chrome_elf/chrome_elf_security.cc

// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome_elf/chrome_elf_security.h"

#include <assert.h>
#include <windows.h>
#include <versionhelpers.h>  // windows.h must be before

#include "chrome_elf/chrome_elf_constants.h"
#include "chrome_elf/nt_registry/nt_registry.h"

void EarlyBrowserSecurity() {
  typedef decltype(SetProcessMitigationPolicy)* SetProcessMitigationPolicyFunc;

  // This function is called from within DllMain.
  // Don't do anything naughty while we have the loader lock.
  NTSTATUS ret_val = STATUS_SUCCESS;
  HANDLE handle = INVALID_HANDLE_VALUE;

  // Check for kRegistrySecurityFinchPath.  If it exists,
  // we do NOT disable extension points.  (Emergency off flag.)
  if (nt::OpenRegKey(nt::HKCU, elf_sec::kRegSecurityFinchPath, KEY_QUERY_VALUE,
                     &handle, &ret_val)) {
    nt::CloseRegKey(handle);
    return;
  }
#ifdef _DEBUG
  // The only failure expected is for the path not existing.
  if (ret_val != STATUS_OBJECT_NAME_NOT_FOUND)
    assert(false);
#endif

  if (::IsWindows8OrGreater()) {
    SetProcessMitigationPolicyFunc set_process_mitigation_policy =
        reinterpret_cast<SetProcessMitigationPolicyFunc>(::GetProcAddress(
            ::GetModuleHandleW(L"kernel32.dll"), "SetProcessMitigationPolicy"));
    if (set_process_mitigation_policy) {
      // Disable extension points in this process.
      // (Legacy hooking.)
      PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {};
      policy.DisableExtensionPoints = true;
      set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, &policy,
                                    sizeof(policy));
    }
  }
  return;
}