1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "mozilla/WindowsProcessMitigations.h"
9 #include <processthreadsapi.h>
11 #include "mozilla/Assertions.h"
12 #include "mozilla/DynamicallyLinkedFunctionPtr.h"
14 static_assert(sizeof(PROCESS_MITIGATION_DYNAMIC_CODE_POLICY
) == 4);
18 static decltype(&::GetProcessMitigationPolicy
)
19 FetchGetProcessMitigationPolicyFunc() {
20 static const StaticDynamicallyLinkedFunctionPtr
<
21 decltype(&::GetProcessMitigationPolicy
)>
22 pGetProcessMitigationPolicy(L
"kernel32.dll",
23 "GetProcessMitigationPolicy");
24 return pGetProcessMitigationPolicy
;
27 static bool sWin32kLockedDownInPolicy
= false;
29 MFBT_API
bool IsWin32kLockedDown() {
30 static bool sWin32kLockedDown
= []() {
31 auto pGetProcessMitigationPolicy
= FetchGetProcessMitigationPolicyFunc();
33 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY polInfo
;
34 if (!pGetProcessMitigationPolicy
||
35 !pGetProcessMitigationPolicy(::GetCurrentProcess(),
36 ProcessSystemCallDisablePolicy
, &polInfo
,
38 // We failed to get pointer to GetProcessMitigationPolicy or the call
39 // to it failed, so just return what the sandbox policy says.
40 return sWin32kLockedDownInPolicy
;
43 return !!polInfo
.DisallowWin32kSystemCalls
;
46 return sWin32kLockedDown
;
49 MFBT_API
void SetWin32kLockedDownInPolicy() {
50 sWin32kLockedDownInPolicy
= true;
53 MFBT_API
bool IsDynamicCodeDisabled() {
54 auto pGetProcessMitigationPolicy
= FetchGetProcessMitigationPolicyFunc();
55 if (!pGetProcessMitigationPolicy
) {
59 PROCESS_MITIGATION_DYNAMIC_CODE_POLICY polInfo
;
60 if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
61 ProcessDynamicCodePolicy
, &polInfo
,
66 return polInfo
.ProhibitDynamicCode
;
69 MFBT_API
bool IsEafPlusEnabled() {
70 auto pGetProcessMitigationPolicy
= FetchGetProcessMitigationPolicyFunc();
71 if (!pGetProcessMitigationPolicy
) {
75 PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY polInfo
;
76 if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
77 ProcessPayloadRestrictionPolicy
, &polInfo
,
82 return polInfo
.EnableExportAddressFilterPlus
;
85 MFBT_API
bool IsUserShadowStackEnabled() {
86 auto pGetProcessMitigationPolicy
= FetchGetProcessMitigationPolicyFunc();
87 if (!pGetProcessMitigationPolicy
) {
91 PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY polInfo
;
92 if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
93 ProcessUserShadowStackPolicy
, &polInfo
,
98 return polInfo
.EnableUserShadowStack
;
101 } // namespace mozilla