")); - for (int i = 0; i < blacklist::kTroublesomeDllsMaxCount; ++i) { - EXPECT_TRUE(blacklist::RemoveDllFromBlacklist(added_dlls[i].c_str())) << i; - } - EXPECT_FALSE(blacklist::RemoveDllFromBlacklist(L"0.dll")); - EXPECT_FALSE(blacklist::RemoveDllFromBlacklist(L"63.dll")); -} - -TEST_F(BlacklistTest, LoadBlacklistedLibrary) { - base::FilePath current_dir; - ASSERT_TRUE(PathService::Get(base::DIR_EXE, ¤t_dir)); - - // Test that an un-blacklisted DLL can load correctly. - base::ScopedNativeLibrary dll1(current_dir.Append(kTestDllName1)); - EXPECT_TRUE(dll1.is_valid()); - dll1.Reset(NULL); - - struct TestData { - const wchar_t* dll_name; - const wchar_t* dll_beacon; - } test_data[] = { - { kTestDllName2, kDll2Beacon }, - { kTestDllName3, kDll3Beacon } - }; - for (int i = 0 ; i < arraysize(test_data); ++i) { - // Add the DLL to the blacklist, ensure that it is not loaded both by - // inspecting the handle returned by LoadLibrary and by looking for an - // environment variable that is set when the DLL's entry point is called. - TestDll_AddDllToBlacklist(test_data[i].dll_name); - base::ScopedNativeLibrary dll_blacklisted( - current_dir.Append(test_data[i].dll_name)); - EXPECT_FALSE(dll_blacklisted.is_valid()); - EXPECT_EQ(0u, ::GetEnvironmentVariable(test_data[i].dll_beacon, NULL, 0)); - dll_blacklisted.Reset(NULL); - - // Remove the DLL from the blacklist. Ensure that it loads and that its - // entry point was called. - TestDll_RemoveDllFromBlacklist(test_data[i].dll_name); - base::ScopedNativeLibrary dll(current_dir.Append(test_data[i].dll_name)); - EXPECT_TRUE(dll.is_valid()); - EXPECT_NE(0u, ::GetEnvironmentVariable(test_data[i].dll_beacon, NULL, 0)); - dll.Reset(NULL); - } -} diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_1.cc b/chrome_elf/blacklist/test/blacklist_test_dll_1.cc deleted file mode 100644 index a4e414d5210db7..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_1.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include - -BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - return TRUE; -} diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_1.def b/chrome_elf/blacklist/test/blacklist_test_dll_1.def deleted file mode 100644 index fc7b7be0e392c7..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_1.def +++ /dev/null @@ -1,5 +0,0 @@ -; Copyright 2013 The Chromium Authors. All rights reserved. -; Use of this source code is governed by a BSD-style license that can be -; found in the LICENSE file. - -LIBRARY "blacklist_test_dll_1.dll" diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_2.cc b/chrome_elf/blacklist/test/blacklist_test_dll_2.cc deleted file mode 100644 index 7a4a7dc4905756..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_2.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include - -const wchar_t kDll2Beacon[] = L"{F70A0100-2889-4629-9B44-610FE5C73231}"; - -extern "C" { -// Have a dummy export so that the module gets an export table entry. -void DummyExport() {} -} - -BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - if (reason == DLL_PROCESS_ATTACH) { - ::SetEnvironmentVariable(kDll2Beacon, L"1"); - } - return TRUE; -} diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_2.def b/chrome_elf/blacklist/test/blacklist_test_dll_2.def deleted file mode 100644 index 2cc122f04de796..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_2.def +++ /dev/null @@ -1,8 +0,0 @@ -; Copyright 2013 The Chromium Authors. All rights reserved. -; Use of this source code is governed by a BSD-style license that can be -; found in the LICENSE file. - -LIBRARY "blacklist_test_dll_2.dll" - -EXPORTS - DummyExport diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_3.cc b/chrome_elf/blacklist/test/blacklist_test_dll_3.cc deleted file mode 100644 index b4a69590e801ad..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_3.cc +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include - -const wchar_t kDll3Beacon[] = L"{9E056AEC-169E-400c-B2D0-5A07E3ACE2EB}"; - -BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - if (reason == DLL_PROCESS_ATTACH) { - ::SetEnvironmentVariable(kDll3Beacon, L"1"); - } - return TRUE; -} diff --git a/chrome_elf/blacklist/test/blacklist_test_dll_3.lib b/chrome_elf/blacklist/test/blacklist_test_dll_3.lib deleted file mode 100644 index 7ab9a11198b35f..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_dll_3.lib +++ /dev/null @@ -1 +0,0 @@ -LIBRARY "blacklist_test_dll_2.dll" diff --git a/chrome_elf/blacklist/test/blacklist_test_main.cc b/chrome_elf/blacklist/test/blacklist_test_main.cc deleted file mode 100644 index c84b5ade684f53..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_main.cc +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "base/at_exit.h" -#include "chrome_elf/blacklist/test/blacklist_test_main_dll.h" -#include "testing/gtest/include/gtest/gtest.h" - -int main(int argc, char** argv) { - testing::InitGoogleTest(&argc, argv); - - base::AtExitManager at_exit_manager; - - InitBlacklistTestDll(); - - RUN_ALL_TESTS(); -} diff --git a/chrome_elf/blacklist/test/blacklist_test_main_dll.cc b/chrome_elf/blacklist/test/blacklist_test_main_dll.cc deleted file mode 100644 index 54e5eb8af96db9..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_main_dll.cc +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include - -#include "chrome_elf/blacklist/blacklist.h" - -extern "C" void InitBlacklistTestDll() {} - -BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - if (reason == DLL_PROCESS_ATTACH) { - blacklist::Initialize(true); // force always on, no beacon - } - - return TRUE; -} diff --git a/chrome_elf/blacklist/test/blacklist_test_main_dll.def b/chrome_elf/blacklist/test/blacklist_test_main_dll.def deleted file mode 100644 index 63522a0ed74566..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_main_dll.def +++ /dev/null @@ -1,10 +0,0 @@ -; Copyright 2013 The Chromium Authors. All rights reserved. -; Use of this source code is governed by a BSD-style license that can be -; found in the LICENSE file. - -LIBRARY "blacklist_test_main_dll.dll" - -EXPORTS - TestDll_AddDllToBlacklist=AddDllToBlacklist - TestDll_RemoveDllFromBlacklist=RemoveDllFromBlacklist - InitBlacklistTestDll diff --git a/chrome_elf/blacklist/test/blacklist_test_main_dll.h b/chrome_elf/blacklist/test/blacklist_test_main_dll.h deleted file mode 100644 index a004f9b2f0d208..00000000000000 --- a/chrome_elf/blacklist/test/blacklist_test_main_dll.h +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_BLACKLIST_TEST_BLACKLIST_TEST_MAIN_DLL_H_ -#define CHROME_ELF_BLACKLIST_TEST_BLACKLIST_TEST_MAIN_DLL_H_ - -extern "C" void InitBlacklistTestDll(); - -#endif // CHROME_ELF_BLACKLIST_TEST_BLACKLIST_TEST_MAIN_DLL_H_ diff --git a/chrome_elf/chrome_elf.def b/chrome_elf/chrome_elf.def index d7d4c9cd9b3a8d..d3ca82f80d25fd 100644 --- a/chrome_elf/chrome_elf.def +++ b/chrome_elf/chrome_elf.def @@ -5,4 +5,4 @@ LIBRARY "chrome_elf.dll" EXPORTS - SignalChromeElf + InitChromeElf diff --git a/chrome_elf/chrome_elf.gyp b/chrome_elf/chrome_elf.gyp index b0193ba4e8fea6..cf0a0e95d68545 100644 --- a/chrome_elf/chrome_elf.gyp +++ b/chrome_elf/chrome_elf.gyp @@ -8,7 +8,6 @@ 'includes': [ '../build/win_precompile.gypi', '../chrome/version.gypi', - 'blacklist.gypi', ], 'targets': [ { @@ -23,7 +22,6 @@ 'chrome_elf_main.h', ], 'dependencies': [ - 'blacklist', 'chrome_elf_lib', ], 'msvs_settings': { @@ -31,14 +29,6 @@ 'BaseAddress': '0x01c20000', # Set /SUBSYSTEM:WINDOWS for chrome_elf.dll (for consistency). 'SubSystem': '2', - # Exclude explicitly unwanted libraries from the link line. - 'IgnoreAllDefaultLibraries': 'true', - 'AdditionalDependencies!': [ - 'user32.lib', - ], - 'IgnoreDefaultLibraryNames': [ - 'user32.lib', - ], }, }, }, @@ -46,7 +36,6 @@ 'target_name': 'chrome_elf_unittests', 'type': 'executable', 'sources': [ - 'blacklist/test/blacklist_test.cc', 'ntdll_cache_unittest.cc', ], 'include_dirs': [ @@ -54,16 +43,8 @@ ], 'dependencies': [ 'chrome_elf_lib', - '../base/base.gyp:base', - '../base/base.gyp:run_all_unittests', - '../base/base.gyp:test_support_base', - '../sandbox/sandbox.gyp:sandbox', - '../testing/gtest.gyp:gtest', - 'blacklist', - 'blacklist_test_dll_1', - 'blacklist_test_dll_2', - 'blacklist_test_dll_3', - 'blacklist_test_main_dll', + '<(DEPTH)/base/base.gyp:run_all_unittests', + '<(DEPTH)/testing/gtest.gyp:gtest', ], }, { diff --git a/chrome_elf/chrome_elf_main.cc b/chrome_elf/chrome_elf_main.cc index 9ad8299274437b..4291430970496b 100644 --- a/chrome_elf/chrome_elf_main.cc +++ b/chrome_elf/chrome_elf_main.cc @@ -6,21 +6,15 @@ #include "chrome_elf/chrome_elf_main.h" -#include "chrome_elf/blacklist/blacklist.h" #include "chrome_elf/ntdll_cache.h" -void SignalChromeElf() { - blacklist::ClearBeacon(); +void InitChromeElf() { + // This method is a no-op which may be called to force a load-time dependency + // on chrome_elf.dll. } BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - if (reason == DLL_PROCESS_ATTACH) { + if (reason == DLL_PROCESS_ATTACH) InitCache(); - blacklist::Initialize(false); // Don't force, abort if beacon is present. - - // TODO(csharp): Move additions to the DLL blacklist to a sane place. - // blacklist::AddDllToBlacklist(L"foo.dll"); - } - return TRUE; } diff --git a/chrome_elf/chrome_elf_main.h b/chrome_elf/chrome_elf_main.h index 52bf067a5792f8..7d02ddd9912f00 100644 --- a/chrome_elf/chrome_elf_main.h +++ b/chrome_elf/chrome_elf_main.h @@ -5,6 +5,6 @@ #ifndef CHROME_ELF_CHROME_ELF_MAIN_H_ #define CHROME_ELF_CHROME_ELF_MAIN_H_ -extern "C" void SignalChromeElf(); +extern "C" void InitChromeElf(); #endif // CHROME_ELF_CHROME_ELF_MAIN_H_ diff --git a/chrome_elf/version_assembly_manifest_action.gypi b/chrome_elf/version_assembly_manifest_action.gypi index 37c2015425376d..9c443153321d52 100644 --- a/chrome_elf/version_assembly_manifest_action.gypi +++ b/chrome_elf/version_assembly_manifest_action.gypi @@ -34,4 +34,4 @@ '<@(_outputs)', ], 'message': 'Generating <@(_outputs)', -} +} \ No newline at end of file