Bug 1514694: Treat DLLs under WinSxS with same trustworthiness as system32 r=aklotz

Adds a new flag for evaluating DLL trustworthiness: ModuleTrustFlags::WinSxSDirectory This flag indicates that the DLL was loaded from the WinSxS folder. This grants a trustworthiness equal to that of ModuleTrustFlags::SystemDirectory, in particular allowing some Microsoft DLLs, like comctl32.dll, to be considered trusted so they don't appear in the untrusted modules ping. Differential Revision: https://phabricator.services.mozilla.com/D15106 --HG-- extra : moz-landing-system : lando
2018-12-24 21:05:19 +00:00 · 2018-12-24 21:05:19 +00:00 · 26baade8b2
--- a/toolkit/components/telemetry/docs/data/untrusted-modules-ping.rst
+++ b/toolkit/components/telemetry/docs/data/untrusted-modules-ping.rst
@ -88,6 +88,7 @@ This is a bitfield indicating whether various attributes apply to the module.
 * ``16`` if the module has the same location and version information as the Firefox executable
 * ``32`` if the module is located in the system directory
 * ``64`` if the module is a known keyboard layout DLL
+* ``128`` if the module is located in the Windows Side-by-side directory

 payload.combinedStacks
 ----------------------
--- a/toolkit/xre/ModuleEvaluator_windows.cpp
+++ b/toolkit/xre/ModuleEvaluator_windows.cpp
@ -122,6 +122,14 @@ ModuleEvaluator::ModuleEvaluator() {
    sysDir->GetPath(mSysDirectory);
  }

+  nsCOMPtr<nsIFile> winSxSDir;
+  if (NS_SUCCEEDED(NS_GetSpecialDirectory(NS_WIN_WINDOWS_DIR,
+                                          getter_AddRefs(winSxSDir)))) {
+    if (NS_SUCCEEDED(winSxSDir->Append(NS_LITERAL_STRING("WinSxS")))) {
+      winSxSDir->GetPath(mWinSxSDirectory);
+    }
+  }
+
  nsCOMPtr<nsIFile> exeDir;
  if (NS_SUCCEEDED(
          NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(exeDir)))) {
@ -214,6 +222,16 @@ Maybe<bool> ModuleEvaluator::IsModuleTrusted(
    score += 50;
  }

+  // Is the DLL in the WinSxS directory? Some Microsoft DLLs (e.g. comctl32) are
+  // loaded from here and don't have digital signatures. So while this is not a
+  // guarantee of trustworthiness, but is at least as valid as system32.
+  if (!mWinSxSDirectory.IsEmpty() &&
+      StringBeginsWith(dllFullPath, mWinSxSDirectory,
+                       nsCaseInsensitiveStringComparator())) {
+    aDllInfo.mTrustFlags |= ModuleTrustFlags::WinSxSDirectory;
+    score += 50;
+  }
+
  // Is it a keyboard layout DLL?
  if (std::find(mKeyboardLayoutDlls.begin(), mKeyboardLayoutDlls.end(),
                dllLeafLower) != mKeyboardLayoutDlls.end()) {
--- a/toolkit/xre/ModuleEvaluator_windows.h
+++ b/toolkit/xre/ModuleEvaluator_windows.h
@ -28,7 +28,8 @@ enum class ModuleTrustFlags : uint32_t {
  FirefoxDirectoryAndVersion = 0x10,
  SystemDirectory = 0x20,
  KeyboardLayout = 0x40,
-  JitPI = 0x80
+  JitPI = 0x80,
+  WinSxSDirectory = 0x100,
 };

 MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS(ModuleTrustFlags);
@ -92,8 +93,9 @@ class ModuleLoadEvent {
 // This class performs trustworthiness evaluation for incoming DLLs.
 class ModuleEvaluator {
  Maybe<uint64_t> mExeVersion;  // Version number of the running EXE image
-  nsString mExeDirectory;       // Void flag set if unavailable
-  nsString mSysDirectory;       // Void flag set if unavailable
+  nsString mExeDirectory;
+  nsString mSysDirectory;
+  nsString mWinSxSDirectory;
  Vector<nsString, 0, InfallibleAllocPolicy> mKeyboardLayoutDlls;

 public: