search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add third_party/khronos to GN configs in ozone gbm
[chromium-blink-merge.git] / chrome_elf / blacklist / blacklist.cc
blobd778b90434e52de244226b73f06011b3d0a134b8
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome_elf/blacklist/blacklist.h"
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <vector>
11
12 #include "base/basictypes.h"
13 #include "chrome_elf/blacklist/blacklist_interceptions.h"
14 #include "chrome_elf/chrome_elf_constants.h"
15 #include "chrome_elf/chrome_elf_util.h"
16 #include "chrome_elf/thunk_getter.h"
17 #include "sandbox/win/src/interception_internal.h"
18 #include "sandbox/win/src/internal_types.h"
19 #include "sandbox/win/src/service_resolver.h"
20
21 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx
22 extern "C" IMAGE_DOS_HEADER __ImageBase;
23
24 namespace blacklist{
25
26 // The DLLs listed here are known (or under strong suspicion) of causing crashes
27 // when they are loaded in the browser. DLLs should only be added to this list
28 // if there is nothing else Chrome can do to prevent those crashes.
29 // For more information about how this list is generated, and how to get off
30 // of it, see:
31 // https://sites.google.com/a/chromium.org/dev/Home/third-party-developers
32 // NOTE: Please remember to update the DllHash enum in histograms.xml when
33 // adding a new value to the blacklist.
34 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {
35 L"activedetect32.dll", // Lenovo One Key Theater.
36 // See crbug.com/379218.
37 L"activedetect64.dll", // Lenovo One Key Theater.
38 L"bitguard.dll", // Unknown (suspected malware).
39 L"bsvc.dll", // Unknown (suspected adware).
40 L"chrmxtn.dll", // Unknown (keystroke logger).
41 L"cplushook.dll", // Unknown (suspected malware).
42 L"crdli.dll", // Linkury Inc.
43 L"crdli64.dll", // Linkury Inc.
44 L"datamngr.dll", // Unknown (suspected adware).
45 L"dpinterface32.dll", // Unknown (suspected adware).
46 L"explorerex.dll", // Unknown (suspected adware).
47 L"hk.dll", // Unknown (keystroke logger).
48 L"libapi2hook.dll", // V-Bates.
49 L"libinject.dll", // V-Bates.
50 L"libinject2.dll", // V-Bates.
51 L"libredir2.dll", // V-Bates.
52 L"libsvn_tsvn32.dll", // TortoiseSVN.
53 L"libwinhook.dll", // V-Bates.
54 L"lmrn.dll", // Unknown.
55 L"minisp.dll", // Unknown (suspected malware).
56 L"minisp32.dll", // Unknown (suspected malware).
57 L"safetynut.dll", // Unknown (suspected adware).
58 L"smdmf.dll", // Unknown (suspected adware).
59 L"spappsv32.dll", // Unknown (suspected adware).
60 L"systemk.dll", // Unknown (suspected adware).
61 L"vntsrv.dll", // Virtual New Tab by APN LLC.
62 L"wajam_goblin_64.dll", // Wajam Internet Technologies.
63 L"wajam_goblin.dll", // Wajam Internet Technologies.
64 L"windowsapihookdll32.dll", // Lenovo One Key Theater.
65 // See crbug.com/379218.
66 L"windowsapihookdll64.dll", // Lenovo One Key Theater.
67 L"virtualcamera.ax", // %PROGRAMFILES%\ASUS\VirtualCamera.
68 // See crbug.com/422522.
69 L"ycwebcamerasource.ax", // CyberLink Youcam, crbug.com/424159
70 // Keep this null pointer here to mark the end of the list.
71 NULL,
72 };
73
74 bool g_blocked_dlls[kTroublesomeDllsMaxCount] = {};
75 int g_num_blocked_dlls = 0;
76
77 } // namespace blacklist
78
79 // Allocate storage for thunks in a page of this module to save on doing
80 // an extra allocation at run time.
81 #pragma section(".crthunk",read,execute)
82 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage;
83
84 namespace {
85
86 // Record if the blacklist was successfully initialized so processes can easily
87 // determine if the blacklist is enabled for them.
88 bool g_blacklist_initialized = false;
89
90 // Helper to set DWORD registry values.
91 DWORD SetDWValue(HKEY* key, const wchar_t* property, DWORD value) {
92 return ::RegSetValueEx(*key,
93 property,
94 0,
95 REG_DWORD,
96 reinterpret_cast<LPBYTE>(&value),
97 sizeof(value));
98 }
99
100 bool GenerateStateFromBeaconAndAttemptCount(HKEY* key, DWORD blacklist_state) {
101 LONG result = 0;
102 if (blacklist_state == blacklist::BLACKLIST_ENABLED) {
103 // If the blacklist succeeded on the previous run reset the failure
104 // counter.
105 return (SetDWValue(key,
106 blacklist::kBeaconAttemptCount,
107 static_cast<DWORD>(0)) == ERROR_SUCCESS);
108 } else {
109 // Some part of the blacklist setup failed last time. If this has occured
110 // blacklist::kBeaconMaxAttempts times in a row we switch the state to
111 // failed and skip setting up the blacklist.
112 DWORD attempt_count = 0;
113 DWORD attempt_count_size = sizeof(attempt_count);
114 result = ::RegQueryValueEx(*key,
115 blacklist::kBeaconAttemptCount,
116 0,
117 NULL,
118 reinterpret_cast<LPBYTE>(&attempt_count),
119 &attempt_count_size);
120
121 if (result == ERROR_FILE_NOT_FOUND)
122 attempt_count = 0;
123 else if (result != ERROR_SUCCESS)
124 return false;
125
126 ++attempt_count;
127 SetDWValue(key, blacklist::kBeaconAttemptCount, attempt_count);
128
129 if (attempt_count >= blacklist::kBeaconMaxAttempts) {
130 blacklist_state = blacklist::BLACKLIST_SETUP_FAILED;
131 SetDWValue(key, blacklist::kBeaconState, blacklist_state);
132 }
133
134 return false;
135 }
136 }
137
138 } // namespace
139
140 namespace blacklist {
141
142 #if defined(_WIN64)
143 // Allocate storage for the pointer to the old NtMapViewOfSectionFunction.
144 #pragma section(".oldntmap",write,read)
145 __declspec(allocate(".oldntmap"))
146 NtMapViewOfSectionFunction g_nt_map_view_of_section_func = NULL;
147 #endif
148
149 bool LeaveSetupBeacon() {
150 HKEY key = NULL;
151 DWORD disposition = 0;
152 LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER,
153 kRegistryBeaconPath,
154 0,
155 NULL,
156 REG_OPTION_NON_VOLATILE,
157 KEY_QUERY_VALUE | KEY_SET_VALUE,
158 NULL,
159 &key,
160 &disposition);
161 if (result != ERROR_SUCCESS)
162 return false;
163
164 // Retrieve the current blacklist state.
165 DWORD blacklist_state = BLACKLIST_STATE_MAX;
166 DWORD blacklist_state_size = sizeof(blacklist_state);
167 DWORD type = 0;
168 result = ::RegQueryValueEx(key,
169 kBeaconState,
170 0,
171 &type,
172 reinterpret_cast<LPBYTE>(&blacklist_state),
173 &blacklist_state_size);
174
175 if (result != ERROR_SUCCESS || blacklist_state == BLACKLIST_DISABLED ||
176 type != REG_DWORD) {
177 ::RegCloseKey(key);
178 return false;
179 }
180
181 if (!GenerateStateFromBeaconAndAttemptCount(&key, blacklist_state)) {
182 ::RegCloseKey(key);
183 return false;
184 }
185
186 result = SetDWValue(&key, kBeaconState, BLACKLIST_SETUP_RUNNING);
187 ::RegCloseKey(key);
188
189 return (result == ERROR_SUCCESS);
190 }
191
192 bool ResetBeacon() {
193 HKEY key = NULL;
194 DWORD disposition = 0;
195 LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER,
196 kRegistryBeaconPath,
197 0,
198 NULL,
199 REG_OPTION_NON_VOLATILE,
200 KEY_QUERY_VALUE | KEY_SET_VALUE,
201 NULL,
202 &key,
203 &disposition);
204 if (result != ERROR_SUCCESS)
205 return false;
206
207 DWORD blacklist_state = BLACKLIST_STATE_MAX;
208 DWORD blacklist_state_size = sizeof(blacklist_state);
209 DWORD type = 0;
210 result = ::RegQueryValueEx(key,
211 kBeaconState,
212 0,
213 &type,
214 reinterpret_cast<LPBYTE>(&blacklist_state),
215 &blacklist_state_size);
216
217 if (result != ERROR_SUCCESS || type != REG_DWORD) {
218 ::RegCloseKey(key);
219 return false;
220 }
221
222 // Reaching this point with the setup running state means the setup did not
223 // crash, so we reset to enabled. Any other state indicates that setup was
224 // skipped; in that case we leave the state alone for later recording.
225 if (blacklist_state == BLACKLIST_SETUP_RUNNING)
226 result = SetDWValue(&key, kBeaconState, BLACKLIST_ENABLED);
227
228 ::RegCloseKey(key);
229 return (result == ERROR_SUCCESS);
230 }
231
232 int BlacklistSize() {
233 int size = -1;
234 while (blacklist::g_troublesome_dlls[++size] != NULL) {}
235
236 return size;
237 }
238
239 bool IsBlacklistInitialized() {
240 return g_blacklist_initialized;
241 }
242
243 int GetBlacklistIndex(const wchar_t* dll_name) {
244 for (int i = 0; i < kTroublesomeDllsMaxCount && g_troublesome_dlls[i]; ++i) {
245 if (_wcsicmp(dll_name, g_troublesome_dlls[i]) == 0)
246 return i;
247 }
248 return -1;
249 }
250
251 bool AddDllToBlacklist(const wchar_t* dll_name) {
252 int blacklist_size = BlacklistSize();
253 // We need to leave one space at the end for the null pointer.
254 if (blacklist_size + 1 >= kTroublesomeDllsMaxCount)
255 return false;
256 for (int i = 0; i < blacklist_size; ++i) {
257 if (!_wcsicmp(g_troublesome_dlls[i], dll_name))
258 return true;
259 }
260
261 // Copy string to blacklist.
262 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1];
263 wcscpy(str_buffer, dll_name);
264
265 g_troublesome_dlls[blacklist_size] = str_buffer;
266 g_blocked_dlls[blacklist_size] = false;
267 return true;
268 }
269
270 bool RemoveDllFromBlacklist(const wchar_t* dll_name) {
271 int blacklist_size = BlacklistSize();
272 for (int i = 0; i < blacklist_size; ++i) {
273 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) {
274 // Found the thing to remove. Delete it then replace it with the last
275 // element.
276 delete[] g_troublesome_dlls[i];
277 g_troublesome_dlls[i] = g_troublesome_dlls[blacklist_size - 1];
278 g_troublesome_dlls[blacklist_size - 1] = NULL;
279
280 // Also update the stats recording if we have blocked this dll or not.
281 if (g_blocked_dlls[i])
282 --g_num_blocked_dlls;
283 g_blocked_dlls[i] = g_blocked_dlls[blacklist_size - 1];
284 return true;
285 }
286 }
287 return false;
288 }
289
290 // TODO(csharp): Maybe store these values in the registry so we can
291 // still report them if Chrome crashes early.
292 void SuccessfullyBlocked(const wchar_t** blocked_dlls, int* size) {
293 if (size == NULL)
294 return;
295
296 // If the array isn't valid or big enough, just report the size it needs to
297 // be and return.
298 if (blocked_dlls == NULL && *size < g_num_blocked_dlls) {
299 *size = g_num_blocked_dlls;
300 return;
301 }
302
303 *size = g_num_blocked_dlls;
304
305 int strings_to_fill = 0;
306 for (int i = 0; strings_to_fill < g_num_blocked_dlls && g_troublesome_dlls[i];
307 ++i) {
308 if (g_blocked_dlls[i]) {
309 blocked_dlls[strings_to_fill] = g_troublesome_dlls[i];
310 ++strings_to_fill;
311 }
312 }
313 }
314
315 void BlockedDll(size_t blocked_index) {
316 assert(blocked_index < kTroublesomeDllsMaxCount);
317
318 if (!g_blocked_dlls[blocked_index] &&
319 blocked_index < kTroublesomeDllsMaxCount) {
320 ++g_num_blocked_dlls;
321 g_blocked_dlls[blocked_index] = true;
322 }
323 }
324
325 bool Initialize(bool force) {
326 // Check to see that we found the functions we need in ntdll.
327 if (!InitializeInterceptImports())
328 return false;
329
330 // Check to see if this is a non-browser process, abort if so.
331 if (IsNonBrowserProcess())
332 return false;
333
334 // Check to see if the blacklist beacon is still set to running (indicating a
335 // failure) or disabled, and abort if so.
336 if (!force && !LeaveSetupBeacon())
337 return false;
338
339 // It is possible for other dlls to have already patched code by now and
340 // attempting to patch their code might result in crashes.
341 const bool kRelaxed = false;
342
343 // Create a thunk via the appropriate ServiceResolver instance.
344 sandbox::ServiceResolverThunk* thunk = GetThunk(kRelaxed);
345
346 // Don't try blacklisting on unsupported OS versions.
347 if (!thunk)
348 return false;
349
350 BYTE* thunk_storage = reinterpret_cast<BYTE*>(&g_thunk_storage);
351
352 // Mark the thunk storage as readable and writeable, since we
353 // ready to write to it.
354 DWORD old_protect = 0;
355 if (!VirtualProtect(&g_thunk_storage,
356 sizeof(g_thunk_storage),
357 PAGE_EXECUTE_READWRITE,
358 &old_protect)) {
359 return false;
360 }
361
362 thunk->AllowLocalPatches();
363
364 // We declare this early so it can be used in the 64-bit block below and
365 // still work on 32-bit build when referenced at the end of the function.
366 BOOL page_executable = false;
367
368 // Replace the default NtMapViewOfSection with our patched version.
369 #if defined(_WIN64)
370 NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName),
371 reinterpret_cast<void*>(&__ImageBase),
372 "NtMapViewOfSection",
373 NULL,
374 &blacklist::BlNtMapViewOfSection64,
375 thunk_storage,
376 sizeof(sandbox::ThunkData),
377 NULL);
378
379 // Keep a pointer to the original code, we don't have enough space to
380 // add it directly to the call.
381 g_nt_map_view_of_section_func = reinterpret_cast<NtMapViewOfSectionFunction>(
382 thunk_storage);
383
384 // Ensure that the pointer to the old function can't be changed.
385 page_executable = VirtualProtect(&g_nt_map_view_of_section_func,
386 sizeof(g_nt_map_view_of_section_func),
387 PAGE_EXECUTE_READ,
388 &old_protect);
389 #else
390 NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName),
391 reinterpret_cast<void*>(&__ImageBase),
392 "NtMapViewOfSection",
393 NULL,
394 &blacklist::BlNtMapViewOfSection,
395 thunk_storage,
396 sizeof(sandbox::ThunkData),
397 NULL);
398 #endif
399 delete thunk;
400
401 // Record if we have initialized the blacklist.
402 g_blacklist_initialized = NT_SUCCESS(ret);
403
404 // Mark the thunk storage as executable and prevent any future writes to it.
405 page_executable = page_executable && VirtualProtect(&g_thunk_storage,
406 sizeof(g_thunk_storage),
407 PAGE_EXECUTE_READ,
408 &old_protect);
409
410 AddDllsFromRegistryToBlacklist();
411
412 return NT_SUCCESS(ret) && page_executable;
413 }
414
415 void AddDllsFromRegistryToBlacklist() {
416 HKEY key = NULL;
417 LONG result = ::RegOpenKeyEx(HKEY_CURRENT_USER,
418 kRegistryFinchListPath,
419 0,
420 KEY_QUERY_VALUE | KEY_SET_VALUE,
421 &key);
422
423 if (result != ERROR_SUCCESS)
424 return;
425
426 // We add dlls from the registry to the blacklist.
427 DWORD value_len;
428 DWORD name_len = MAX_PATH;
429 std::vector<wchar_t> name_buffer(name_len);
430 for (int i = 0; result == ERROR_SUCCESS; ++i) {
431 name_len = MAX_PATH;
432 value_len = 0;
433 result = ::RegEnumValue(
434 key, i, &name_buffer[0], &name_len, NULL, NULL, NULL, &value_len);
435 if (result != ERROR_SUCCESS)
436 break;
437
438 name_len = name_len + 1;
439 value_len = value_len + 1;
440 std::vector<wchar_t> value_buffer(value_len);
441 result = ::RegEnumValue(key, i, &name_buffer[0], &name_len, NULL, NULL,
442 reinterpret_cast<BYTE*>(&value_buffer[0]),
443 &value_len);
444 if (result != ERROR_SUCCESS)
445 break;
446 value_buffer[value_len - 1] = L'\0';
447 AddDllToBlacklist(&value_buffer[0]);
448 }
449
450 ::RegCloseKey(key);
451 return;
452 }
453
454 } // namespace blacklist