1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/strings/stringprintf.h"
6 #include "base/win/scoped_handle.h"
8 #include "base/win/windows_version.h"
9 #include "sandbox/win/src/nt_internals.h"
10 #include "sandbox/win/src/process_mitigations.h"
11 #include "sandbox/win/src/sandbox.h"
12 #include "sandbox/win/src/sandbox_factory.h"
13 #include "sandbox/win/src/target_services.h"
14 #include "sandbox/win/src/win_utils.h"
15 #include "sandbox/win/tests/common/controller.h"
16 #include "testing/gtest/include/gtest/gtest.h"
20 typedef BOOL (WINAPI
*GetProcessDEPPolicyFunction
)(
25 typedef BOOL (WINAPI
*GetProcessMitigationPolicyFunction
)(
27 PROCESS_MITIGATION_POLICY mitigation_policy
,
31 GetProcessMitigationPolicyFunction get_process_mitigation_policy
;
33 bool CheckWin8DepPolicy() {
34 PROCESS_MITIGATION_DEP_POLICY policy
= {};
35 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessDEPPolicy
,
36 &policy
, sizeof(policy
))) {
39 return policy
.Enable
&& policy
.Permanent
;
43 bool CheckWin8AslrPolicy() {
44 PROCESS_MITIGATION_ASLR_POLICY policy
= {};
45 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy
,
46 &policy
, sizeof(policy
))) {
49 return policy
.EnableForceRelocateImages
&& policy
.DisallowStrippedImages
;
51 #endif // defined(NDEBUG)
53 bool CheckWin8StrictHandlePolicy() {
54 PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy
= {};
55 if (!get_process_mitigation_policy(::GetCurrentProcess(),
56 ProcessStrictHandleCheckPolicy
,
57 &policy
, sizeof(policy
))) {
60 return policy
.RaiseExceptionOnInvalidHandleReference
&&
61 policy
.HandleExceptionsPermanentlyEnabled
;
64 bool CheckWin8Win32CallPolicy() {
65 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy
= {};
66 if (!get_process_mitigation_policy(::GetCurrentProcess(),
67 ProcessSystemCallDisablePolicy
,
68 &policy
, sizeof(policy
))) {
71 return policy
.DisallowWin32kSystemCalls
;
74 bool CheckWin8DllExtensionPolicy() {
75 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy
= {};
76 if (!get_process_mitigation_policy(::GetCurrentProcess(),
77 ProcessExtensionPointDisablePolicy
,
78 &policy
, sizeof(policy
))) {
81 return policy
.DisableExtensionPoints
;
88 SBOX_TESTS_COMMAND
int CheckWin8(int argc
, wchar_t **argv
) {
89 get_process_mitigation_policy
=
90 reinterpret_cast<GetProcessMitigationPolicyFunction
>(
91 ::GetProcAddress(::GetModuleHandleW(L
"kernel32.dll"),
92 "GetProcessMitigationPolicy"));
93 if (!get_process_mitigation_policy
)
94 return SBOX_TEST_NOT_FOUND
;
96 #if !defined(_WIN64) // DEP is always enabled on 64-bit.
97 if (!CheckWin8DepPolicy())
98 return SBOX_TEST_FIRST_ERROR
;
101 #if defined(NDEBUG) // ASLR cannot be forced in debug builds.
102 if (!CheckWin8AslrPolicy())
103 return SBOX_TEST_SECOND_ERROR
;
106 if (!CheckWin8StrictHandlePolicy())
107 return SBOX_TEST_THIRD_ERROR
;
109 if (!CheckWin8DllExtensionPolicy())
110 return SBOX_TEST_FIFTH_ERROR
;
112 return SBOX_TEST_SUCCEEDED
;
115 TEST(ProcessMitigationsTest
, CheckWin8
) {
116 if (base::win::GetVersion() < base::win::VERSION_WIN8
)
120 sandbox::TargetPolicy
* policy
= runner
.GetPolicy();
122 sandbox::MitigationFlags mitigations
= MITIGATION_DEP
|
123 MITIGATION_DEP_NO_ATL_THUNK
|
124 MITIGATION_EXTENSION_DLL_DISABLE
;
125 #if defined(NDEBUG) // ASLR cannot be forced in debug builds.
126 mitigations
|= MITIGATION_RELOCATE_IMAGE
|
127 MITIGATION_RELOCATE_IMAGE_REQUIRED
;
130 EXPECT_EQ(policy
->SetProcessMitigations(mitigations
), SBOX_ALL_OK
);
132 mitigations
|= MITIGATION_STRICT_HANDLE_CHECKS
;
134 EXPECT_EQ(policy
->SetDelayedProcessMitigations(mitigations
), SBOX_ALL_OK
);
136 EXPECT_EQ(SBOX_TEST_SUCCEEDED
, runner
.RunTest(L
"CheckWin8"));
140 SBOX_TESTS_COMMAND
int CheckDep(int argc
, wchar_t **argv
) {
141 GetProcessDEPPolicyFunction get_process_dep_policy
=
142 reinterpret_cast<GetProcessDEPPolicyFunction
>(
143 ::GetProcAddress(::GetModuleHandleW(L
"kernel32.dll"),
144 "GetProcessDEPPolicy"));
145 if (get_process_dep_policy
) {
146 BOOL is_permanent
= FALSE
;
149 if (!get_process_dep_policy(::GetCurrentProcess(), &dep_flags
,
151 return SBOX_TEST_FIRST_ERROR
;
154 if (!(dep_flags
& PROCESS_DEP_ENABLE
) || !is_permanent
)
155 return SBOX_TEST_SECOND_ERROR
;
158 NtQueryInformationProcessFunction query_information_process
= NULL
;
159 ResolveNTFunctionPtr("NtQueryInformationProcess",
160 &query_information_process
);
161 if (!query_information_process
)
162 return SBOX_TEST_NOT_FOUND
;
166 if (!SUCCEEDED(query_information_process(::GetCurrentProcess(),
167 ProcessExecuteFlags
, &dep_flags
,
168 sizeof(dep_flags
), &size
))) {
169 return SBOX_TEST_THIRD_ERROR
;
172 static const int MEM_EXECUTE_OPTION_DISABLE
= 2;
173 static const int MEM_EXECUTE_OPTION_PERMANENT
= 8;
176 if (dep_flags
!= (MEM_EXECUTE_OPTION_DISABLE
|
177 MEM_EXECUTE_OPTION_PERMANENT
)) {
178 return SBOX_TEST_FOURTH_ERROR
;
182 return SBOX_TEST_SUCCEEDED
;
185 #if !defined(_WIN64) // DEP is always enabled on 64-bit.
186 TEST(ProcessMitigationsTest
, CheckDep
) {
187 if (base::win::GetVersion() > base::win::VERSION_WIN7
)
191 sandbox::TargetPolicy
* policy
= runner
.GetPolicy();
193 EXPECT_EQ(policy
->SetProcessMitigations(
195 MITIGATION_DEP_NO_ATL_THUNK
|
198 EXPECT_EQ(SBOX_TEST_SUCCEEDED
, runner
.RunTest(L
"CheckDep"));
202 SBOX_TESTS_COMMAND
int CheckWin8Lockdown(int argc
, wchar_t **argv
) {
203 get_process_mitigation_policy
=
204 reinterpret_cast<GetProcessMitigationPolicyFunction
>(
205 ::GetProcAddress(::GetModuleHandleW(L
"kernel32.dll"),
206 "GetProcessMitigationPolicy"));
207 if (!get_process_mitigation_policy
)
208 return SBOX_TEST_NOT_FOUND
;
210 if (!CheckWin8Win32CallPolicy())
211 return SBOX_TEST_FIRST_ERROR
;
212 return SBOX_TEST_SUCCEEDED
;
215 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on
216 // the target process causes the launch to fail in process initialization.
217 // The test process itself links against user32/gdi32.
218 TEST(ProcessMitigationsTest
, CheckWin8Win32KLockDownFailure
) {
219 if (base::win::GetVersion() < base::win::VERSION_WIN8
)
223 sandbox::TargetPolicy
* policy
= runner
.GetPolicy();
225 EXPECT_EQ(policy
->SetProcessMitigations(MITIGATION_WIN32K_DISABLE
),
227 EXPECT_NE(SBOX_TEST_SUCCEEDED
, runner
.RunTest(L
"CheckWin8Lockdown"));
230 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation
231 // along with the policy to fake user32 and gdi32 initialization successfully
232 // launches the target process.
233 // The test process itself links against user32/gdi32.
234 TEST(ProcessMitigationsTest
, CheckWin8Win32KLockDownSuccess
) {
235 if (base::win::GetVersion() < base::win::VERSION_WIN8
)
239 sandbox::TargetPolicy
* policy
= runner
.GetPolicy();
241 EXPECT_EQ(policy
->SetProcessMitigations(MITIGATION_WIN32K_DISABLE
),
243 EXPECT_EQ(policy
->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN
,
244 sandbox::TargetPolicy::FAKE_USER_GDI_INIT
, NULL
),
245 sandbox::SBOX_ALL_OK
);
246 EXPECT_EQ(SBOX_TEST_SUCCEEDED
, runner
.RunTest(L
"CheckWin8Lockdown"));
249 } // namespace sandbox