1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/test/scoped_feature_list.h"
#include "base/values.h"
#include "base/win/windows_version.h"
#include "chrome/browser/browser_features.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/policy/chrome_browser_policy_connector.h"
#include "chrome/common/pref_names.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "components/policy/core/common/mock_configuration_policy_provider.h"
#include "components/policy/core/common/policy_map.h"
#include "components/policy/core/common/policy_types.h"
#include "components/policy/policy_constants.h"
#include "components/prefs/pref_service.h"
#include "content/public/test/browser_test.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace policy {
namespace {
struct TestCase {
std::string name;
std::optional<int> policy_value;
bool should_be_blocked;
};
// Placeholder func that must not be optimized out by the compiler.
void Func() {
volatile int a = 0;
std::ignore = a;
}
} // namespace
class BrowserDynamicCodeBlockedTest
: public InProcessBrowserTest,
public testing::WithParamInterface<TestCase> {
public:
BrowserDynamicCodeBlockedTest() {
// This tests the policy, the feature is disabled to match shipping
// configuration.
disabled_feature_.InitAndDisableFeature(
features::kBrowserDynamicCodeDisabled);
}
// InProcessBrowserTest implementation:
void SetUp() override {
policy_provider_.SetDefaultReturns(
/*is_initialization_complete_return=*/true,
/*is_first_policy_load_complete_return=*/true);
policy::PolicyMap values;
if (GetParam().policy_value.has_value()) {
values.Set(policy::key::kDynamicCodeSettings,
policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_MACHINE,
policy::POLICY_SOURCE_CLOUD,
base::Value(GetParam().policy_value.value()), nullptr);
}
policy_provider_.UpdateChromePolicy(values);
policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
&policy_provider_);
InProcessBrowserTest::SetUp();
}
private:
base::test::ScopedFeatureList disabled_feature_;
testing::NiceMock<policy::MockConfigurationPolicyProvider> policy_provider_;
};
IN_PROC_BROWSER_TEST_P(BrowserDynamicCodeBlockedTest, IsRespected) {
// This mitigation only does anything on Win10 RS1 and above.
if (base::win::GetVersion() < base::win::Version::WIN10_RS1) {
GTEST_SKIP();
}
DWORD old_protect;
// VirtualProtect will fail to mark memory RWX if dynamic code is blocked in
// the browser process.
ASSERT_EQ(GetParam().should_be_blocked,
!::VirtualProtect(reinterpret_cast<uintptr_t*>(&Func),
/*dwSize=*/sizeof(uintptr_t),
PAGE_EXECUTE_READWRITE, &old_protect));
}
INSTANTIATE_TEST_SUITE_P(
/*no prefix*/,
BrowserDynamicCodeBlockedTest,
testing::ValuesIn<TestCase>({{.name = "Default",
.policy_value = /*Default=*/0,
.should_be_blocked = false},
{.name = "EnabledForBrowser",
.policy_value = /*EnabledForBrowser=*/1,
.should_be_blocked = true},
{.name = "NotSet",
.policy_value = std::nullopt,
.should_be_blocked = false}}),
[](const auto& info) { return info.param.name; });
} // namespace policy
|
