c06d6fb1850d6217d35a5cccb1abccd6db0e7a2a - chromium/src

commit	c06d6fb1850d6217d35a5cccb1abccd6db0e7a2a	[log] [tgz]
author	pennymac <[email protected]>	Fri Jun 17 13:45:17 2016
committer	Commit bot <[email protected]>	Fri Jun 17 13:47:35 2016
tree	5f19d4b6e3947a3f8a65689faac6d37ef0eac566
parent	c87c4c1db691498c68b73794769ab5e4d0fc3417 [diff]

[Windows Sandbox] MITIGATION_EXTENSION_POINT_DISABLE support for children. This CL is part of a chain of CLs: -> THIS 2) "MITIGATION_EXTENSION_POINT_DISABLE emergency off finch" (https://codereview.chromium.org/1836523004/) 3) "New NT registry API" (https://codereview.chromium.org/1841573002) 4) "Early browser security support" (https://codereview.chromium.org/1656453002) 5) "Turn on MITIGATION_EXTENSION_POINT_DISABLE" (https://codereview.chromium.org/1854323002) Added support for this mitigation on child processes. Not turning on in this CL - will add in a tiny follow-up CL that is easy to revert if necessary. 6 out of 7 of the tests added to sbox_integration_tests (ProcessMitigationsTest.CheckWin8ExtensionPoint*) are DISABLED and should be run manually (will not auto run on bots). The following extension points are blocked by this policy: o AppInit DLLs o Winsock Layered Service Providers (LSPs) o Global Windows Hooks (not thread-targeted hooks) o Legacy Input Method Editors (IMEs) - note Chrome supports IMEs via extension (https://developer.chrome.com/extensions/input_ime). TEST=Manually run against Win8.1 x64, Win10 x64, Win10 x86. BUG=557798 CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win10_chromium_x64_rel_ng Review-Url: https://codereview.chromium.org/1835003003 Cr-Commit-Position: refs/heads/master@{#400422}