[Windows sandbox] Remove local define no longer needed.

- Removed local define of PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_ALWAYS_ON from sandbox, now that chromium is on SDK 17134. - A few comments I've been meaning to add to chrome_elf. Bug: 808526 Test: sbox_integration_tests.exe Change-Id: Ic4e381241a2d40aaa8e901a74982c1843fc2bc88 Reviewed-on: https://chromium-review.googlesource.com/1120637Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Penny MacNeil <pennymac@chromium.org> Cr-Commit-Position: refs/heads/master@{#571680}

[Windows sandbox] Remove local define no longer needed.
- Removed local define of PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_ALWAYS_ON from sandbox, now that chromium is on SDK 17134. - A few comments I've been meaning to add to chrome_elf. Bug: 808526 Test: sbox_integration_tests.exe Change-Id: Ic4e381241a2d40aaa8e901a74982c1843fc2bc88 Reviewed-on: https://chromium-review.googlesource.com/1120637Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Penny MacNeil <pennymac@chromium.org> Cr-Commit-Position: refs/heads/master@{#571680}
49fee825 · Penny MacNeil · Commit Bot · 367d5b86 · 49fee825 · 49fee825
Commit 49fee825 authored Jun 29, 2018 by Penny MacNeil Committed by Commit Bot Jun 29, 2018
3 changed files
--- a/chrome_elf/chrome_elf_test_stubs.cc
+++ b/chrome_elf/chrome_elf_test_stubs.cc
@@ -40,6 +40,12 @@ bool GetUserDataDirectoryThunk(wchar_t* user_data_dir,

 void SetMetricsClientId(const char* client_id) {}

+//------------------------------------------------------------------------------
+// chrome_elf\third_party_dlls export test stubs.
+// - For use by \\chrome\browser\conflicts\* testing.
+// - Stubs should shadow third_party_dlls\logging_api.h and logs_unittest.cc.
+//------------------------------------------------------------------------------
+
 struct TestLogEntry {
  third_party_dlls::LogType log_type;
  uint8_t basename_hash[elf_sha1::kSHA1Length];

--- a/chrome_elf/elf_imports_unittest.cc
+++ b/chrome_elf/elf_imports_unittest.cc
@@ -155,6 +155,9 @@ TEST_F(ELFImportsTest, DISABLED_ChromeElfLoadSanityTestImpl) {
  ASSERT_TRUE(chrome_elf_module_handle != nullptr);
  // Loading chrome_elf.dll should not load user32.dll
  EXPECT_EQ(nullptr, ::GetModuleHandle(L"user32.dll"));
+  // Note: Do not unload the chrome_elf DLL in any test where the elf hook has
+  // been applied (browser process type only).  This results in the shim code
+  // disappearing, but ntdll hook remaining, followed in tests by fireworks.
  EXPECT_TRUE(!!::FreeLibrary(chrome_elf_module_handle));
 }


--- a/sandbox/win/src/process_mitigations.cc
+++ b/sandbox/win/src/process_mitigations.cc
@@ -30,12 +30,6 @@ using GetProcessMitigationPolicyFunction =
    decltype(&GetProcessMitigationPolicy);
 using SetThreadInformationFunction = decltype(&SetThreadInformation);

-// Defines that will eventually be in winbase.h.
-// TODO(pennymac): Remove these once the toolchain updates sufficiently.  Values
-// and formatting match 10.0.17133.0 SDK.
-#define PROCESS_CREATION_MITIGATION_POLICY2_RESTRICT_INDIRECT_BRANCH_PREDICTION_ALWAYS_ON \
-  (0x00000001ui64 << 16)
-
 // Returns a two-element array of mitigation flags supported on this machine.
 // - This function is only useful on >= base::win::VERSION_WIN8.
 const ULONG64* GetSupportedMitigations() {