diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-07-31 15:50:41 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-08-30 12:35:23 +0000 |
| commit | 7b2ffa587235a47d4094787d72f38102089f402a (patch) | |
| tree | 30e82af9cbab08a7fa028bb18f4f2987a3f74dfa /chromium/sandbox | |
| parent | d94af01c90575348c4e81a418257f254b6f8d225 (diff) | |
| download | qtwebengine-chromium-7b2ffa587235a47d4094787d72f38102089f402a.tar.gz | |
BASELINE: Update Chromium to 76.0.3809.94
Change-Id: I321c3f5f929c105aec0f98c5091ef6108822e647
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/sandbox')
30 files changed, 206 insertions, 306 deletions
diff --git a/chromium/sandbox/BUILD.gn b/chromium/sandbox/BUILD.gn index c22d6abc224..81e7aff037d 100644 --- a/chromium/sandbox/BUILD.gn +++ b/chromium/sandbox/BUILD.gn @@ -53,7 +53,6 @@ buildflag_header("sandbox_buildflags") { fuzzer_test("sandbox_ipc_fuzzer") { set_sources_assignment_filter([]) sources = [ - "ipc.dict", "win/fuzzer/fuzzer_types.h", "win/fuzzer/sandbox_ipc_fuzzer.cc", "win/src/crosscall_server.cc", diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc index ba2d363a225..ab194e2b7a5 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc @@ -94,6 +94,7 @@ ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const { case __NR_getdents64: case __NR_getpriority: case __NR_ioctl: + case __NR_membarrier: // https://crbug.com/966433 case __NR_mremap: #if defined(__i386__) // Used on pre-N to initialize threads in ART. diff --git a/chromium/sandbox/linux/services/libc_interceptor.cc b/chromium/sandbox/linux/services/libc_interceptor.cc index 50c8f96c06d..d25b5091bb5 100644 --- a/chromium/sandbox/linux/services/libc_interceptor.cc +++ b/chromium/sandbox/linux/services/libc_interceptor.cc @@ -188,7 +188,7 @@ static pthread_once_t g_libc_funcs_guard = PTHREAD_ONCE_INIT; static PROTECTED_MEMORY_SECTION base::ProtectedMemory<LibcFunctions> g_libc_funcs; -static void InitLibcLocaltimeFunctions() { +static void InitLibcLocaltimeFunctionsImpl() { auto writer = base::AutoWritableMemory::Create(g_libc_funcs); g_libc_funcs->localtime = reinterpret_cast<LocaltimeFunction>(dlsym(RTLD_NEXT, "localtime")); @@ -238,7 +238,7 @@ __attribute__((__visibility__("default"))) struct tm* localtime_override( return &time_struct; } - CHECK_EQ(0, pthread_once(&g_libc_funcs_guard, InitLibcLocaltimeFunctions)); + InitLibcLocaltimeFunctions(); struct tm* res = base::UnsanitizedCfiCall(g_libc_funcs, &LibcFunctions::localtime)(timep); #if defined(MEMORY_SANITIZER) @@ -264,7 +264,7 @@ __attribute__((__visibility__("default"))) struct tm* localtime64_override( return &time_struct; } - CHECK_EQ(0, pthread_once(&g_libc_funcs_guard, InitLibcLocaltimeFunctions)); + InitLibcLocaltimeFunctions(); struct tm* res = base::UnsanitizedCfiCall(g_libc_funcs, &LibcFunctions::localtime64)(timep); #if defined(MEMORY_SANITIZER) @@ -288,7 +288,7 @@ __attribute__((__visibility__("default"))) struct tm* localtime_r_override( return result; } - CHECK_EQ(0, pthread_once(&g_libc_funcs_guard, InitLibcLocaltimeFunctions)); + InitLibcLocaltimeFunctions(); struct tm* res = base::UnsanitizedCfiCall( g_libc_funcs, &LibcFunctions::localtime_r)(timep, result); #if defined(MEMORY_SANITIZER) @@ -312,7 +312,7 @@ __attribute__((__visibility__("default"))) struct tm* localtime64_r_override( return result; } - CHECK_EQ(0, pthread_once(&g_libc_funcs_guard, InitLibcLocaltimeFunctions)); + InitLibcLocaltimeFunctions(); struct tm* res = base::UnsanitizedCfiCall( g_libc_funcs, &LibcFunctions::localtime64_r)(timep, result); #if defined(MEMORY_SANITIZER) @@ -343,4 +343,9 @@ bool HandleInterceptedCall(int kind, return HandleLocalTime(fd, iter, fds); } +void InitLibcLocaltimeFunctions() { + CHECK_EQ(0, + pthread_once(&g_libc_funcs_guard, InitLibcLocaltimeFunctionsImpl)); +} + } // namespace sandbox diff --git a/chromium/sandbox/linux/services/libc_interceptor.h b/chromium/sandbox/linux/services/libc_interceptor.h index c58c9f34604..be020c20179 100644 --- a/chromium/sandbox/linux/services/libc_interceptor.h +++ b/chromium/sandbox/linux/services/libc_interceptor.h @@ -70,6 +70,9 @@ SANDBOX_EXPORT void SetUseLocaltimeOverride(bool enable); // children. |backchannel_fd| must be the fd to use for proxying calls. SANDBOX_EXPORT void SetAmZygoteOrRenderer(bool enable, int backchannel_fd); +// Initializes libc interception. Must be called before sandbox lock down. +SANDBOX_EXPORT void InitLibcLocaltimeFunctions(); + } // namespace sandbox #endif // SANDBOX_LINUX_SERVICES_LIBC_INTERCEPTOR_H_ diff --git a/chromium/sandbox/mac/BUILD.gn b/chromium/sandbox/mac/BUILD.gn index d1147821a9b..cbf9488aa9b 100644 --- a/chromium/sandbox/mac/BUILD.gn +++ b/chromium/sandbox/mac/BUILD.gn @@ -69,7 +69,6 @@ test("sandbox_mac_unittests") { sources = [ "mojom/struct_traits_unittest.cc", "sandbox_mac_compiler_unittest.mm", - "sandbox_mac_compiler_v2_unittest.mm", "sandbox_mac_seatbelt_exec_unittest.cc", "seatbelt_extension_unittest.cc", ] diff --git a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm b/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm deleted file mode 100644 index 64eae5e4221..00000000000 --- a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#import <Foundation/Foundation.h> -#import <IOSurface/IOSurface.h> - -#include <fcntl.h> -#include <servers/bootstrap.h> -#include <stdint.h> -#include <sys/mman.h> -#include <sys/stat.h> -#include <sys/sysctl.h> -#include <sys/types.h> -#include <unistd.h> - -#include "base/files/file.h" -#include "base/files/file_path.h" -#include "base/files/file_util.h" -#include "base/mac/mac_util.h" -#include "base/process/kill.h" -#include "base/test/multiprocess_test.h" -#include "base/test/test_timeouts.h" -#include "sandbox/mac/sandbox_compiler.h" -#include "testing/gtest/include/gtest/gtest.h" -#include "testing/multiprocess_func_list.h" - -namespace sandbox { - -// These tests are designed to begin testing the V2 style sandbox rules on the -// bots, rendering the earliest possible test results on how the rules perform -// consistently across all test bots and supported OS versions. -class SandboxMacCompilerV2Test : public base::MultiProcessTest {}; - -MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { - // Note: newlines are not necessary in the profile, but do make it easier to - // print the profile out for debugging purposes. - std::string profile = - "(version 1)\n" - "(deny default (with no-log))\n" - "(define allowed-dir \"ALLOWED_READ_DIR\")\n" - "(define temp-file \"ALLOWED_TEMP_FILE\")\n" - "(define is-pre-10_10 \"IS_PRE_10_10\")\n" - "(define zone-tab \"ZONE_TAB\")\n" - "; Make it easier to drop (literal) once we stop supporting 10.9\n" - "(define (path x) (literal x))\n" - "(allow file-read-metadata (subpath \"/\"))\n" - "(allow file-read* (subpath (param allowed-dir)))\n" - "(allow file-read-data (path (param zone-tab)))\n" - "(allow file-write* (path (param temp-file)))\n" - "(allow ipc-posix-shm-read-data (ipc-posix-name " - "\"apple.shm.notification_center\"))\n" - "(allow mach-lookup (global-name \"com.apple.system.logger\"))\n" - "(if (string=? (param is-pre-10_10) \"TRUE\") (allow sysctl-read))\n" - "(if (string=? (param is-pre-10_10) \"FALSE\") (allow sysctl-read " - "(sysctl-name \"hw.activecpu\")))\n"; - - std::string temp_file_path = "/private/tmp/sf234234wfsfsdfdsf"; - SandboxCompiler compiler(profile); - CHECK(compiler.InsertStringParam("ALLOWED_READ_DIR", "/usr/lib")); - CHECK(compiler.InsertStringParam("ALLOWED_TEMP_FILE", temp_file_path)); - CHECK(compiler.InsertBooleanParam("IS_PRE_10_10", - !base::mac::IsAtLeastOS10_10())); - - // crbug.com/748517: The zoneinfo folder is a symlink on 10.13. - base::FilePath zone_tab_path("/usr/share/zoneinfo/zone.tab"); - zone_tab_path = base::MakeAbsoluteFilePath(zone_tab_path); - CHECK(compiler.InsertStringParam("ZONE_TAB", zone_tab_path.value())); - - std::string error; - bool result = compiler.CompileAndApplyProfile(&error); - CHECK(result) << error; - - // Now attempt the appropriate resource access. - base::FilePath path("/usr/lib/libsandbox.dylib"); - base::File file(path, base::File::FLAG_OPEN | base::File::FLAG_READ); - CHECK(file.IsValid()); - - char buf[4096]; - CHECK_EQ(static_cast<int>(sizeof(buf)), - file.Read(/*offset=*/0, buf, sizeof(buf))); - file.Close(); // Protect again other checks accidentally using this file. - - struct stat sb; - CHECK_EQ(0, stat("/Applications/TextEdit.app", &sb)); - - base::FilePath zone_path("/usr/share/zoneinfo/zone.tab"); - base::File zone_file(zone_path, - base::File::FLAG_OPEN | base::File::FLAG_READ); - CHECK(zone_file.IsValid()); - - char zone_buf[2]; - CHECK_EQ(static_cast<int>(sizeof(zone_buf)), - zone_file.Read(/*offset=*/0, zone_buf, sizeof(zone_buf))); - zone_file.Close(); - - // Make sure we cannot read any files in zoneinfo. - base::FilePath zone_dir_path("/usr/share/zoneinfo"); - base::File zoneinfo(zone_dir_path, - base::File::FLAG_OPEN | base::File::FLAG_READ); - CHECK(!zoneinfo.IsValid()); - - base::FilePath temp_path(temp_file_path); - base::File temp_file(temp_path, - base::File::FLAG_OPEN_ALWAYS | base::File::FLAG_WRITE); - CHECK(temp_file.IsValid()); - - const char msg[] = "I can write this file."; - CHECK_EQ(static_cast<int>(sizeof(msg)), - temp_file.WriteAtCurrentPos(msg, sizeof(msg))); - temp_file.Close(); - - int shm_fd = shm_open("apple.shm.notification_center", O_RDONLY, 0644); - CHECK_GE(shm_fd, 0); - - // Test mach service access. The port is leaked because the multiprocess - // test exits quickly after this look up. - mach_port_t service_port; - kern_return_t status = bootstrap_look_up( - bootstrap_port, "com.apple.system.logger", &service_port); - CHECK_EQ(status, BOOTSTRAP_SUCCESS) << bootstrap_strerror(status); - - mach_port_t forbidden_mach; - status = bootstrap_look_up(bootstrap_port, "com.apple.cfprefsd.daemon", - &forbidden_mach); - CHECK_NE(BOOTSTRAP_SUCCESS, status); - - size_t oldp_len; - CHECK_EQ(0, sysctlbyname("hw.activecpu", NULL, &oldp_len, NULL, 0)); - - char oldp[oldp_len]; - CHECK_EQ(0, sysctlbyname("hw.activecpu", oldp, &oldp_len, NULL, 0)); - - // sysctl filtering only exists on macOS 10.10+. - if (base::mac::IsAtLeastOS10_10()) { - size_t ncpu_len; - CHECK_NE(0, sysctlbyname("hw.ncpu", NULL, &ncpu_len, NULL, 0)); - } - - return 0; -} - -TEST_F(SandboxMacCompilerV2Test, V2ProfileTest) { - base::Process process = SpawnChild("V2ProfileProcess"); - ASSERT_TRUE(process.IsValid()); - int exit_code = 42; - EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), - &exit_code)); - EXPECT_EQ(exit_code, 0); -} - -} // namespace sandbox diff --git a/chromium/sandbox/win/src/app_container_test.cc b/chromium/sandbox/win/src/app_container_test.cc index cb725280362..d6e3d0e94cb 100644 --- a/chromium/sandbox/win/src/app_container_test.cc +++ b/chromium/sandbox/win/src/app_container_test.cc @@ -140,7 +140,7 @@ void CheckLpacToken(HANDLE process) { class AppContainerProfileTest : public ::testing::Test { public: void SetUp() override { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; package_name_ = GenerateRandomPackageName(); broker_services_ = GetBroker(); @@ -186,7 +186,7 @@ class AppContainerProfileTest : public ::testing::Test { TEST(AppContainerTest, DenyOpenEventForLowBox) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); @@ -307,7 +307,7 @@ TEST_F(AppContainerProfileTest, WithImpersonationCapabilities) { } TEST_F(AppContainerProfileTest, NoCapabilitiesLPAC) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; profile_->SetEnableLowPrivilegeAppContainer(true); diff --git a/chromium/sandbox/win/src/app_container_unittest.cc b/chromium/sandbox/win/src/app_container_unittest.cc index f3e70c35f41..4b90b9a4c52 100644 --- a/chromium/sandbox/win/src/app_container_unittest.cc +++ b/chromium/sandbox/win/src/app_container_unittest.cc @@ -153,7 +153,7 @@ void AccessCheckFile(AppContainerProfile* profile, } // namespace TEST(AppContainerTest, SecurityCapabilities) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; // This isn't a valid package SID but it doesn't matter for this test. @@ -176,7 +176,7 @@ TEST(AppContainerTest, SecurityCapabilities) { } TEST(AppContainerTest, CreateAndDeleteAppContainerProfile) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; std::wstring package_name = GenerateRandomPackageName(); @@ -191,7 +191,7 @@ TEST(AppContainerTest, CreateAndDeleteAppContainerProfile) { } TEST(AppContainerTest, CreateAndOpenAppContainerProfile) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; std::wstring package_name = GenerateRandomPackageName(); @@ -215,7 +215,7 @@ TEST(AppContainerTest, CreateAndOpenAppContainerProfile) { TEST(AppContainerTest, SetLowPrivilegeAppContainer) { // LPAC first supported in RS1. - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; std::wstring package_name = GenerateRandomPackageName(); scoped_refptr<AppContainerProfileBase> profile = @@ -226,7 +226,7 @@ TEST(AppContainerTest, SetLowPrivilegeAppContainer) { } TEST(AppContainerTest, OpenAppContainerProfileAndGetSecurityCapabilities) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; std::wstring package_name = GenerateRandomPackageName(); @@ -240,7 +240,7 @@ TEST(AppContainerTest, OpenAppContainerProfileAndGetSecurityCapabilities) { no_capabilities.get(), profile->GetPackageSid(), capabilities)); // No support for named capabilities prior to Win10. - if (base::win::GetVersion() >= base::win::VERSION_WIN10) { + if (base::win::GetVersion() >= base::win::Version::WIN10) { ASSERT_TRUE(profile->AddCapability(L"FakeCapability")); capabilities.push_back(Sid::FromNamedCapability(L"FakeCapability")); } @@ -256,7 +256,7 @@ TEST(AppContainerTest, OpenAppContainerProfileAndGetSecurityCapabilities) { } TEST(AppContainerTest, GetResources) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; std::wstring package_name = GenerateRandomPackageName(); @@ -282,7 +282,7 @@ TEST(AppContainerTest, GetResources) { } TEST(AppContainerTest, AccessCheckFile) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; // We don't need a valid profile to do the access check tests. @@ -308,7 +308,7 @@ TEST(AppContainerTest, AccessCheckFile) { GENERIC_READ | GENERIC_EXECUTE, FILE_GENERIC_READ | FILE_GENERIC_EXECUTE, TRUE); // No support for LPAC less than Win10 RS1. - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; profile->SetEnableLowPrivilegeAppContainer(true); AccessCheckFile(profile.get(), path, ::WinBuiltinAnyPackageSid, @@ -318,7 +318,7 @@ TEST(AppContainerTest, AccessCheckFile) { } TEST(AppContainerTest, AccessCheckRegistry) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; // We don't need a valid profile to do the access check tests. @@ -349,7 +349,7 @@ TEST(AppContainerTest, AccessCheckRegistry) { } TEST(AppContainerTest, ImpersonationCapabilities) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; std::wstring package_name = GenerateRandomPackageName(); @@ -373,7 +373,7 @@ TEST(AppContainerTest, ImpersonationCapabilities) { impersonation_capabilities.push_back( Sid::FromKnownCapability(kPrivateNetworkClientServer)); // No support for named capabilities prior to Win10. - if (base::win::GetVersion() >= base::win::VERSION_WIN10) { + if (base::win::GetVersion() >= base::win::Version::WIN10) { ASSERT_TRUE(profile->AddImpersonationCapability(L"FakeCapability")); impersonation_capabilities.push_back( Sid::FromNamedCapability(L"FakeCapability")); diff --git a/chromium/sandbox/win/src/broker_services.cc b/chromium/sandbox/win/src/broker_services.cc index 637ea4fa590..ae7d15de30e 100644 --- a/chromium/sandbox/win/src/broker_services.cc +++ b/chromium/sandbox/win/src/broker_services.cc @@ -306,7 +306,7 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, if (SBOX_ALL_OK != result) return result; if (lowbox_token.IsValid() && - base::win::GetVersion() < base::win::VERSION_WIN8) { + base::win::GetVersion() < base::win::Version::WIN8) { // We don't allow lowbox_token below Windows 8. return SBOX_ERROR_BAD_PARAMS; } @@ -348,7 +348,7 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, ++attribute_count; bool restrict_child_process_creation = false; - if (base::win::GetVersion() >= base::win::VERSION_WIN10_TH2 && + if (base::win::GetVersion() >= base::win::Version::WIN10_TH2 && policy_base->GetJobLevel() <= JOB_LIMITED_USER) { restrict_child_process_creation = true; ++attribute_count; @@ -375,12 +375,12 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, scoped_refptr<AppContainerProfileBase> profile = policy_base->GetAppContainerProfileBase(); if (profile) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return SBOX_ERROR_BAD_PARAMS; ++attribute_count; if (profile->GetEnableLowPrivilegeAppContainer()) { // LPAC first supported in RS1. - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return SBOX_ERROR_BAD_PARAMS; ++attribute_count; } diff --git a/chromium/sandbox/win/src/crosscall_server.cc b/chromium/sandbox/win/src/crosscall_server.cc index 45c1fc42980..38e94245e81 100644 --- a/chromium/sandbox/win/src/crosscall_server.cc +++ b/chromium/sandbox/win/src/crosscall_server.cc @@ -7,10 +7,10 @@ #include <stddef.h> #include <stdint.h> +#include <atomic> #include <string> #include <vector> -#include "base/atomicops.h" #include "base/logging.h" #include "base/strings/utf_string_conversions.h" #include "sandbox/win/src/crosscall_client.h" @@ -161,7 +161,7 @@ CrossCallParamsEx* CrossCallParamsEx::CreateFromBuffer(void* buffer_base, // Avoid compiler optimizations across this point. Any value stored in // memory should be stored for real, and values previously read from memory // should be actually read. - base::subtle::MemoryBarrier(); + std::atomic_thread_fence(std::memory_order_seq_cst); min_declared_size = sizeof(CrossCallParams) + ((param_count + 1) * sizeof(ParamInfo)); diff --git a/chromium/sandbox/win/src/file_policy_test.cc b/chromium/sandbox/win/src/file_policy_test.cc index 74ba62f8165..c3b006d10bc 100644 --- a/chromium/sandbox/win/src/file_policy_test.cc +++ b/chromium/sandbox/win/src/file_policy_test.cc @@ -399,12 +399,12 @@ TEST(FilePolicyTest, AllowNtCreatePatternRule) { EXPECT_TRUE(runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_ANY, L"App*.dll")); EXPECT_EQ(SBOX_TEST_SUCCEEDED, - runner.RunTest(L"File_OpenSys32 appmgmts.dll")); + runner.RunTest(L"File_OpenSys32 apphelp.dll")); EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"File_OpenSys32 appwiz.cpl")); runner.SetTestState(BEFORE_REVERT); EXPECT_EQ(SBOX_TEST_SUCCEEDED, - runner.RunTest(L"File_OpenSys32 appmgmts.dll")); + runner.RunTest(L"File_OpenSys32 apphelp.dll")); EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"File_OpenSys32 appwiz.cpl")); } @@ -424,7 +424,7 @@ TEST(FilePolicyTest, CheckNoLeak) { TEST(FilePolicyTest, TestQueryAttributesFile) { TestRunner runner; EXPECT_TRUE( - runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_ANY, L"appmgmts.dll")); + runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_ANY, L"apphelp.dll")); EXPECT_TRUE( runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_ANY, L"notfound.exe")); EXPECT_TRUE(runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_ANY, L"drivers")); @@ -435,7 +435,7 @@ TEST(FilePolicyTest, TestQueryAttributesFile) { runner.RunTest(L"File_QueryAttributes drivers d")); EXPECT_EQ(SBOX_TEST_SUCCEEDED, - runner.RunTest(L"File_QueryAttributes appmgmts.dll f")); + runner.RunTest(L"File_QueryAttributes apphelp.dll f")); EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"File_QueryAttributes ipconfig.exe f")); @@ -682,7 +682,7 @@ TEST(FilePolicyTest, CheckMissingNTPrefixEscape) { TEST(FilePolicyTest, TestCopyFile) { // Check if the test is running Win8 or newer since // MITIGATION_STRICT_HANDLE_CHECKS is not supported on older systems. - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; TestRunner runner; diff --git a/chromium/sandbox/win/src/handle_closer_agent.cc b/chromium/sandbox/win/src/handle_closer_agent.cc index 5a91155c063..65410b19815 100644 --- a/chromium/sandbox/win/src/handle_closer_agent.cc +++ b/chromium/sandbox/win/src/handle_closer_agent.cc @@ -66,24 +66,61 @@ bool HandleCloserAgent::AttemptToStuffHandleSlot(HANDLE closed_handle, DCHECK(dummy_handle_.Get() != closed_handle); std::vector<HANDLE> to_close; - HANDLE dup_dummy = nullptr; - size_t count = 16; + + const DWORD original_proc_num = GetCurrentProcessorNumber(); + DWORD proc_num = original_proc_num; + DWORD_PTR original_affinity_mask = + SetThreadAffinityMask(GetCurrentThread(), DWORD_PTR{1} << proc_num); + bool found_handle = false; + BOOL result = FALSE; + + // There is per-processor based free list of handles entries. The free handle + // from current processor's freelist is preferred for reusing, so cycling + // through all possible processors to find closed_handle. + // Start searching from current processor which covers usual cases. do { - if (!::DuplicateHandle(::GetCurrentProcess(), dummy_handle_.Get(), - ::GetCurrentProcess(), &dup_dummy, 0, false, 0)) + DWORD_PTR current_mask = DWORD_PTR{1} << proc_num; + + if (original_affinity_mask & current_mask) { + if (proc_num != original_proc_num) { + SetThreadAffinityMask(GetCurrentThread(), current_mask); + } + + HANDLE dup_dummy = nullptr; + size_t count = 16; + + do { + result = + ::DuplicateHandle(::GetCurrentProcess(), dummy_handle_.Get(), + ::GetCurrentProcess(), &dup_dummy, 0, false, 0); + if (!result) { + break; + } + if (dup_dummy != closed_handle) { + to_close.push_back(dup_dummy); + } else { + found_handle = true; + } + } while (count-- && reinterpret_cast<uintptr_t>(dup_dummy) < + reinterpret_cast<uintptr_t>(closed_handle)); + } + + proc_num++; + if (proc_num == sizeof(DWORD_PTR) * 8) { + proc_num = 0; + } + if (proc_num == original_proc_num) { break; - if (dup_dummy != closed_handle) - to_close.push_back(dup_dummy); - } while (count-- && reinterpret_cast<uintptr_t>(dup_dummy) < - reinterpret_cast<uintptr_t>(closed_handle)); + } + } while (result && !found_handle); + + SetThreadAffinityMask(GetCurrentThread(), original_affinity_mask); for (HANDLE h : to_close) ::CloseHandle(h); - // TODO(wfh): Investigate why stuffing handles sometimes fails. - // http://crbug.com/649904 - return dup_dummy == closed_handle; + return found_handle; } // Reads g_handles_to_close and creates the lookup map. diff --git a/chromium/sandbox/win/src/heap_helper.cc b/chromium/sandbox/win/src/heap_helper.cc index 17f9cb8bd4d..b0f4498feaa 100644 --- a/chromium/sandbox/win/src/heap_helper.cc +++ b/chromium/sandbox/win/src/heap_helper.cc @@ -92,7 +92,7 @@ bool HeapFlags(HANDLE handle, DWORD* flags) { } HANDLE FindCsrPortHeap() { - if (base::win::GetVersion() < base::win::VERSION_WIN10) { + if (base::win::GetVersion() < base::win::Version::WIN10) { // This functionality has not been verified on versions before Win10. return nullptr; } diff --git a/chromium/sandbox/win/src/interception.cc b/chromium/sandbox/win/src/interception.cc index 47a8a65dc7d..d66ceb2e791 100644 --- a/chromium/sandbox/win/src/interception.cc +++ b/chromium/sandbox/win/src/interception.cc @@ -482,13 +482,13 @@ ResultCode InterceptionManager::PatchClientFunctions( #else base::win::OSInfo* os_info = base::win::OSInfo::GetInstance(); if (os_info->wow64_status() == base::win::OSInfo::WOW64_ENABLED) { - if (os_info->version() >= base::win::VERSION_WIN10) + if (os_info->version() >= base::win::Version::WIN10) thunk.reset(new Wow64W10ResolverThunk(child_->Process(), relaxed_)); - else if (os_info->version() >= base::win::VERSION_WIN8) + else if (os_info->version() >= base::win::Version::WIN8) thunk.reset(new Wow64W8ResolverThunk(child_->Process(), relaxed_)); else thunk.reset(new Wow64ResolverThunk(child_->Process(), relaxed_)); - } else if (os_info->version() >= base::win::VERSION_WIN8) { + } else if (os_info->version() >= base::win::Version::WIN8) { thunk.reset(new Win8ResolverThunk(child_->Process(), relaxed_)); } else { thunk.reset(new ServiceResolverThunk(child_->Process(), relaxed_)); diff --git a/chromium/sandbox/win/src/lpc_policy_test.cc b/chromium/sandbox/win/src/lpc_policy_test.cc index 3b3269708c7..8d779bfbd43 100644 --- a/chromium/sandbox/win/src/lpc_policy_test.cc +++ b/chromium/sandbox/win/src/lpc_policy_test.cc @@ -27,7 +27,7 @@ namespace { bool CsrssDisconnectSupported() { // This functionality has not been verified on versions before Win10. - if (base::win::GetVersion() < base::win::VERSION_WIN10) + if (base::win::GetVersion() < base::win::Version::WIN10) return false; // Does not work on 32-bit on x64 (ie Wow64). diff --git a/chromium/sandbox/win/src/process_mitigations.cc b/chromium/sandbox/win/src/process_mitigations.cc index 0f38be1166f..08a9c894855 100644 --- a/chromium/sandbox/win/src/process_mitigations.cc +++ b/chromium/sandbox/win/src/process_mitigations.cc @@ -5,12 +5,15 @@ #include "sandbox/win/src/process_mitigations.h" #include <stddef.h> +#include <windows.h> +#include <wow64apiset.h> #include <algorithm> #include "base/files/file_path.h" #include "base/scoped_native_library.h" #include "base/win/windows_version.h" +#include "build/build_config.h" #include "sandbox/win/src/nt_internals.h" #include "sandbox/win/src/restricted_token_utils.h" #include "sandbox/win/src/sandbox_rand.h" @@ -31,7 +34,7 @@ using GetProcessMitigationPolicyFunction = using SetThreadInformationFunction = decltype(&SetThreadInformation); // Returns a two-element array of mitigation flags supported on this machine. -// - This function is only useful on >= base::win::VERSION_WIN8. +// - This function is only useful on >= base::win::Version::WIN8. const ULONG64* GetSupportedMitigations() { static ULONG64 mitigations[2] = {}; @@ -45,7 +48,7 @@ const ULONG64* GetSupportedMitigations() { // RS2. // If an earlier version, the second element will be left 0. size_t mits_size = - (base::win::GetVersion() >= base::win::VERSION_WIN10_RS2) + (base::win::GetVersion() >= base::win::Version::WIN10_RS2) ? (sizeof(mitigations[0]) * 2) : sizeof(mitigations[0]); if (!get_process_mitigation_policy(::GetCurrentProcess(), @@ -59,6 +62,33 @@ const ULONG64* GetSupportedMitigations() { return &mitigations[0]; } +// Returns true if this is 32-bit Chrome running on ARM64 with emulation. +// Needed because ACG does not work with emulated code. +// See +// https://docs.microsoft.com/en-us/windows/uwp/porting/apps-on-arm-troubleshooting-x86. +// See https://crbug.com/977723. +// TODO(wfh): Move this code into base. See https://crbug.com/978257. +bool IsRunning32bitEmulatedOnArm64() { +#if defined(ARCH_CPU_X86) + using IsWow64Process2Function = decltype(&IsWow64Process2); + + IsWow64Process2Function is_wow64_process2 = + reinterpret_cast<IsWow64Process2Function>(::GetProcAddress( + ::GetModuleHandleA("kernel32.dll"), "IsWow64Process2")); + if (!is_wow64_process2) + return false; + USHORT process_machine; + USHORT native_machine; + bool retval = is_wow64_process2(::GetCurrentProcess(), &process_machine, + &native_machine); + if (!retval) + return false; + if (native_machine == IMAGE_FILE_MACHINE_ARM64) + return true; +#endif // defined(ARCH_CPU_X86) + return false; +} + } // namespace namespace sandbox { @@ -129,7 +159,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { #endif // This is all we can do in Win7 and below. - if (version < base::win::VERSION_WIN8) + if (version < base::win::Version::WIN8) return true; SetProcessMitigationPolicyFunction set_process_mitigation_policy = @@ -190,17 +220,18 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { } } - if (version < base::win::VERSION_WIN8_1) + if (version < base::win::Version::WIN8_1) return true; // Enable dynamic code policies. - if (flags & MITIGATION_DYNAMIC_CODE_DISABLE || - flags & MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT) { + if (!IsRunning32bitEmulatedOnArm64() && + (flags & MITIGATION_DYNAMIC_CODE_DISABLE || + flags & MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT)) { PROCESS_MITIGATION_DYNAMIC_CODE_POLICY policy = {}; policy.ProhibitDynamicCode = true; // Per-thread opt-out is only supported on >= Anniversary. - if (version >= base::win::VERSION_WIN10_RS1 && + if (version >= base::win::Version::WIN10_RS1 && flags & MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT) { policy.AllowThreadOptOut = true; } @@ -212,7 +243,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { } } - if (version < base::win::VERSION_WIN10) + if (version < base::win::Version::WIN10) return true; // Enable font policies. @@ -227,7 +258,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { } } - if (version < base::win::VERSION_WIN10_TH2) + if (version < base::win::Version::WIN10_TH2) return true; // Enable binary signing policies. @@ -256,7 +287,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { if (flags & MITIGATION_IMAGE_LOAD_NO_LOW_LABEL) policy.NoLowMandatoryLabelImages = true; // PreferSystem32 is only supported on >= Anniversary. - if (version >= base::win::VERSION_WIN10_RS1 && + if (version >= base::win::Version::WIN10_RS1 && flags & MITIGATION_IMAGE_LOAD_PREFER_SYS32) { policy.PreferSystem32Images = true; } @@ -277,7 +308,7 @@ bool ApplyMitigationsToCurrentThread(MitigationFlags flags) { base::win::Version version = base::win::GetVersion(); - if (version < base::win::VERSION_WIN10_RS1) + if (version < base::win::Version::WIN10_RS1) return true; // Enable dynamic code per-thread policies. @@ -322,7 +353,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, *size = sizeof(*policy_flags); #elif defined(_M_IX86) // A 64-bit flags attribute is illegal on 32-bit Win 7. - if (version < base::win::VERSION_WIN8) + if (version < base::win::Version::WIN8) *size = sizeof(DWORD); else *size = sizeof(*policy_flags); @@ -344,7 +375,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, #endif // Win 7 - if (version < base::win::VERSION_WIN8) + if (version < base::win::Version::WIN8) return; // Everything >= Win8, do not return before the end of the function where @@ -353,7 +384,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win8: //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN8) { + if (version >= base::win::Version::WIN8) { if (flags & MITIGATION_RELOCATE_IMAGE) { *policy_value_1 |= PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON; @@ -396,7 +427,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win8.1: //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN8_1) { + if (version >= base::win::Version::WIN8_1) { if (flags & MITIGATION_DYNAMIC_CODE_DISABLE) { *policy_value_1 |= PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_ALWAYS_ON; @@ -405,7 +436,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win10: //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN10) { + if (version >= base::win::Version::WIN10) { if (flags & MITIGATION_NONSYSTEM_FONT_DISABLE) { *policy_value_1 |= PROCESS_CREATION_MITIGATION_POLICY_FONT_DISABLE_ALWAYS_ON; @@ -414,7 +445,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win10 TH2: //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN10_TH2) { + if (version >= base::win::Version::WIN10_TH2) { if (flags & MITIGATION_FORCE_MS_SIGNED_BINS) { *policy_value_1 |= PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON; @@ -433,7 +464,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win10 RS1 ("Anniversary"): //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN10_RS1) { + if (version >= base::win::Version::WIN10_RS1) { if (flags & MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT) { *policy_value_1 |= PROCESS_CREATION_MITIGATION_POLICY_PROHIBIT_DYNAMIC_CODE_ALWAYS_ON_ALLOW_OPT_OUT; @@ -447,7 +478,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Mitigations >= Win10 RS3 ("Fall Creator's"): //---------------------------------------------------------------------------- - if (version >= base::win::VERSION_WIN10_RS3) { + if (version >= base::win::Version::WIN10_RS3) { // Note: This mitigation requires not only Win10 1709, but also the January // 2018 security updates and any applicable firmware updates from the // OEM device manufacturer. @@ -471,7 +502,7 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags, // Only include the second element in |size| if it is non-zero. Else, // UpdateProcThreadAttribute() will return a failure when setting policies. - if (*policy_value_2 && version >= base::win::VERSION_WIN10_RS2) { + if (*policy_value_2 && version >= base::win::Version::WIN10_RS2) { *size = sizeof(*policy_flags) * 2; } @@ -482,7 +513,7 @@ MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) { base::win::Version version = base::win::GetVersion(); // Windows 7. - if (version < base::win::VERSION_WIN8) { + if (version < base::win::Version::WIN8) { return flags & (MITIGATION_BOTTOM_UP_ASLR | MITIGATION_DLL_SEARCH_ORDER | MITIGATION_HEAP_TERMINATE); } diff --git a/chromium/sandbox/win/src/process_mitigations_dyncode_unittest.cc b/chromium/sandbox/win/src/process_mitigations_dyncode_unittest.cc index d78e81109de..df1c24dd443 100644 --- a/chromium/sandbox/win/src/process_mitigations_dyncode_unittest.cc +++ b/chromium/sandbox/win/src/process_mitigations_dyncode_unittest.cc @@ -403,7 +403,7 @@ SBOX_TESTS_COMMAND int TestWin10DynamicCodeWithOptOut(int argc, // This test validates that setting the MITIGATION_DYNAMIC_CODE_DISABLE // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin81DynamicCodePolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8_1) + if (base::win::GetVersion() < base::win::Version::WIN8_1) return; // TODO(crbug.com/805414): Windows ASan hotpatching requires dynamic code. @@ -444,7 +444,7 @@ TEST(ProcessMitigationsTest, CheckWin81DynamicCodePolicySuccess) { // This test validates that we can meddle with dynamic code if the // MITIGATION_DYNAMIC_CODE_DISABLE mitigation is NOT set. TEST(ProcessMitigationsTest, CheckWin81DynamicCode_BaseCase) { - if (base::win::GetVersion() < base::win::VERSION_WIN8_1) + if (base::win::GetVersion() < base::win::Version::WIN8_1) return; HANDLE mutex = @@ -463,7 +463,7 @@ TEST(ProcessMitigationsTest, CheckWin81DynamicCode_BaseCase) { // This test validates that setting the MITIGATION_DYNAMIC_CODE_DISABLE // mitigation prevents meddling with dynamic code. TEST(ProcessMitigationsTest, CheckWin81DynamicCode_TestMitigation) { - if (base::win::GetVersion() < base::win::VERSION_WIN8_1) + if (base::win::GetVersion() < base::win::Version::WIN8_1) return; HANDLE mutex = @@ -489,7 +489,7 @@ TEST(ProcessMitigationsTest, CheckWin81DynamicCode_TestMitigation) { // MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT mitigation enables the setting // on a process. TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOutPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; // TODO(crbug.com/805414): Windows ASan hotpatching requires dynamic code. @@ -531,7 +531,7 @@ TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOutPolicySuccess) { // This test validates that we CAN meddle with dynamic code if the // MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT mitigation is NOT set. TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOut_BaseCase) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = @@ -552,7 +552,7 @@ TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOut_BaseCase) { // MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT mitigation BLOCKS meddling // with dynamic code. TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOut_TestMitigation) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = @@ -574,7 +574,7 @@ TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOut_TestMitigation) { // thread-specific opt-out ALLOWS meddling with dynamic code. TEST(ProcessMitigationsTest, CheckWin10DynamicCodeOptOut_TestMitigationWithOptOut) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = diff --git a/chromium/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc b/chromium/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc index 5aecd9d9257..3c4234fd4ac 100644 --- a/chromium/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc +++ b/chromium/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc @@ -364,7 +364,7 @@ namespace sandbox { // This test validates that setting the MITIGATION_EXTENSION_POINT_DISABLE // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin8ExtensionPointPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_command = L"CheckPolicy "; @@ -399,7 +399,7 @@ TEST(ProcessMitigationsTest, CheckWin8ExtensionPointPolicySuccess) { // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_GlobalHook_Success) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); @@ -420,7 +420,7 @@ TEST(ProcessMitigationsTest, // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_GlobalHook_Failure) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); @@ -440,7 +440,7 @@ TEST(ProcessMitigationsTest, // // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_Hook_Success) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); @@ -463,7 +463,7 @@ TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_Hook_Success) { // // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_Hook_Failure) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); @@ -484,7 +484,7 @@ TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_Hook_Failure) { // MANUAL testing only. // Must run this test as admin/elevated. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_AppInit_Success) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); @@ -504,7 +504,7 @@ TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_AppInit_Success) { // MANUAL testing only. // Must run this test as admin/elevated. TEST(ProcessMitigationsTest, DISABLED_CheckWin8ExtensionPoint_AppInit_Failure) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_extension_point_test_mutex); diff --git a/chromium/sandbox/win/src/process_mitigations_imageload_unittest.cc b/chromium/sandbox/win/src/process_mitigations_imageload_unittest.cc index ba99dd821d4..f6af3d8a459 100644 --- a/chromium/sandbox/win/src/process_mitigations_imageload_unittest.cc +++ b/chromium/sandbox/win/src/process_mitigations_imageload_unittest.cc @@ -265,7 +265,7 @@ SBOX_TESTS_COMMAND int TestImageLoadHijack(int argc, wchar_t** argv) { // This test validates that setting the MITIGATION_IMAGE_LOAD_NO_REMOTE // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoRemotePolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; base::string16 test_command = L"CheckPolicy "; @@ -299,7 +299,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoRemotePolicySuccess) { // // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin10ImageLoadNoRemoteSuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; TestWin10ImageLoadRemote(true); @@ -311,7 +311,7 @@ TEST(ProcessMitigationsTest, DISABLED_CheckWin10ImageLoadNoRemoteSuccess) { // // MANUAL testing only. TEST(ProcessMitigationsTest, DISABLED_CheckWin10ImageLoadNoRemoteFailure) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; TestWin10ImageLoadRemote(false); @@ -326,7 +326,7 @@ TEST(ProcessMitigationsTest, DISABLED_CheckWin10ImageLoadNoRemoteFailure) { // This test validates that setting the MITIGATION_IMAGE_LOAD_NO_LOW_LABEL // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; base::string16 test_command = L"CheckPolicy "; @@ -358,7 +358,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelPolicySuccess) { // low mandatory label (IL), if the MITIGATION_IMAGE_LOAD_NO_LOW_LABEL // mitigation is NOT set. TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelSuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; TestWin10ImageLoadLowLabel(true); @@ -367,7 +367,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelSuccess) { // This test validates that setting the MITIGATION_IMAGE_LOAD_NO_LOW_LABEL // mitigation prevents creating a new process with low mandatory label (IL). TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelFailure) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; TestWin10ImageLoadLowLabel(false); @@ -381,7 +381,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadNoLowLabelFailure) { // This test validates that setting the MITIGATION_IMAGE_LOAD_PREFER_SYS32 // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32PolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; base::string16 test_command = L"CheckPolicy "; @@ -418,7 +418,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32PolicySuccess) { // // Must run this test as admin/elevated. TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32_Baseline) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_hijack_dlls_mutex); @@ -439,7 +439,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32_Baseline) { // // Must run this test as admin/elevated. TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32_Success) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_hijack_dlls_mutex); @@ -459,7 +459,7 @@ TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32_Success) { // // Must run this test as admin/elevated. TEST(ProcessMitigationsTest, CheckWin10ImageLoadPreferSys32_Failure) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS1) + if (base::win::GetVersion() < base::win::Version::WIN10_RS1) return; HANDLE mutex = ::CreateMutexW(nullptr, false, g_hijack_dlls_mutex); diff --git a/chromium/sandbox/win/src/process_mitigations_unittest.cc b/chromium/sandbox/win/src/process_mitigations_unittest.cc index 046f4a2ba95..a0cd2790f85 100644 --- a/chromium/sandbox/win/src/process_mitigations_unittest.cc +++ b/chromium/sandbox/win/src/process_mitigations_unittest.cc @@ -534,7 +534,7 @@ SBOX_TESTS_COMMAND int TestChildProcess(int argc, wchar_t** argv) { #if !defined(_WIN64) // DEP is always enabled on 64-bit. Only test on x86. TEST(ProcessMitigationsTest, CheckDepWin7) { - if (base::win::GetVersion() > base::win::VERSION_WIN7) + if (base::win::GetVersion() > base::win::Version::WIN7) return; TestRunner runner; @@ -559,7 +559,7 @@ TEST(ProcessMitigationsTest, CheckDepWin7) { // This test validates that setting the MITIGATION_DEP* // mitigations enables the setting on a process. TEST(ProcessMitigationsTest, CheckDepWin8PolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_command = L"CheckPolicy "; @@ -600,7 +600,7 @@ TEST(ProcessMitigationsTest, CheckDepWin8PolicySuccess) { //------------------------------------------------------------------------------ TEST(ProcessMitigationsTest, CheckWin8AslrPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_command = L"CheckPolicy "; @@ -628,7 +628,7 @@ TEST(ProcessMitigationsTest, CheckWin8AslrPolicySuccess) { //------------------------------------------------------------------------------ TEST(ProcessMitigationsTest, CheckWin8StrictHandlePolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_command = L"CheckPolicy "; @@ -655,7 +655,7 @@ TEST(ProcessMitigationsTest, CheckWin8StrictHandlePolicySuccess) { // This test validates that setting the MITIGATION_NON_SYSTEM_FONTS_DISABLE // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10) + if (base::win::GetVersion() < base::win::Version::WIN10) return; base::string16 test_command = L"CheckPolicy "; @@ -686,7 +686,7 @@ TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownPolicySuccess) { // This test validates that we can load a non-system font if the // MITIGATION_NON_SYSTEM_FONTS_DISABLE mitigation is NOT set. TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownLoadSuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10) + if (base::win::GetVersion() < base::win::Version::WIN10) return; TestWin10NonSystemFont(true); @@ -695,7 +695,7 @@ TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownLoadSuccess) { // This test validates that setting the MITIGATION_NON_SYSTEM_FONTS_DISABLE // mitigation prevents the loading of a non-system font. TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownLoadFailure) { - if (base::win::GetVersion() < base::win::VERSION_WIN10) + if (base::win::GetVersion() < base::win::Version::WIN10) return; TestWin10NonSystemFont(false); @@ -712,7 +712,7 @@ TEST(ProcessMitigationsTest, CheckWin10NonSystemFontLockDownLoadFailure) { // This test validates that setting the MITIGATION_FORCE_MS_SIGNED_BINS // mitigation enables the setting on a process. TEST(ProcessMitigationsTest, CheckWin10MsSignedPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; base::string16 test_command = L"CheckPolicy "; @@ -739,7 +739,7 @@ TEST(ProcessMitigationsTest, CheckWin10MsSignedPolicySuccess) { // This test validates that we can load an unsigned DLL if the // MITIGATION_FORCE_MS_SIGNED_BINS mitigation is NOT set. TEST(ProcessMitigationsTest, CheckWin10MsSigned_Success) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; HANDLE mutex = @@ -758,7 +758,7 @@ TEST(ProcessMitigationsTest, CheckWin10MsSigned_Success) { // This test validates that setting the MITIGATION_FORCE_MS_SIGNED_BINS // mitigation prevents the loading of an unsigned DLL. TEST(ProcessMitigationsTest, CheckWin10MsSigned_Failure) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; HANDLE mutex = @@ -778,7 +778,7 @@ TEST(ProcessMitigationsTest, CheckWin10MsSigned_Failure) { // MITIGATION_FORCE_MS_SIGNED_BINS mitigation is NOT set. Very basic // sanity test. TEST(ProcessMitigationsTest, CheckWin10MsSigned_MsBaseline) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; HANDLE mutex = @@ -797,7 +797,7 @@ TEST(ProcessMitigationsTest, CheckWin10MsSigned_MsBaseline) { // This test validates that setting the MITIGATION_FORCE_MS_SIGNED_BINS // mitigation still allows the load of an MS-signed DLL. TEST(ProcessMitigationsTest, CheckWin10MsSigned_MsSuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return; HANDLE mutex = @@ -907,7 +907,7 @@ TEST(ProcessMitigationsTest, CheckChildProcessAbnormalExit) { // on a process. TEST(ProcessMitigationsTest, CheckWin10RestrictIndirectBranchPredictionPolicySuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN10_RS3) + if (base::win::GetVersion() < base::win::Version::WIN10_RS3) return; base::string16 test_command = L"CheckPolicy "; diff --git a/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc b/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc index 0f212fc53bc..d37f54571fe 100644 --- a/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc +++ b/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc @@ -197,7 +197,7 @@ bool ProcessMitigationsWin32KDispatcher::SetupService( GETCERTIFICATE_ID, 20)) { return false; } - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return true; if (!INTERCEPT_EAT(manager, L"gdi32.dll", GetCertificateByHandle, GETCERTIFICATEBYHANDLE_ID, 20)) { @@ -210,7 +210,7 @@ bool ProcessMitigationsWin32KDispatcher::SetupService( GETCERTIFICATESIZE_ID, 16)) { return false; } - if (base::win::GetVersion() < base::win::VERSION_WIN10_TH2) + if (base::win::GetVersion() < base::win::Version::WIN10_TH2) return true; if (!INTERCEPT_EAT(manager, L"gdi32.dll", GetCertificateSizeByHandle, GETCERTIFICATESIZEBYHANDLE_ID, 16)) { diff --git a/chromium/sandbox/win/src/process_mitigations_win32k_unittest.cc b/chromium/sandbox/win/src/process_mitigations_win32k_unittest.cc index 8a865305094..3cb8daf5bcb 100644 --- a/chromium/sandbox/win/src/process_mitigations_win32k_unittest.cc +++ b/chromium/sandbox/win/src/process_mitigations_win32k_unittest.cc @@ -618,7 +618,7 @@ SBOX_TESTS_COMMAND int CheckWin8OPMApis(int argc, wchar_t** argv) { // the target process causes the launch to fail in process initialization. // The test process itself links against user32/gdi32. TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownFailure) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_policy_command = L"CheckPolicy "; @@ -638,7 +638,7 @@ TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownFailure) { // The test process itself links against user32/gdi32. TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownSuccess) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_policy_command = L"CheckPolicy "; @@ -665,7 +665,7 @@ TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownSuccess) { // we can use the IPC redirection to enumerate the list of monitors. // Flaky. https://crbug.com/840335 TEST(ProcessMitigationsWin32kTest, CheckWin8Redirection) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::string16 test_policy_command = L"CheckPolicy "; diff --git a/chromium/sandbox/win/src/restricted_token_unittest.cc b/chromium/sandbox/win/src/restricted_token_unittest.cc index 6fa8cbd2bae..d8798e9e0a4 100644 --- a/chromium/sandbox/win/src/restricted_token_unittest.cc +++ b/chromium/sandbox/win/src/restricted_token_unittest.cc @@ -745,7 +745,7 @@ TEST(RestrictedTokenTest, LockdownDefaultDaclNoLogonSid) { } TEST(RestrictedTokenTest, LowBoxToken) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; base::win::ScopedHandle token; diff --git a/chromium/sandbox/win/src/restricted_token_utils.cc b/chromium/sandbox/win/src/restricted_token_utils.cc index c4fdb69a4ac..4717b4ed3d0 100644 --- a/chromium/sandbox/win/src/restricted_token_utils.cc +++ b/chromium/sandbox/win/src/restricted_token_utils.cc @@ -326,7 +326,7 @@ DWORD CreateLowBoxToken(HANDLE base_token, NtCreateLowBoxToken CreateLowBoxToken = nullptr; ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBoxToken); - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return ERROR_CALL_NOT_IMPLEMENTED; if (token_type != PRIMARY && token_type != IMPERSONATION) diff --git a/chromium/sandbox/win/src/sandbox_policy_base.cc b/chromium/sandbox/win/src/sandbox_policy_base.cc index aac2fb33e10..3287ac4d193 100644 --- a/chromium/sandbox/win/src/sandbox_policy_base.cc +++ b/chromium/sandbox/win/src/sandbox_policy_base.cc @@ -13,6 +13,7 @@ #include "base/macros.h" #include "base/stl_util.h" #include "base/strings/stringprintf.h" +#include "base/win/win_util.h" #include "base/win/windows_version.h" #include "sandbox/win/src/filesystem_policy.h" #include "sandbox/win/src/interception.h" @@ -215,7 +216,7 @@ ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) { // Verify that everything is fine. if (!alternate_winstation_handle_ || - GetWindowObjectName(alternate_winstation_handle_).empty()) + base::win::GetWindowObjectName(alternate_winstation_handle_).empty()) return SBOX_ERROR_CANNOT_CREATE_DESKTOP; // Create the destkop. @@ -226,7 +227,7 @@ ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) { // Verify that everything is fine. if (!alternate_desktop_handle_ || - GetWindowObjectName(alternate_desktop_handle_).empty()) { + base::win::GetWindowObjectName(alternate_desktop_handle_).empty()) { return SBOX_ERROR_CANNOT_CREATE_DESKTOP; } } else { @@ -242,7 +243,8 @@ ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) { // Verify that everything is fine. if (!alternate_desktop_local_winstation_handle_ || - GetWindowObjectName(alternate_desktop_local_winstation_handle_) + base::win::GetWindowObjectName( + alternate_desktop_local_winstation_handle_) .empty()) { return SBOX_ERROR_CANNOT_CREATE_DESKTOP; } @@ -288,7 +290,7 @@ ResultCode PolicyBase::SetDelayedIntegrityLevel( } ResultCode PolicyBase::SetLowBox(const wchar_t* sid) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return SBOX_ERROR_UNSUPPORTED; DCHECK(sid); @@ -554,7 +556,7 @@ ResultCode PolicyBase::SetDisconnectCsrss() { // CreateThread EAT patch used when this is enabled. // See https://crbug.com/783296#c27. #if defined(_WIN64) && !defined(ADDRESS_SANITIZER) - if (base::win::GetVersion() >= base::win::VERSION_WIN10) { + if (base::win::GetVersion() >= base::win::Version::WIN10) { is_csrss_connected_ = false; return AddKernelObjectToClose(L"ALPC Port", nullptr); } @@ -606,7 +608,7 @@ bool PolicyBase::GetEnableOPMRedirection() { ResultCode PolicyBase::AddAppContainerProfile(const wchar_t* package_name, bool create_profile) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return SBOX_ERROR_UNSUPPORTED; DCHECK(package_name); diff --git a/chromium/sandbox/win/src/service_resolver_unittest.cc b/chromium/sandbox/win/src/service_resolver_unittest.cc index 68d9bbdccb1..63ea26dcbf3 100644 --- a/chromium/sandbox/win/src/service_resolver_unittest.cc +++ b/chromium/sandbox/win/src/service_resolver_unittest.cc @@ -153,14 +153,14 @@ std::unique_ptr<ResolverThunkTest> GetTestResolver(bool relaxed) { #else base::win::OSInfo* os_info = base::win::OSInfo::GetInstance(); if (os_info->wow64_status() == base::win::OSInfo::WOW64_ENABLED) { - if (os_info->version() >= base::win::VERSION_WIN10) + if (os_info->version() >= base::win::Version::WIN10) return std::make_unique<Wow64W10ResolverTest>(relaxed); - if (os_info->version() >= base::win::VERSION_WIN8) + if (os_info->version() >= base::win::Version::WIN8) return std::make_unique<Wow64W8ResolverTest>(relaxed); return std::make_unique<Wow64ResolverTest>(relaxed); } - if (os_info->version() >= base::win::VERSION_WIN8) + if (os_info->version() >= base::win::Version::WIN8) return std::make_unique<Win8ResolverTest>(relaxed); return std::make_unique<WinXpResolverTest>(relaxed); diff --git a/chromium/sandbox/win/src/sid_unittest.cc b/chromium/sandbox/win/src/sid_unittest.cc index 35c1314139b..3bfa8f3738d 100644 --- a/chromium/sandbox/win/src/sid_unittest.cc +++ b/chromium/sandbox/win/src/sid_unittest.cc @@ -98,7 +98,7 @@ TEST(SidTest, GetPSID) { } TEST(SidTest, KnownCapability) { - if (base::win::GetVersion() < base::win::VERSION_WIN8) + if (base::win::GetVersion() < base::win::Version::WIN8) return; Sid sid_invalid_well_known = @@ -128,7 +128,7 @@ TEST(SidTest, KnownCapability) { } TEST(SidTest, NamedCapability) { - if (base::win::GetVersion() < base::win::VERSION_WIN10) + if (base::win::GetVersion() < base::win::Version::WIN10) return; Sid sid_nullptr = Sid::FromNamedCapability(nullptr); diff --git a/chromium/sandbox/win/src/target_process.cc b/chromium/sandbox/win/src/target_process.cc index 72b3e1bd382..0d999187b16 100644 --- a/chromium/sandbox/win/src/target_process.cc +++ b/chromium/sandbox/win/src/target_process.cc @@ -155,7 +155,7 @@ ResultCode TargetProcess::Create( if (startup_info.has_extended_startup_info()) flags |= EXTENDED_STARTUPINFO_PRESENT; - if (job_ && base::win::GetVersion() < base::win::VERSION_WIN8) { + if (job_ && base::win::GetVersion() < base::win::Version::WIN8) { // Windows 8 implements nested jobs, but for older systems we need to // break out of any job we're in to enforce our restrictions. flags |= CREATE_BREAKAWAY_FROM_JOB; diff --git a/chromium/sandbox/win/src/window.cc b/chromium/sandbox/win/src/window.cc index 87fbe133957..7b387f1a387 100644 --- a/chromium/sandbox/win/src/window.cc +++ b/chromium/sandbox/win/src/window.cc @@ -9,6 +9,7 @@ #include <memory> #include "base/logging.h" +#include "base/win/win_util.h" #include "sandbox/win/src/acl.h" #include "sandbox/win/src/sid.h" @@ -127,29 +128,6 @@ ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { return SBOX_ERROR_CANNOT_CREATE_DESKTOP; } -base::string16 GetWindowObjectName(HANDLE handle) { - // Get the size of the name. - DWORD size = 0; - ::GetUserObjectInformation(handle, UOI_NAME, nullptr, 0, &size); - - if (!size) { - NOTREACHED(); - return base::string16(); - } - - // Create the buffer that will hold the name. - std::unique_ptr<wchar_t[]> name_buffer(new wchar_t[size]); - - // Query the name of the object. - if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, - &size)) { - NOTREACHED(); - return base::string16(); - } - - return base::string16(name_buffer.get()); -} - base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop) { if (!desktop) { NOTREACHED(); @@ -158,11 +136,11 @@ base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop) { base::string16 name; if (winsta) { - name = GetWindowObjectName(winsta); + name = base::win::GetWindowObjectName(winsta); name += L'\\'; } - name += GetWindowObjectName(desktop); + name += base::win::GetWindowObjectName(desktop); return name; } diff --git a/chromium/sandbox/win/src/window.h b/chromium/sandbox/win/src/window.h index 32adf98e1f3..35c1197def1 100644 --- a/chromium/sandbox/win/src/window.h +++ b/chromium/sandbox/win/src/window.h @@ -27,9 +27,6 @@ ResultCode CreateAltWindowStation(HWINSTA* winsta); // the function will return SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION. ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop); -// Returns the name of a desktop or a window station. -base::string16 GetWindowObjectName(HANDLE handle); - // Returns the name of the desktop referenced by |desktop|. If a window // station is specified, the name is prepended with the window station name, // followed by a backslash. This name can be used as the lpDesktop parameter |