chrome/browser/win/chrome_elf_init.cc - chromium/src.git - Git at Google

 // Copyright 2014 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/win/chrome_elf_init.h"

 #include <stddef.h>

 #include "base/functional/bind.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/chrome_elf/blocklist_constants.h"
 #include "chrome/chrome_elf/chrome_elf_constants.h"
 #include "chrome/chrome_elf/dll_hash/dll_hash.h"
 #include "chrome/chrome_elf/third_party_dlls/public_api.h"
 #include "chrome/common/chrome_version.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/install_static/install_util.h"
 #include "components/prefs/pref_service.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/common/content_features.h"
 #include "sandbox/policy/features.h"

 const char kBrowserBlocklistTrialName[] = "BrowserBlocklist";
 const char kBrowserBlocklistTrialDisabledGroupName[] = "NoBlocklist";

 namespace {

 // This enum is used to define the buckets for an enumerated UMA histogram.
 // Hence,
 //   (a) existing enumerated constants should never be deleted or reordered, and
 //   (b) new constants should only be appended in front of
 //       BLOCKLIST_SETUP_EVENT_MAX.
 enum BlocklistSetupEventType {
   // The blocklist beacon has placed to enable the browser blocklisting.
   BLOCKLIST_SETUP_ENABLED = 0,

   // The blocklist was successfully enabled.
   BLOCKLIST_SETUP_RAN_SUCCESSFULLY,

   // The blocklist setup code failed to execute.
   BLOCKLIST_SETUP_FAILED,

   // The blocklist thunk setup code failed. This is probably an indication
   // that something else patched that code first.
   BLOCKLIST_THUNK_SETUP_FAILED,

   // Deprecated. The blocklist interception code failed to execute.
   BLOCKLIST_INTERCEPTION_FAILED,

   // The blocklist was disabled for this run (after it failed too many times).
   BLOCKLIST_SETUP_DISABLED,

   // Always keep this at the end.
   BLOCKLIST_SETUP_EVENT_MAX,
 };

 void RecordBlocklistSetupEvent(BlocklistSetupEventType blocklist_setup_event) {
   base::UmaHistogramEnumeration("ChromeElf.Beacon.SetupStatus",
                                 blocklist_setup_event,
                                 BLOCKLIST_SETUP_EVENT_MAX);
 }

 std::wstring GetBeaconRegistryPath() {
   return install_static::GetRegistryPath().append(
       blocklist::kRegistryBeaconKeyName);
 }

 // This enum is used to define the buckets for an enumerated UMA histogram.
 // Hence,
 //   (a) existing enumerated constants should never be deleted or reordered, and
 //   (b) new constants should only be appended in front of EXTENSIONPOINT_MAX.
 enum ExtensionPointEnableState {
   // Extension point mitigation disabled due to presence of legacy IME.
   EXTENSIONPOINT_DISABLED_IME,

   // Extension point mitigation enabled.
   EXTENSIONPOINT_ENABLED,

   // Always keep this at the end.
   EXTENSIONPOINT_MAX,
 };

 void RecordExtensionPointsEnableState(ExtensionPointEnableState enable_state) {
   base::UmaHistogramEnumeration("ChromeElf.ExtensionPoint.EnableState",
                                 enable_state, EXTENSIONPOINT_MAX);
 }

 ExtensionPointEnableState GetExtensionPointsEnableState() {
   // Legacy IMEs can be detected as HKLs that have a file name.
   int list_size = GetKeyboardLayoutList(0, nullptr);
   if (list_size != 0) {
     std::vector<HKL> hkl_list(list_size);
     if (GetKeyboardLayoutList(list_size, hkl_list.data()) == list_size) {
       for (auto* hkl : hkl_list) {
         if (ImmGetIMEFileName(hkl, nullptr, 0) != 0)
           return EXTENSIONPOINT_DISABLED_IME;
       }
     }
   }
   return EXTENSIONPOINT_ENABLED;
 }

 bool IsBrowserLegacyExtensionPointsBlocked() {
   PrefService* local_state = g_browser_process->local_state();
   if (!local_state ||
       !local_state->HasPrefPath(prefs::kBlockBrowserLegacyExtensionPoints) ||
       !local_state->IsManagedPreference(
           prefs::kBlockBrowserLegacyExtensionPoints))
     return true;
   return local_state->GetBoolean(prefs::kBlockBrowserLegacyExtensionPoints);
 }

 }  // namespace

 void InitializeChromeElf() {
   if (base::FieldTrialList::FindFullName(kBrowserBlocklistTrialName) ==
       kBrowserBlocklistTrialDisabledGroupName) {
     // Disable the blocklist for all future runs by removing the beacon.
     base::win::RegKey blocklist_registry_key(HKEY_CURRENT_USER);
     blocklist_registry_key.DeleteKey(GetBeaconRegistryPath().c_str());
   } else {
     BrowserBlocklistBeaconSetup();
   }

   // Make sure the registry key we read earlier in startup
   // sandbox::MITIGATION_EXTENSION_POINT_DISABLE is set properly in reg.
   // Note: the very existence of this key signals elf to not enable
   // this mitigation on browser next start.
   const std::wstring reg_path(install_static::GetRegistryPath().append(
       elf_sec::kRegBrowserExtensionPointKeyName));
   base::win::RegKey browser_extension_point_registry_key(
       HKEY_CURRENT_USER, reg_path.c_str(), KEY_READ);

   ExtensionPointEnableState extension_point_enable_state =
       GetExtensionPointsEnableState();
   RecordExtensionPointsEnableState(extension_point_enable_state);
   bool enable_extension_point_policy =
       (extension_point_enable_state == EXTENSIONPOINT_ENABLED) &&
       base::FeatureList::IsEnabled(
           sandbox::policy::features::kWinSboxDisableExtensionPoints) &&
       IsBrowserLegacyExtensionPointsBlocked();

   if (enable_extension_point_policy) {
     if (!browser_extension_point_registry_key.Valid()) {
       (void)browser_extension_point_registry_key.Create(
           HKEY_CURRENT_USER, reg_path.c_str(), KEY_WRITE);
     }
   } else {
     if (browser_extension_point_registry_key.Valid()) {
       browser_extension_point_registry_key.DeleteKey(L"");
     }
   }
 }

 void BrowserBlocklistBeaconSetup() {
   base::win::RegKey blocklist_registry_key(HKEY_CURRENT_USER,
                                            GetBeaconRegistryPath().c_str(),
                                            KEY_QUERY_VALUE | KEY_SET_VALUE);

   // No point in trying to continue if the registry key isn't valid.
   if (!blocklist_registry_key.Valid())
     return;

   // Record the results of the last blocklist setup.
   DWORD blocklist_state = blocklist::BLOCKLIST_STATE_MAX;
   blocklist_registry_key.ReadValueDW(blocklist::kBeaconState, &blocklist_state);

   if (blocklist_state == blocklist::BLOCKLIST_ENABLED) {
     // The blocklist setup didn't crash, so we report if it was enabled or not.
     if (IsThirdPartyInitialized()) {
       RecordBlocklistSetupEvent(BLOCKLIST_SETUP_RAN_SUCCESSFULLY);
     } else {
       // The only way for the blocklist to be enabled, but not fully
       // initialized is if the thunk setup failed. See blocklist.cc
       // for more details.
       RecordBlocklistSetupEvent(BLOCKLIST_THUNK_SETUP_FAILED);
     }

     // Regardless of if the blocklist was fully enabled or not, report how many
     // times we had to try to set it up.
     DWORD attempt_count = 0;
     blocklist_registry_key.ReadValueDW(blocklist::kBeaconAttemptCount,
                                        &attempt_count);
     base::UmaHistogramCounts100("ChromeElf.Beacon.RetryAttemptsBeforeSuccess",
                                 attempt_count);
   } else if (blocklist_state == blocklist::BLOCKLIST_SETUP_FAILED) {
     // We can set the state to disabled without checking that the maximum number
     // of attempts was exceeded because blocklist.cc has already done this.
     RecordBlocklistSetupEvent(BLOCKLIST_SETUP_FAILED);
     blocklist_registry_key.WriteValue(blocklist::kBeaconState,
                                       blocklist::BLOCKLIST_DISABLED);
   } else if (blocklist_state == blocklist::BLOCKLIST_DISABLED) {
     RecordBlocklistSetupEvent(BLOCKLIST_SETUP_DISABLED);
   }

   // Find the last recorded blocklist version.
   std::wstring blocklist_version;
   blocklist_registry_key.ReadValue(blocklist::kBeaconVersion,
                                    &blocklist_version);

   if (blocklist_version != TEXT(CHROME_VERSION_STRING)) {
     // The blocklist hasn't been enabled for this version yet, so enable it
     // and reset the failure count to zero.
     LONG set_version = blocklist_registry_key.WriteValue(
         blocklist::kBeaconVersion,
         TEXT(CHROME_VERSION_STRING));

     LONG set_state = blocklist_registry_key.WriteValue(
         blocklist::kBeaconState,
         blocklist::BLOCKLIST_ENABLED);

     blocklist_registry_key.WriteValue(blocklist::kBeaconAttemptCount,
                                       static_cast<DWORD>(0));

     // Only report the blocklist as getting setup when both registry writes
     // succeed, since otherwise the blocklist wasn't properly setup.
     if (set_version == ERROR_SUCCESS && set_state == ERROR_SUCCESS)
       RecordBlocklistSetupEvent(BLOCKLIST_SETUP_ENABLED);
   }
 }
	// Copyright 2014 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/win/chrome_elf_init.h"

	#include <stddef.h>

	#include "base/functional/bind.h"
	#include "base/metrics/field_trial.h"
	#include "base/metrics/histogram_functions.h"
	#include "base/strings/utf_string_conversions.h"
	#include "base/win/registry.h"
	#include "chrome/browser/browser_process.h"
	#include "chrome/chrome_elf/blocklist_constants.h"
	#include "chrome/chrome_elf/chrome_elf_constants.h"
	#include "chrome/chrome_elf/dll_hash/dll_hash.h"
	#include "chrome/chrome_elf/third_party_dlls/public_api.h"
	#include "chrome/common/chrome_version.h"
	#include "chrome/common/pref_names.h"
	#include "chrome/install_static/install_util.h"
	#include "components/prefs/pref_service.h"
	#include "components/variations/variations_associated_data.h"
	#include "content/public/browser/browser_task_traits.h"
	#include "content/public/browser/browser_thread.h"
	#include "content/public/common/content_features.h"
	#include "sandbox/policy/features.h"

	const char kBrowserBlocklistTrialName[] = "BrowserBlocklist";
	const char kBrowserBlocklistTrialDisabledGroupName[] = "NoBlocklist";

	namespace {

	// This enum is used to define the buckets for an enumerated UMA histogram.
	// Hence,
	// (a) existing enumerated constants should never be deleted or reordered, and
	// (b) new constants should only be appended in front of
	// BLOCKLIST_SETUP_EVENT_MAX.
	enum BlocklistSetupEventType {
	// The blocklist beacon has placed to enable the browser blocklisting.
	BLOCKLIST_SETUP_ENABLED = 0,

	// The blocklist was successfully enabled.
	BLOCKLIST_SETUP_RAN_SUCCESSFULLY,

	// The blocklist setup code failed to execute.
	BLOCKLIST_SETUP_FAILED,

	// The blocklist thunk setup code failed. This is probably an indication
	// that something else patched that code first.
	BLOCKLIST_THUNK_SETUP_FAILED,

	// Deprecated. The blocklist interception code failed to execute.
	BLOCKLIST_INTERCEPTION_FAILED,

	// The blocklist was disabled for this run (after it failed too many times).
	BLOCKLIST_SETUP_DISABLED,

	// Always keep this at the end.
	BLOCKLIST_SETUP_EVENT_MAX,
	};

	void RecordBlocklistSetupEvent(BlocklistSetupEventType blocklist_setup_event) {
	base::UmaHistogramEnumeration("ChromeElf.Beacon.SetupStatus",
	blocklist_setup_event,
	BLOCKLIST_SETUP_EVENT_MAX);
	}

	std::wstring GetBeaconRegistryPath() {
	return install_static::GetRegistryPath().append(
	blocklist::kRegistryBeaconKeyName);
	}

	// This enum is used to define the buckets for an enumerated UMA histogram.
	// Hence,
	// (a) existing enumerated constants should never be deleted or reordered, and
	// (b) new constants should only be appended in front of EXTENSIONPOINT_MAX.
	enum ExtensionPointEnableState {
	// Extension point mitigation disabled due to presence of legacy IME.
	EXTENSIONPOINT_DISABLED_IME,

	// Extension point mitigation enabled.
	EXTENSIONPOINT_ENABLED,

	// Always keep this at the end.
	EXTENSIONPOINT_MAX,
	};

	void RecordExtensionPointsEnableState(ExtensionPointEnableState enable_state) {
	base::UmaHistogramEnumeration("ChromeElf.ExtensionPoint.EnableState",
	enable_state, EXTENSIONPOINT_MAX);
	}

	ExtensionPointEnableState GetExtensionPointsEnableState() {
	// Legacy IMEs can be detected as HKLs that have a file name.
	int list_size = GetKeyboardLayoutList(0, nullptr);
	if (list_size != 0) {
	std::vector<HKL> hkl_list(list_size);
	if (GetKeyboardLayoutList(list_size, hkl_list.data()) == list_size) {
	for (auto* hkl : hkl_list) {
	if (ImmGetIMEFileName(hkl, nullptr, 0) != 0)
	return EXTENSIONPOINT_DISABLED_IME;
	}
	}
	}
	return EXTENSIONPOINT_ENABLED;
	}

	bool IsBrowserLegacyExtensionPointsBlocked() {
	PrefService* local_state = g_browser_process->local_state();
	if (!local_state \|\|
	!local_state->HasPrefPath(prefs::kBlockBrowserLegacyExtensionPoints) \|\|
	!local_state->IsManagedPreference(
	prefs::kBlockBrowserLegacyExtensionPoints))
	return true;
	return local_state->GetBoolean(prefs::kBlockBrowserLegacyExtensionPoints);
	}

	} // namespace

	void InitializeChromeElf() {
	if (base::FieldTrialList::FindFullName(kBrowserBlocklistTrialName) ==
	kBrowserBlocklistTrialDisabledGroupName) {
	// Disable the blocklist for all future runs by removing the beacon.
	base::win::RegKey blocklist_registry_key(HKEY_CURRENT_USER);
	blocklist_registry_key.DeleteKey(GetBeaconRegistryPath().c_str());
	} else {
	BrowserBlocklistBeaconSetup();
	}

	// Make sure the registry key we read earlier in startup
	// sandbox::MITIGATION_EXTENSION_POINT_DISABLE is set properly in reg.
	// Note: the very existence of this key signals elf to not enable
	// this mitigation on browser next start.
	const std::wstring reg_path(install_static::GetRegistryPath().append(
	elf_sec::kRegBrowserExtensionPointKeyName));
	base::win::RegKey browser_extension_point_registry_key(
	HKEY_CURRENT_USER, reg_path.c_str(), KEY_READ);

	ExtensionPointEnableState extension_point_enable_state =
	GetExtensionPointsEnableState();
	RecordExtensionPointsEnableState(extension_point_enable_state);
	bool enable_extension_point_policy =
	(extension_point_enable_state == EXTENSIONPOINT_ENABLED) &&
	base::FeatureList::IsEnabled(
	sandbox::policy::features::kWinSboxDisableExtensionPoints) &&
	IsBrowserLegacyExtensionPointsBlocked();

	if (enable_extension_point_policy) {
	if (!browser_extension_point_registry_key.Valid()) {
	(void)browser_extension_point_registry_key.Create(
	HKEY_CURRENT_USER, reg_path.c_str(), KEY_WRITE);
	}
	} else {
	if (browser_extension_point_registry_key.Valid()) {
	browser_extension_point_registry_key.DeleteKey(L"");
	}
	}
	}

	void BrowserBlocklistBeaconSetup() {
	base::win::RegKey blocklist_registry_key(HKEY_CURRENT_USER,
	GetBeaconRegistryPath().c_str(),
	KEY_QUERY_VALUE \| KEY_SET_VALUE);

	// No point in trying to continue if the registry key isn't valid.
	if (!blocklist_registry_key.Valid())
	return;

	// Record the results of the last blocklist setup.
	DWORD blocklist_state = blocklist::BLOCKLIST_STATE_MAX;
	blocklist_registry_key.ReadValueDW(blocklist::kBeaconState, &blocklist_state);

	if (blocklist_state == blocklist::BLOCKLIST_ENABLED) {
	// The blocklist setup didn't crash, so we report if it was enabled or not.
	if (IsThirdPartyInitialized()) {
	RecordBlocklistSetupEvent(BLOCKLIST_SETUP_RAN_SUCCESSFULLY);
	} else {
	// The only way for the blocklist to be enabled, but not fully
	// initialized is if the thunk setup failed. See blocklist.cc
	// for more details.
	RecordBlocklistSetupEvent(BLOCKLIST_THUNK_SETUP_FAILED);
	}

	// Regardless of if the blocklist was fully enabled or not, report how many
	// times we had to try to set it up.
	DWORD attempt_count = 0;
	blocklist_registry_key.ReadValueDW(blocklist::kBeaconAttemptCount,
	&attempt_count);
	base::UmaHistogramCounts100("ChromeElf.Beacon.RetryAttemptsBeforeSuccess",
	attempt_count);
	} else if (blocklist_state == blocklist::BLOCKLIST_SETUP_FAILED) {
	// We can set the state to disabled without checking that the maximum number
	// of attempts was exceeded because blocklist.cc has already done this.
	RecordBlocklistSetupEvent(BLOCKLIST_SETUP_FAILED);
	blocklist_registry_key.WriteValue(blocklist::kBeaconState,
	blocklist::BLOCKLIST_DISABLED);
	} else if (blocklist_state == blocklist::BLOCKLIST_DISABLED) {
	RecordBlocklistSetupEvent(BLOCKLIST_SETUP_DISABLED);
	}

	// Find the last recorded blocklist version.
	std::wstring blocklist_version;
	blocklist_registry_key.ReadValue(blocklist::kBeaconVersion,
	&blocklist_version);

	if (blocklist_version != TEXT(CHROME_VERSION_STRING)) {
	// The blocklist hasn't been enabled for this version yet, so enable it
	// and reset the failure count to zero.
	LONG set_version = blocklist_registry_key.WriteValue(
	blocklist::kBeaconVersion,
	TEXT(CHROME_VERSION_STRING));

	LONG set_state = blocklist_registry_key.WriteValue(
	blocklist::kBeaconState,
	blocklist::BLOCKLIST_ENABLED);

	blocklist_registry_key.WriteValue(blocklist::kBeaconAttemptCount,
	static_cast<DWORD>(0));

	// Only report the blocklist as getting setup when both registry writes
	// succeed, since otherwise the blocklist wasn't properly setup.
	if (set_version == ERROR_SUCCESS && set_state == ERROR_SUCCESS)
	RecordBlocklistSetupEvent(BLOCKLIST_SETUP_ENABLED);
	}
	}