Bug 1637984 - Part 1: Introduce a new blocklist flag BLOCK_WIN7_AND_OLDER. r=mhowell

This patch introduces a new flag `BLOCK_WIN7_AND_OLDER` with which the blocklist
blocks a module on Win7 or older.

Differential Revision: https://phabricator.services.mozilla.com/D78414

browser/app/winlauncher/freestanding/DllBlocklist.cpp

@@ -163,7 +163,8 @@ static BlockAction CheckBlockInfo(const DllBlockInfo* aInfo,
                                   uint64_t& aVersion) {
   aVersion = DllBlockInfo::ALL_VERSIONS;
 
-  if (aInfo->mFlags & DllBlockInfo::BLOCK_WIN8_AND_OLDER) {
+  if (aInfo->mFlags & (DllBlockInfo::BLOCK_WIN8_AND_OLDER |
+                       DllBlockInfo::BLOCK_WIN7_AND_OLDER)) {
     RTL_OSVERSIONINFOW osv = {sizeof(osv)};
     NTSTATUS ntStatus = ::RtlGetVersion(&osv);
     if (!NT_SUCCESS(ntStatus)) {
@@ -175,6 +176,12 @@ static BlockAction CheckBlockInfo(const DllBlockInfo* aInfo,
          (osv.dwMajorVersion == 6 && osv.dwMinorVersion > 2))) {
       return BlockAction::Allow;
     }
+
+    if ((aInfo->mFlags & DllBlockInfo::BLOCK_WIN7_AND_OLDER) &&
+        (osv.dwMajorVersion > 6 ||
+         (osv.dwMajorVersion == 6 && osv.dwMinorVersion > 1))) {
+      return BlockAction::Allow;
+    }
   }
 
   if ((aInfo->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) &&

mozglue/dllservices/WindowsDllBlocklist.cpp

@@ -468,6 +468,11 @@ static NTSTATUS NTAPI patched_LdrLoadDll(PWCHAR filePath, PULONG flags,
         goto continue_loading;
       }
 
+      if ((info->mFlags & DllBlockInfo::BLOCK_WIN7_AND_OLDER) &&
+          IsWin8OrLater()) {
+        goto continue_loading;
+      }
+
       if ((info->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) &&
           !(sInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
         goto continue_loading;

mozglue/dllservices/WindowsDllBlocklistCommon.h

@@ -36,11 +36,12 @@ struct DllBlockInfoT {
   // only when we are a child process.
   enum Flags {
     FLAGS_DEFAULT = 0,
-    BLOCK_WIN8_AND_OLDER = 1 << 0,
+    BLOCK_WIN7_AND_OLDER = 1 << 0,
-    USE_TIMESTAMP = 1 << 1,
+    BLOCK_WIN8_AND_OLDER = 1 << 1,
-    CHILD_PROCESSES_ONLY = 1 << 2,
+    USE_TIMESTAMP = 1 << 2,
-    BROWSER_PROCESS_ONLY = 1 << 3,
+    CHILD_PROCESSES_ONLY = 1 << 3,
-    REDIRECT_TO_NOOP_ENTRYPOINT = 1 << 4,
+    BROWSER_PROCESS_ONLY = 1 << 4,
+    REDIRECT_TO_NOOP_ENTRYPOINT = 1 << 5,
   } mFlags;
 
   bool IsVersionBlocked(const uint64_t aOther) const {

mozglue/dllservices/gen_dll_blocklist_defs.py

@@ -56,6 +56,7 @@ DLL_BLOCKLIST_DEFINITIONS_BEGIN_NAMED(gBlockedInprocDlls)
 # These flag names should match the ones defined in WindowsDllBlocklistCommon.h
 FLAGS_DEFAULT = 'FLAGS_DEFAULT'
 BLOCK_WIN8_AND_OLDER = 'BLOCK_WIN8_AND_OLDER'
+BLOCK_WIN7_AND_OLDER = 'BLOCK_WIN7_AND_OLDER'
 USE_TIMESTAMP = 'USE_TIMESTAMP'
 CHILD_PROCESSES_ONLY = 'CHILD_PROCESSES_ONLY'
 BROWSER_PROCESS_ONLY = 'BROWSER_PROCESS_ONLY'
@@ -65,6 +66,7 @@ REDIRECT_TO_NOOP_ENTRYPOINT = 'REDIRECT_TO_NOOP_ENTRYPOINT'
 # Only these flags are available in the input script
 INPUT_ONLY_FLAGS = {
     BLOCK_WIN8_AND_OLDER,
+    BLOCK_WIN7_AND_OLDER,
 }