mozglue/misc/WindowsProcessMitigations.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #include "mozilla/WindowsProcessMitigations.h"
   8
   9 #include <processthreadsapi.h>
  10
  11 #include "mozilla/Assertions.h"
  12 #include "mozilla/DynamicallyLinkedFunctionPtr.h"
  13
  14 static_assert(sizeof(PROCESS_MITIGATION_DYNAMIC_CODE_POLICY) == 4);
  15
  16 namespace mozilla {
  17
  18 static decltype(&::GetProcessMitigationPolicy)
  19 FetchGetProcessMitigationPolicyFunc() {
  20   static const StaticDynamicallyLinkedFunctionPtr<
  21       decltype(&::GetProcessMitigationPolicy)>
  22       pGetProcessMitigationPolicy(L"kernel32.dll",
  23                                   "GetProcessMitigationPolicy");
  24   return pGetProcessMitigationPolicy;
  25 }
  26
  27 static bool sWin32kLockedDownInPolicy = false;
  28
  29 MFBT_API bool IsWin32kLockedDown() {
  30   static bool sWin32kLockedDown = []() {
  31     auto pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  32
  33     PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY polInfo;
  34     if (!pGetProcessMitigationPolicy ||
  35         !pGetProcessMitigationPolicy(::GetCurrentProcess(),
  36                                      ProcessSystemCallDisablePolicy, &polInfo,
  37                                      sizeof(polInfo))) {
  38       // We failed to get pointer to GetProcessMitigationPolicy or the call
  39       // to it failed, so just return what the sandbox policy says.
  40       return sWin32kLockedDownInPolicy;
  41     }
  42
  43     return !!polInfo.DisallowWin32kSystemCalls;
  44   }();
  45
  46   return sWin32kLockedDown;
  47 }
  48
  49 MFBT_API void SetWin32kLockedDownInPolicy() {
  50   sWin32kLockedDownInPolicy = true;
  51 }
  52
  53 MFBT_API bool IsDynamicCodeDisabled() {
  54   auto pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  55   if (!pGetProcessMitigationPolicy) {
  56     return false;
  57   }
  58
  59   PROCESS_MITIGATION_DYNAMIC_CODE_POLICY polInfo;
  60   if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
  61                                    ProcessDynamicCodePolicy, &polInfo,
  62                                    sizeof(polInfo))) {
  63     return false;
  64   }
  65
  66   return polInfo.ProhibitDynamicCode;
  67 }
  68
  69 MFBT_API bool IsEafPlusEnabled() {
  70   auto pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  71   if (!pGetProcessMitigationPolicy) {
  72     return false;
  73   }
  74
  75   PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY polInfo;
  76   if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
  77                                    ProcessPayloadRestrictionPolicy, &polInfo,
  78                                    sizeof(polInfo))) {
  79     return false;
  80   }
  81
  82   return polInfo.EnableExportAddressFilterPlus;
  83 }
  84
  85 MFBT_API bool IsUserShadowStackEnabled() {
  86   auto pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc();
  87   if (!pGetProcessMitigationPolicy) {
  88     return false;
  89   }
  90
  91   PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY polInfo;
  92   if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
  93                                    ProcessUserShadowStackPolicy, &polInfo,
  94                                    sizeof(polInfo))) {
  95     return false;
  96   }
  97
  98   return polInfo.EnableUserShadowStack;
  99 }
 100
 101 }  // namespace mozilla