From 18ee90292f5f1d64131df960f093f8c83ba1ad85 Mon Sep 17 00:00:00 2001 From: Derek Bruening <bruening@google.com> Date: Fri, 31 Dec 2021 13:20:29 -0500 Subject: [PATCH] i#4366: Rename filter lists Renames filter lists: + s/blacklist/blocklist/ + s/whitelist/allowlist/ This renames a public-facing drcpusim option: + s/-blacklist/-blocklist/ The legacy option is still supported using a droption alias. Adds a test of both option names. This also renames some non-publicized DR options: + s/whitelist_company_names_default/allowlist_company_names_default/ + s/whitelist_company_names/allowlist_company_names/ It also renames DR variables like DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST_ID. We do not bother to provide aliases to support the old names for these options and variables as they are not documented or commonly used anymore and maybe should be removed in some future cleanup. Issue #4366 --- api/docs/release.dox | 2 + api/docs/rseq.dox | 4 +- clients/drcpusim/drcpusim.cpp | 14 ++-- clients/drcpusim/options.cpp | 13 +-- clients/drcpusim/options.h | 4 +- clients/drcpusim/tests/block.expect | 0 core/lib/dr_config.h | 4 +- core/lib/globals_shared.h | 46 +++++------ core/moduledb.c | 80 +++++++++---------- core/moduledb.h | 27 ++++--- core/nudge.c | 4 +- core/optionsx.h | 10 +-- core/unix/os.c | 4 +- core/unix/preload.c | 6 +- core/win32/aslr.h | 4 +- libutil/config.c | 38 ++++----- libutil/config.h | 9 ++- libutil/mfapi.c | 6 +- libutil/mfapi.h | 34 ++++---- libutil/policy.h | 13 +-- suite/tests/CMakeLists.txt | 39 ++++++--- ...hitelist.expect => child-allowlist.expect} | 0 ...lacklist.expect => child-blocklist.expect} | 0 tools/DRcontrol.c | 2 +- tools/drdeploy.c | 4 +- tools/drdeploy.in | 4 +- tools/procdb.pl | 3 +- 27 files changed, 198 insertions(+), 176 deletions(-) create mode 100644 clients/drcpusim/tests/block.expect rename suite/tests/linux/{child-whitelist.expect => child-allowlist.expect} (100%) rename suite/tests/linux/{child-blacklist.expect => child-blocklist.expect} (100%) diff --git a/api/docs/release.dox b/api/docs/release.dox index 2198f7a9c..427a22212 100644 --- a/api/docs/release.dox +++ b/api/docs/release.dox @@ -130,6 +130,8 @@ changes: Further non-compatibility-affecting changes include: - Added alias support to droption. + - The drcpusim option -blacklist was renamed to -blocklist but the old name + is still accepted. The changes between version 9.0.0 and 8.0.0 include the following compatibility changes: diff --git a/api/docs/rseq.dox b/api/docs/rseq.dox index 7ad51741e..fb56fa6fb 100644 --- a/api/docs/rseq.dox +++ b/api/docs/rseq.dox @@ -1,5 +1,5 @@ /* ****************************************************************************** - * Copyright (c) 2010-2021 Google, Inc. All rights reserved. + * Copyright (c) 2010-2022 Google, Inc. All rights reserved. * ******************************************************************************/ /* @@ -50,7 +50,7 @@ Internally used inside Google for a few years [0] as well as EfficiOS [1], the c During execution, DynamoRIO rewrites the target application block by basic block, copying these fragments into a new memory space along with any instrumentation that clients add. Since the kernel identifies restartable sequences based on their instruction address, the direct application of the standard execution model of DR would be incorrect due to this changing of actual instruction addresses. In addition, the preemption detection is implemented by the kernel redirecting execution to some arbitrary application address, according to configuration from the application. Similar to signal handling, DR must handle this transparently in order to retain control of the application and execute it correctly. -Since Restartable Sequences are registered using a (relatively new) syscall, we could simply blacklist the syscall and claim that the kernel does not support the feature since most libraries will be written to be backwards-compatible for slightly older kernels. Barring that, DynamoRIO will have to support Restartable Sequences explicitly. +Since Restartable Sequences are registered using a (relatively new) syscall, we could simply blocklist the syscall and claim that the kernel does not support the feature since most libraries will be written to be backwards-compatible for slightly older kernels. Barring that, DynamoRIO will have to support Restartable Sequences explicitly. ## RSEQ API/ABI diff --git a/clients/drcpusim/drcpusim.cpp b/clients/drcpusim/drcpusim.cpp index d4f2dcf5d..ab2278c87 100644 --- a/clients/drcpusim/drcpusim.cpp +++ b/clients/drcpusim/drcpusim.cpp @@ -1,5 +1,5 @@ /* ****************************************************************************** - * Copyright (c) 2015-2021 Google, Inc. All rights reserved. + * Copyright (c) 2015-2022 Google, Inc. All rights reserved. * ******************************************************************************/ /* @@ -56,7 +56,7 @@ static bool (*opcode_supported)(instr_t *); -static std::vector<std::string> blacklist; +static std::vector<std::string> blocklist; static app_pc exe_start; @@ -710,8 +710,8 @@ report_invalid_opcode(int opc, app_pc pc) if (mod != NULL) modname = dr_module_preferred_name(mod); if (modname != NULL) { - for (std::vector<std::string>::iterator i = blacklist.begin(); - i != blacklist.end(); ++i) { + for (std::vector<std::string>::iterator i = blocklist.begin(); + i != blocklist.end(); ++i) { if (*i == modname) { dr_free_module_data(mod); return; @@ -855,11 +855,11 @@ dr_client_main(client_id_t id, int argc, const char *argv[]) dr_abort(); #endif - if (!op_blacklist.get_value().empty()) { - std::stringstream stream(op_blacklist.get_value()); + if (!op_blocklist.get_value().empty()) { + std::stringstream stream(op_blocklist.get_value()); std::string entry; while (std::getline(stream, entry, ':')) - blacklist.push_back(entry); + blocklist.push_back(entry); } if (op_ignore_all_libs.get_value()) { diff --git a/clients/drcpusim/options.cpp b/clients/drcpusim/options.cpp index 215b3e4b0..8867af3e8 100644 --- a/clients/drcpusim/options.cpp +++ b/clients/drcpusim/options.cpp @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2015-2017 Google, Inc. All rights reserved. + * Copyright (c) 2015-2022 Google, Inc. All rights reserved. * **********************************************************/ /* @@ -127,10 +127,13 @@ droption_t<bool> op_allow_prefetchw( "processors, while they do not officially support it, will turn it into a NOP. " "As it is commonly seen on Windows, by default drcpusim does not complain about it."); -droption_t<std::string> op_blacklist( - DROPTION_SCOPE_CLIENT, "blacklist", IF_WINDOWS_ELSE("ntdll.dll", ""), - ":-separated list of libs to ignore.", - "The blacklist is a :-separated list of library names for which violations " +droption_t<std::string> op_blocklist( + // We support the legacy name as an alias for compatibility. + // We explicitly specity the vector type to avoid ambiguity with iterators + // when we have just 2 elements in the list. + DROPTION_SCOPE_CLIENT, std::vector<std::string>({ "blocklist", "blacklist" }), + IF_WINDOWS_ELSE("ntdll.dll", ""), ":-separated list of libs to ignore.", + "The blocklist is a :-separated list of library names for which violations " "should not be reported."); droption_t<bool> op_ignore_all_libs( diff --git a/clients/drcpusim/options.h b/clients/drcpusim/options.h index efe81448b..c69599999 100644 --- a/clients/drcpusim/options.h +++ b/clients/drcpusim/options.h @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2015-2017 Google, Inc. All rights reserved. + * Copyright (c) 2015-2022 Google, Inc. All rights reserved. * **********************************************************/ /* @@ -42,7 +42,7 @@ extern droption_t<std::string> op_cpu; extern droption_t<bool> op_continue; extern droption_t<bool> op_fool_cpuid; extern droption_t<bool> op_allow_prefetchw; -extern droption_t<std::string> op_blacklist; +extern droption_t<std::string> op_blocklist; extern droption_t<bool> op_ignore_all_libs; extern droption_t<unsigned int> op_verbose; diff --git a/clients/drcpusim/tests/block.expect b/clients/drcpusim/tests/block.expect new file mode 100644 index 000000000..e69de29bb diff --git a/core/lib/dr_config.h b/core/lib/dr_config.h index 20f95f1cb..ada36721a 100644 --- a/core/lib/dr_config.h +++ b/core/lib/dr_config.h @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2011-2021 Google, Inc. All rights reserved. + * Copyright (c) 2011-2022 Google, Inc. All rights reserved. * Copyright (c) 2008-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -84,7 +84,7 @@ typedef enum { /** * Do not run this application under DynamoRIO control. * Useful for following all child processes except a handful - * (blacklist). + * (blocklist). */ DR_MODE_DO_NOT_RUN = 4, diff --git a/core/lib/globals_shared.h b/core/lib/globals_shared.h index f1307c1bd..3bf517c76 100644 --- a/core/lib/globals_shared.h +++ b/core/lib/globals_shared.h @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2011-2021 Google, Inc. All rights reserved. + * Copyright (c) 2011-2022 Google, Inc. All rights reserved. * Copyright (c) 2003-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -568,11 +568,11 @@ typedef char liststring_t[MAX_LIST_OPTION_LENGTH]; # define DYNAMORIO_VAR_HOT_PATCH_MODES_ID DYNAMORIO_HOT_PATCH_MODES #endif #ifdef PROCESS_CONTROL -# define DYNAMORIO_VAR_APP_PROCESS_WHITELIST_ID DYNAMORIO_APP_PROCESS_WHITELIST -# define DYNAMORIO_VAR_ANON_PROCESS_WHITELIST_ID DYNAMORIO_ANON_PROCESS_WHITELIST +# define DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST_ID DYNAMORIO_APP_PROCESS_ALLOWLIST +# define DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST_ID DYNAMORIO_ANON_PROCESS_ALLOWLIST -# define DYNAMORIO_VAR_APP_PROCESS_BLACKLIST_ID DYNAMORIO_APP_PROCESS_BLACKLIST -# define DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST_ID DYNAMORIO_ANON_PROCESS_BLACKLIST +# define DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST_ID DYNAMORIO_APP_PROCESS_BLOCKLIST +# define DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST_ID DYNAMORIO_ANON_PROCESS_BLOCKLIST #endif #define DYNAMORIO_VAR_CONFIGDIR STRINGIFY(DYNAMORIO_VAR_CONFIGDIR_ID) @@ -594,15 +594,15 @@ typedef char liststring_t[MAX_LIST_OPTION_LENGTH]; # define DYNAMORIO_VAR_HOT_PATCH_MODES STRINGIFY(DYNAMORIO_VAR_HOT_PATCH_MODES_ID) #endif #ifdef PROCESS_CONTROL -# define DYNAMORIO_VAR_APP_PROCESS_WHITELIST \ - STRINGIFY(DYNAMORIO_VAR_APP_PROCESS_WHITELIST_ID) -# define DYNAMORIO_VAR_ANON_PROCESS_WHITELIST \ - STRINGIFY(DYNAMORIO_VAR_ANON_PROCESS_WHITELIST_ID) - -# define DYNAMORIO_VAR_APP_PROCESS_BLACKLIST \ - STRINGIFY(DYNAMORIO_VAR_APP_PROCESS_BLACKLIST_ID) -# define DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST \ - STRINGIFY(DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST_ID) +# define DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST \ + STRINGIFY(DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST_ID) +# define DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST \ + STRINGIFY(DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST_ID) + +# define DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST \ + STRINGIFY(DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST_ID) +# define DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST \ + STRINGIFY(DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST_ID) #endif #ifdef UNIX @@ -640,15 +640,15 @@ typedef char liststring_t[MAX_LIST_OPTION_LENGTH]; L_EXPAND_LEVEL(DYNAMORIO_VAR_HOT_PATCH_MODES) # endif # ifdef PROCESS_CONTROL -# define L_DYNAMORIO_VAR_APP_PROCESS_WHITELIST \ - L_EXPAND_LEVEL(DYNAMORIO_VAR_APP_PROCESS_WHITELIST) -# define L_DYNAMORIO_VAR_ANON_PROCESS_WHITELIST \ - L_EXPAND_LEVEL(DYNAMORIO_VAR_ANON_PROCESS_WHITELIST) - -# define L_DYNAMORIO_VAR_APP_PROCESS_BLACKLIST \ - L_EXPAND_LEVEL(DYNAMORIO_VAR_APP_PROCESS_BLACKLIST) -# define L_DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST \ - L_EXPAND_LEVEL(DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST) +# define L_DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST \ + L_EXPAND_LEVEL(DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST) +# define L_DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST \ + L_EXPAND_LEVEL(DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST) + +# define L_DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST \ + L_EXPAND_LEVEL(DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST) +# define L_DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST \ + L_EXPAND_LEVEL(DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST) # endif # define L_PRODUCT_NAME L_EXPAND_LEVEL(PRODUCT_NAME) diff --git a/core/moduledb.c b/core/moduledb.c index 1ad3aa34d..a406793cb 100644 --- a/core/moduledb.c +++ b/core/moduledb.c @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2012-2019 Google, Inc. All rights reserved. + * Copyright (c) 2012-2022 Google, Inc. All rights reserved. * Copyright (c) 2006-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -178,14 +178,14 @@ moduledb_process_image(const char *name, app_pc base, bool add) company_name[0] = '\0'; if (got_company_name && company_name[0] != '\0' && - (!IS_STRING_OPTION_EMPTY(whitelist_company_names_default) || - !IS_STRING_OPTION_EMPTY(whitelist_company_names)) && - check_list_default_and_append(dynamo_options.whitelist_company_names_default, - dynamo_options.whitelist_company_names, + (!IS_STRING_OPTION_EMPTY(allowlist_company_names_default) || + !IS_STRING_OPTION_EMPTY(allowlist_company_names)) && + check_list_default_and_append(dynamo_options.allowlist_company_names_default, + dynamo_options.allowlist_company_names, company_name)) { relax = false; LOG(GLOBAL, LOG_MODULEDB, 1, - "Found module \"%s\" from whitelisted company \"%s\"\n", + "Found module \"%s\" from allowlisted company \"%s\"\n", name == NULL ? "no-name" : name, company_name); /* FIXME - not all of our modules have the Company name * field set (drpreinject & liveshields don't), need to avoid @@ -328,7 +328,7 @@ print_moduledb_exempt_lists(file_t file) * create a separate file; for now let it be here. */ -/* As of today, either the blacklist or the whitelist can be used, not both, +/* As of today, either the blocklist or the allowlist can be used, not both, * according to the PRD. In that case there is no need to distinguish between * "not matched" and "no hashlist". However, if we decide that both need to * co-exist (Windows sw restriction policies do a mix), then this is needed. @@ -352,9 +352,9 @@ enum { }; /* This macro defines "matched" to either being on the hashlist or the hashlist - * being empty; empty hashlist is a wildcard match for white and black list - * modes, but not for whitelist integrity mode. Note, this macro is used only - * for white and black list modes, not whitelist integrity mode. + * being empty; empty hashlist is a wildcard match for allow and block list + * modes, but not for allowlist integrity mode. Note, this macro is used only + * for allow and block list modes, not allowlist integrity mode. */ # define IS_PROCESS_CONTROL_MATCHED(x) \ ((x) == PROCESS_CONTROL_MATCHED || (x) == PROCESS_CONTROL_HASHLIST_EMPTY) @@ -415,8 +415,8 @@ process_control_match(const char *md5_hash, if (IS_GET_PARAMETER_SUCCESS(res)) { if (hash_list[0] == '\0') { - /* empty hash is a wildcard match only for white and black list - * modes, not for whitelist integrity mode. */ + /* empty hash is a wildcard match only for allow and block list + * modes, not for allowlist integrity mode. */ ret_val = PROCESS_CONTROL_HASHLIST_EMPTY; } else if (check_filter(hash_list, md5_hash)) { /* hash matched */ ret_val = PROCESS_CONTROL_MATCHED; @@ -441,26 +441,26 @@ process_control_match(const char *md5_hash, return ret_val; } -/* In the regular whitelist mode, the process will be allowed to run if its +/* In the regular allowlist mode, the process will be allowed to run if its * executable's hash matches a hash either on the app specific list or the * anonymous list, or if any of those lists are empty. * - * In the whitelist integrity mode, the process will be allowed to run if its + * In the allowlist integrity mode, the process will be allowed to run if its * executable's hash matches a hash on its app specific hashlist or there is no * app specific hashlist at all. The idea is to ascertain that an executable * hasn't changed. If there is no need to track the change, then those exe's * won't have a hashlist. - * Though the regular whitelist mode can be used to do the same, there are + * Though the regular allowlist mode can be used to do the same, there are * holes in it like the ones below that have to be manually fixed. * 1. support for anonymous hashes; would have to be disabled or not used. * 2. support exe names without hashes; same resolution as point #1. * 3. apps would be killed if there is no hashlist; would have to add empty * global hashlists. * - * Note: xref case 10969 for whitelist integrity mode. + * Note: xref case 10969 for allowlist integrity mode. */ static void -process_control_whitelist(const char *md5_hash) +process_control_allowlist(const char *md5_hash) { security_option_t type_handling; action_type_t desired_action; @@ -468,19 +468,19 @@ process_control_whitelist(const char *md5_hash) const char *threat_id = NULL; int anonymous = PROCESS_CONTROL_NOT_MATCHED; int app_specific = - process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_APP_PROCESS_WHITELIST)); + process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST)); - /* Do the pure whitelist mode check in case both modes were specified + /* Do the pure allowlist mode check in case both modes were specified * accidentally; a matter of precedence. */ - if (IS_PROCESS_CONTROL_MODE_WHITELIST()) { + if (IS_PROCESS_CONTROL_MODE_ALLOWLIST()) { /* Allow the process if md5_hash matched a hash on either the app * specific or anonymous hash list. */ if (IS_PROCESS_CONTROL_MATCHED(app_specific)) return; anonymous = process_control_match( - md5_hash, PARAM_STR(DYNAMORIO_VAR_ANON_PROCESS_WHITELIST)); + md5_hash, PARAM_STR(DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST)); if (IS_PROCESS_CONTROL_MATCHED(anonymous)) return; @@ -491,10 +491,10 @@ process_control_whitelist(const char *md5_hash) * search the full list. Do no harm and ignore process control. Case 9252. */ if (anonymous == PROCESS_CONTROL_LONG_LIST) { - process_control_report_long_list(DYNAMORIO_VAR_ANON_PROCESS_WHITELIST); + process_control_report_long_list(DYNAMORIO_VAR_ANON_PROCESS_ALLOWLIST); return; } - } else if (IS_PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY()) { + } else if (IS_PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY()) { /* Allow the process only if md5_hash matched a hash on the app * specific hash list; this is the integrity tracking part. If there * is no hash list, it means that this process's exe wasn't added to @@ -520,18 +520,18 @@ process_control_whitelist(const char *md5_hash) * the full list. Do no harm and ignore process control. Case 9252. */ if (app_specific == PROCESS_CONTROL_LONG_LIST) { - process_control_report_long_list(DYNAMORIO_VAR_APP_PROCESS_WHITELIST); + process_control_report_long_list(DYNAMORIO_VAR_APP_PROCESS_ALLOWLIST); return; } /* At this point, it should either be not-matched or no-hashlist. - * Note: No hashlist is equivalent to no match; for white list, this means + * Note: No hashlist is equivalent to no match; for allowlist, this means * kill. */ ASSERT((app_specific == PROCESS_CONTROL_NOT_MATCHED || app_specific == PROCESS_CONTROL_NO_HASHLIST)); /* Anonymous lists aren't applicable for integrity mode. */ - if (IS_PROCESS_CONTROL_MODE_WHITELIST()) { + if (IS_PROCESS_CONTROL_MODE_ALLOWLIST()) { ASSERT((anonymous == PROCESS_CONTROL_NOT_MATCHED || anonymous == PROCESS_CONTROL_NO_HASHLIST)); } @@ -559,17 +559,17 @@ process_control_whitelist(const char *md5_hash) } static void -process_control_blacklist(const char *md5_hash) +process_control_blocklist(const char *md5_hash) { security_option_t type_handling; action_type_t desired_action; int app_specific = - process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_APP_PROCESS_BLACKLIST)); + process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST)); int anonymous = - process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST)); + process_control_match(md5_hash, PARAM_STR(DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST)); - ASSERT(IS_PROCESS_CONTROL_MODE_BLACKLIST()); + ASSERT(IS_PROCESS_CONTROL_MODE_BLOCKLIST()); if (IS_PROCESS_CONTROL_MATCHED(app_specific) || IS_PROCESS_CONTROL_MATCHED(anonymous)) { @@ -583,9 +583,9 @@ process_control_blacklist(const char *md5_hash) desired_action = ACTION_TERMINATE_PROCESS; } - /* All process control violations will be .K; for blacklist we kill + /* All process control violations will be .K; for blocklist we kill * if the current executable's process is either on the anonymous - * or on the app specific whitelist. As the exe name and + * or on the app specific allowlist. As the exe name and * pid are already in the event, the threat ID will only convey what * list was used, anonymous ("ANON.BLAC") or app-specific ("ANON.BLAC"). */ @@ -598,12 +598,12 @@ process_control_blacklist(const char *md5_hash) ASSERT(DYNAMO_OPTION(pc_detect_mode)); # endif } else if (app_specific == PROCESS_CONTROL_LONG_LIST) { /* Case 9252. */ - process_control_report_long_list(DYNAMORIO_VAR_APP_PROCESS_BLACKLIST); + process_control_report_long_list(DYNAMORIO_VAR_APP_PROCESS_BLOCKLIST); } else if (anonymous == PROCESS_CONTROL_LONG_LIST) { /* Case 9252. */ - process_control_report_long_list(DYNAMORIO_VAR_ANON_PROCESS_BLACKLIST); + process_control_report_long_list(DYNAMORIO_VAR_ANON_PROCESS_BLOCKLIST); } else { /* At this point, it should either be not-matched or no-hashlist. - * Note: No hashlist is equivalent to no match; for black list, this + * Note: No hashlist is equivalent to no match; for blocklist, this * means don't kill. */ ASSERT((app_specific == PROCESS_CONTROL_NOT_MATCHED || @@ -633,9 +633,9 @@ process_control(void) return; } - is_black = IS_PROCESS_CONTROL_MODE_BLACKLIST(); - is_white = IS_PROCESS_CONTROL_MODE_WHITELIST(); - is_white_intg = IS_PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY(); + is_black = IS_PROCESS_CONTROL_MODE_BLOCKLIST(); + is_white = IS_PROCESS_CONTROL_MODE_ALLOWLIST(); + is_white_intg = IS_PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY(); /* Currently only one mode can be used; this is how our product is sold. * However, there is nothing preventing us from using all of them (just @@ -649,9 +649,9 @@ process_control(void) (!is_black && !is_white && is_white_intg)); if (is_black) - process_control_blacklist(md5_hash); + process_control_blocklist(md5_hash); else if (is_white || is_white_intg) - process_control_whitelist(md5_hash); + process_control_allowlist(md5_hash); else ASSERT_NOT_REACHED(); } diff --git a/core/moduledb.h b/core/moduledb.h index 223be63e0..2a2bcf9b9 100644 --- a/core/moduledb.h +++ b/core/moduledb.h @@ -1,4 +1,5 @@ /* ********************************************************** + * Copyright (c) 2021-2022 Google, Inc. All rights reserved. * Copyright (c) 2006-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -91,23 +92,23 @@ print_moduledb_exempt_lists(file_t file); #ifdef PROCESS_CONTROL # define PROCESS_CONTROL_MODE_OFF 0x0 -# define PROCESS_CONTROL_MODE_WHITELIST 0x1 -# define PROCESS_CONTROL_MODE_BLACKLIST 0x2 +# define PROCESS_CONTROL_MODE_ALLOWLIST 0x1 +# define PROCESS_CONTROL_MODE_BLOCKLIST 0x2 -/* This mode is identical to whitelist mode, but requires that the user specify +/* This mode is identical to allowlist mode, but requires that the user specify * an exe by name and its hashes; no anonymous hashes or exe names with no * hashes. Case 10969. */ -# define PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY 0x4 - -# define IS_PROCESS_CONTROL_MODE_WHITELIST() \ - (TEST(PROCESS_CONTROL_MODE_WHITELIST, DYNAMO_OPTION(process_control))) -# define IS_PROCESS_CONTROL_MODE_BLACKLIST() \ - (TEST(PROCESS_CONTROL_MODE_BLACKLIST, DYNAMO_OPTION(process_control))) -# define IS_PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY() \ - (TEST(PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY, DYNAMO_OPTION(process_control))) +# define PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY 0x4 + +# define IS_PROCESS_CONTROL_MODE_ALLOWLIST() \ + (TEST(PROCESS_CONTROL_MODE_ALLOWLIST, DYNAMO_OPTION(process_control))) +# define IS_PROCESS_CONTROL_MODE_BLOCKLIST() \ + (TEST(PROCESS_CONTROL_MODE_BLOCKLIST, DYNAMO_OPTION(process_control))) +# define IS_PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY() \ + (TEST(PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY, DYNAMO_OPTION(process_control))) # define IS_PROCESS_CONTROL_ON() \ - (IS_PROCESS_CONTROL_MODE_WHITELIST() || IS_PROCESS_CONTROL_MODE_BLACKLIST() || \ - IS_PROCESS_CONTROL_MODE_WHITELIST_INTEGRITY()) + (IS_PROCESS_CONTROL_MODE_ALLOWLIST() || IS_PROCESS_CONTROL_MODE_BLOCKLIST() || \ + IS_PROCESS_CONTROL_MODE_ALLOWLIST_INTEGRITY()) void process_control(void); diff --git a/core/nudge.c b/core/nudge.c index 1666f970f..4df3a4aa5 100644 --- a/core/nudge.c +++ b/core/nudge.c @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2011-2021 Google, Inc. All rights reserved. + * Copyright (c) 2011-2022 Google, Inc. All rights reserved. * Copyright (c) 2008-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -384,7 +384,7 @@ handle_nudge(dcontext_t *dcontext, nudge_arg_t *arg) if (TEST(NUDGE_GENERIC(process_control), nudge_action_mask)) { /* Case 8594 */ nudge_action_mask &= ~NUDGE_GENERIC(process_control); /* Need to synchronize because process control can be switched between - * on (white or black list) & off. FIXME - the nudge mask should specify this, + * on (allow or block list) & off. FIXME - the nudge mask should specify this, * but doesn't hurt to do it again. */ synchronize_dynamic_options(); if (IS_PROCESS_CONTROL_ON()) diff --git a/core/optionsx.h b/core/optionsx.h index c9c25741f..d7f8104b7 100644 --- a/core/optionsx.h +++ b/core/optionsx.h @@ -2313,20 +2313,20 @@ OPTION_DEFAULT(liststring_t, patch_proof_list, EMPTY_STRING, PC_OPTION_DEFAULT(bool, use_moduledb, false, "activate module database") OPTION_ALIAS(staged, use_moduledb, false, STATIC, OP_PCACHE_GLOBAL) /* xref case 8924 */ /* FIXME - can't handle a company name with a ; in it */ -PC_OPTION_DEFAULT(liststring_t, whitelist_company_names_default, +PC_OPTION_DEFAULT(liststring_t, allowlist_company_names_default, OPTION_STRING(COMPANY_LONG_NAME), "don't relax protections as part of moduledb matching for these ; " "separated company names") -PC_OPTION_DEFAULT(liststring_t, whitelist_company_names, +PC_OPTION_DEFAULT(liststring_t, allowlist_company_names, OPTION_STRING("Microsoft Corporation"), "don't relax protections as part of moduledb matching for these ; " "separated company names") PC_OPTION_DEFAULT( uint, unknown_module_policy, 0xf, /*MODULEDB_RCT_EXEMPT_TO|MODULEDB_ALL_SECTIONS_BITS:SECTION_ALLOW|MODULEDB_REPORT_ON_LOAD*/ - "module policy control field for non-whitelisted modules") + "module policy control field for non-allowlisted modules") OPTION_DEFAULT(uint, unknown_module_load_report_max, 10, - "max number of non whitelist modules to log/report at load time") + "max number of non allowlist modules to log/report at load time") OPTION_DEFAULT(uint, moduledb_exemptions_report_max, 3, "max number of moduledb security exemptions to report") /* case 9330 detect race in our security policies during DLL @@ -3347,7 +3347,7 @@ OPTION_COMMAND( #ifdef PROCESS_CONTROL /* case 8594 */ /* Dynamic because it can be turned on or off using a nudge. */ DYNAMIC_OPTION_DEFAULT(uint, process_control, 0, - "sets process control mode {off,whitelist,blacklist} thereby " + "sets process control mode {off,allowlist,blocklist} thereby " "deciding if a process is allowed to execute or not") /* FIXME: remove this after md5s are obtained from a mapped file; case 9252.*/ DYNAMIC_OPTION_DEFAULT(uint, pc_num_hashes, 100, diff --git a/core/unix/os.c b/core/unix/os.c index 7bd20e706..8375315b6 100644 --- a/core/unix/os.c +++ b/core/unix/os.c @@ -5509,8 +5509,8 @@ static const char *const env_to_propagate[] = { /* Called at pre-SYS_execve to append DR vars in the target process env vars list. * For late injection via libdrpreload, we call this for *all children, because - * even if -no_follow_children is specified, a whitelist will still ask for takeover - * and it's libdrpreload who checks the whitelist. + * even if -no_follow_children is specified, a allowlist will still ask for takeover + * and it's libdrpreload who checks the allowlist. * For -early, however, we check the config ahead of time and only call this routine * if we in fact want to inject. * XXX i#1679: these parent vs child differences bring up corner cases of which diff --git a/core/unix/preload.c b/core/unix/preload.c index 054f60660..9138f0f35 100644 --- a/core/unix/preload.c +++ b/core/unix/preload.c @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2015-2019 Google, Inc. All rights reserved. + * Copyright (c) 2015-2022 Google, Inc. All rights reserved. * Copyright (c) 2001-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -92,10 +92,10 @@ int nothing = 0; /* Tells whether or not to take over a process. PR 212034. We use env vars to * decide this; longer term we want to switch to config files. * - * If include list exists then it acts as a white list, i.e., take over + * If include list exists then it acts as an allow list, i.e., take over * only if pname is on it, not otherwise. If the list doesn't exist then * act normal, i.e., take over. Ditto but reversed for exclude list as it is a - * blacklist. If both lists exist, then white list gets preference. + * blocklist. If both lists exist, then the allow list gets preference. */ static bool take_over(const char *pname) diff --git a/core/win32/aslr.h b/core/win32/aslr.h index b9dd2f681..5ec797958 100644 --- a/core/win32/aslr.h +++ b/core/win32/aslr.h @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2017 Google, Inc. All rights reserved. + * Copyright (c) 2017-2022 Google, Inc. All rights reserved. * Copyright (c) 2005-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -273,7 +273,7 @@ enum { ASLR_CACHE_LIST_DEFAULT, ASLR_CACHE_LIST_INCLUDE, /* -aslr_cache_list_include */ ASLR_CACHE_LIST_EXCLUDE /* -aslr_cache_list_exclude */ - /* (note aslr_cache_list_t values match meaning of whitelist blacklist + /* (note aslr_cache_list_t values match meaning of allowlist blocklist * as in process_control) */ } aslr_cache_list_t; diff --git a/libutil/config.c b/libutil/config.c index 95b8086ca..7f3c8fea3 100644 --- a/libutil/config.c +++ b/libutil/config.c @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2014 Google, Inc. All rights reserved. + * Copyright (c) 2014-2022 Google, Inc. All rights reserved. * Copyright (c) 2005-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -1129,22 +1129,22 @@ filter(WCHAR *list, const WCHAR *filter, DWORD black_or_white, BOOL check_only, } BOOL -blacklist_filter(WCHAR *list, const WCHAR *blacklist, BOOL check_only, WCHAR separator) +blocklist_filter(WCHAR *list, const WCHAR *blocklist, BOOL check_only, WCHAR separator) { - return filter(list, blacklist, BLACK, check_only, separator); + return filter(list, blocklist, BLACK, check_only, separator); } BOOL -whitelist_filter(WCHAR *list, const WCHAR *whitelist, BOOL check_only, WCHAR separator) +allowlist_filter(WCHAR *list, const WCHAR *allowlist, BOOL check_only, WCHAR separator) { - return filter(list, whitelist, WHITE, check_only, separator); + return filter(list, allowlist, WHITE, check_only, separator); } /* appinit key */ DWORD -set_autoinjection_ex(BOOL inject, DWORD flags, const WCHAR *blacklist, - const WCHAR *whitelist, +set_autoinjection_ex(BOOL inject, DWORD flags, const WCHAR *blocklist, + const WCHAR *allowlist, /* OUT */ DWORD *list_error, const WCHAR *custom_preinject_name, /* OUT */ WCHAR *current_list, SIZE_T maxchars) { @@ -1269,20 +1269,20 @@ set_autoinjection_ex(BOOL inject, DWORD flags, const WCHAR *blacklist, remove_from_file_list(list, preinject_name, APPINIT_SEPARATOR_CHAR); } - if (TEST(APPINIT_USE_WHITELIST, flags)) { - if (NULL == whitelist) + if (TEST(APPINIT_USE_ALLOWLIST, flags)) { + if (NULL == allowlist) res = ERROR_INVALID_PARAMETER; else list_ok_ = - whitelist_filter(list, whitelist, TEST(APPINIT_CHECK_LISTS_ONLY, flags), + allowlist_filter(list, allowlist, TEST(APPINIT_CHECK_LISTS_ONLY, flags), APPINIT_SEPARATOR_CHAR); - } else if (TEST(APPINIT_USE_BLACKLIST, flags)) { - /* else if since whitelist subsumes blacklist */ - if (NULL == blacklist) + } else if (TEST(APPINIT_USE_BLOCKLIST, flags)) { + /* else if since allowlist subsumes blocklist */ + if (NULL == blocklist) res = ERROR_INVALID_PARAMETER; else list_ok_ = - blacklist_filter(list, blacklist, TEST(APPINIT_CHECK_LISTS_ONLY, flags), + blocklist_filter(list, blocklist, TEST(APPINIT_CHECK_LISTS_ONLY, flags), APPINIT_SEPARATOR_CHAR); } @@ -1757,21 +1757,21 @@ main() list2 = add_to_file_list(list2, L"gee.dll", TRUE, TRUE, FALSE, sep); tmplist = wcsdup(list1); - DO_ASSERT(!blacklist_filter(tmplist, list2, TRUE, sep)); + DO_ASSERT(!blocklist_filter(tmplist, list2, TRUE, sep)); DO_ASSERT_WSTR_EQ(L"C:\\shr\\Foo.dll;C:\\bar.dll;c:\\foo.dll;d:\\gee.dll;ar.dll", tmplist); - DO_ASSERT(!blacklist_filter(tmplist, list2, FALSE, sep)); + DO_ASSERT(!blocklist_filter(tmplist, list2, FALSE, sep)); DO_ASSERT_WSTR_EQ(L"C:\\bar.dll;ar.dll", tmplist); - DO_ASSERT(blacklist_filter(tmplist, list2, TRUE, sep)); + DO_ASSERT(blocklist_filter(tmplist, list2, TRUE, sep)); free_file_list(tmplist); tmplist = wcsdup(list1); - DO_ASSERT(!whitelist_filter(tmplist, list2, FALSE, sep)); + DO_ASSERT(!allowlist_filter(tmplist, list2, FALSE, sep)); DO_ASSERT_WSTR_EQ(L"C:\\shr\\Foo.dll;c:\\foo.dll;d:\\gee.dll", tmplist); - DO_ASSERT(whitelist_filter(tmplist, list2, TRUE, sep)); + DO_ASSERT(allowlist_filter(tmplist, list2, TRUE, sep)); free_file_list(tmplist); diff --git a/libutil/config.h b/libutil/config.h index 249a36aca..e9155e12d 100644 --- a/libutil/config.h +++ b/libutil/config.h @@ -1,4 +1,5 @@ /* ********************************************************** + * Copyright (c) 2021-2022 Google, Inc. All rights reserved. * Copyright (c) 2005-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -238,14 +239,14 @@ void remove_from_file_list(WCHAR *list, const WCHAR *filename, WCHAR separator); BOOL -blacklist_filter(WCHAR *list, const WCHAR *blacklist, BOOL check_only, WCHAR separator); +blocklist_filter(WCHAR *list, const WCHAR *blocklist, BOOL check_only, WCHAR separator); BOOL -whitelist_filter(WCHAR *list, const WCHAR *whitelist, BOOL check_only, WCHAR separator); +allowlist_filter(WCHAR *list, const WCHAR *allowlist, BOOL check_only, WCHAR separator); DWORD -set_autoinjection_ex(BOOL inject, DWORD flags, const WCHAR *blacklist, - const WCHAR *whitelist, DWORD *list_error, +set_autoinjection_ex(BOOL inject, DWORD flags, const WCHAR *blocklist, + const WCHAR *allowlist, DWORD *list_error, const WCHAR *custom_preinject_name, WCHAR *current_list, SIZE_T maxchars); diff --git a/libutil/mfapi.c b/libutil/mfapi.c index c878f2153..e9d573981 100644 --- a/libutil/mfapi.c +++ b/libutil/mfapi.c @@ -62,12 +62,12 @@ is_protection_enabled() } DWORD -enable_protection_ex(BOOL inject, DWORD flags, const WCHAR *blacklist, - const WCHAR *whitelist, DWORD *list_error, +enable_protection_ex(BOOL inject, DWORD flags, const WCHAR *blocklist, + const WCHAR *allowlist, DWORD *list_error, const WCHAR *custom_preinject_name, WCHAR *current_list, SIZE_T maxchars) { - return set_autoinjection_ex(inject, flags, blacklist, whitelist, list_error, + return set_autoinjection_ex(inject, flags, blocklist, allowlist, list_error, custom_preinject_name, current_list, maxchars); } diff --git a/libutil/mfapi.h b/libutil/mfapi.h index 5c0ba6c86..37c885bae 100644 --- a/libutil/mfapi.h +++ b/libutil/mfapi.h @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2014-2018 Google, Inc. All rights reserved. + * Copyright (c) 2014-2022 Google, Inc. All rights reserved. * Copyright (c) 2005-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -85,8 +85,8 @@ extern "C" { * <policy_message> ::== * POLICY_VERSION=30000 * APPINITFLAGS=<string> - * APPINITWHITELIST=<string> - * APPINITBLACKLIST=<string> + * APPINITALLOWLIST=<string> + * APPINITBLOCKLIST=<string> * GLOBAL_PROTECT=<boolean> * <application_block>* * @@ -129,13 +129,13 @@ extern "C" { * * details: * - * (1) the APPINITFLAGS, together with the APPINITBLACKLIST and - * APPINITWHITELIST, controls how our bootstrap dll is added to the + * (1) the APPINITFLAGS, together with the APPINITBLOCKLIST and + * APPINITALLOWLIST, controls how our bootstrap dll is added to the * AppInit_DLLs registry key. the value of the flags should be a sum * of the APPINIT_* flags as defined in share/config.h * - * The APPINITBLACKLIST and APPINITWHITELIST values are only used if - * specified by the flags. we'll provide the whitelist/blacklist. + * The APPINITBLOCKLIST and APPINITALLOWLIST values are only used if + * specified by the flags. we'll provide the allowlist/blocklist. * * * (2) GLOBAL_PROTECT: OPTIONAL: if this is 0, then protection is @@ -283,12 +283,12 @@ disable_protection(); * APPINIT_FORCE_TO_BACK * Forces preinject dll to the back of the AppInit_DLLs list. * - * APPINIT_USE_BLACKLIST - * Will read blacklist from blacklist config parameter and + * APPINIT_USE_BLOCKLIST + * Will read blocklist from blocklist config parameter and * validate against it. * - * APPINIT_USE_WHITELIST - * Will read whitelist from whitelist config parameter and + * APPINIT_USE_ALLOWLIST + * Will read allowlist from allowlist config parameter and * validate against it. * * APPINIT_CHECK_LISTS_ONLY @@ -296,7 +296,7 @@ disable_protection(); * for use with at least one of the two flags below. * * APPINIT_WARN_ON_LIST_VIOLATION - * Whether to generate a warning if a whitelist/blacklist + * Whether to generate a warning if a allowlist/blocklist * violation was detected. * * APPINIT_BAIL_ON_LIST_VIOLATION @@ -335,8 +335,8 @@ disable_protection(); #define APPINIT_FORCE_TO_FRONT 0x1 #define APPINIT_FORCE_TO_BACK 0x2 -#define APPINIT_USE_BLACKLIST 0x4 -#define APPINIT_USE_WHITELIST 0x8 +#define APPINIT_USE_BLOCKLIST 0x4 +#define APPINIT_USE_ALLOWLIST 0x8 #define APPINIT_CHECK_LISTS_ONLY 0x10 #define APPINIT_WARN_ON_LIST_VIOLATION 0x20 #define APPINIT_BAIL_ON_LIST_VIOLATION 0x40 @@ -346,7 +346,7 @@ disable_protection(); #define APPINIT_SYS32_TRUNCATE 0x800 #define APPINIT_OVERWRITE 0x1000 -/* The flags, blacklist, whitelist, list_error parameters are as +/* The flags, blocklist, allowlist, list_error parameters are as * described above. * The inject parameter controls whether protection is enabled or * disabled. If disabled all other parameters are ignored. @@ -358,8 +358,8 @@ disable_protection(); * violation is reported. */ DWORD -enable_protection_ex(BOOL inject, DWORD flags, const WCHAR *blacklist, - const WCHAR *whitelist, DWORD *list_error, +enable_protection_ex(BOOL inject, DWORD flags, const WCHAR *blocklist, + const WCHAR *allowlist, DWORD *list_error, const WCHAR *custom_preinject_name, WCHAR *current_list, SIZE_T maxchars); diff --git a/libutil/policy.h b/libutil/policy.h index 9d69a9e87..9f9a63a0a 100644 --- a/libutil/policy.h +++ b/libutil/policy.h @@ -1,4 +1,5 @@ /* ********************************************************** + * Copyright (c) 2021-2022 Google, Inc. All rights reserved. * Copyright (c) 2003-2007 VMware, Inc. All rights reserved. * **********************************************************/ @@ -41,8 +42,8 @@ the syntax of the policy definition message is as follows: <policy_message> ::== POLICY_VERSION=<string> APPINITFLAGS=<string> - APPINITWHITELIST=<string> - APPINITBLACKLIST=<string> + APPINITALLOWLIST=<string> + APPINITBLOCKLIST=<string> GLOBAL_PROTECT=<boolean> <application_block>* @@ -67,13 +68,13 @@ the syntax of the policy definition message is as follows: details: -(1) the APPINITFLAGS, together with the APPINITBLACKLIST and - APPINITWHITELIST, controls how our bootstrap dll is added to the +(1) the APPINITFLAGS, together with the APPINITBLOCKLIST and + APPINITALLOWLIST, controls how our bootstrap dll is added to the AppInit_DLLs registry key. the value of the flags should be a sum of the APPINIT_* flags as defined in share/config.h - the APPINITBLACKLIST and APPINITWHITELIST values are only used if - specified by the flags. we'll provide the whitelist/blacklist. + the APPINITBLOCKLIST and APPINITALLOWLIST values are only used if + specified by the flags. we'll provide the allowlist/blocklist. (2) GLOBAL_PROTECT: OPTIONAL: if this is 0, then protection is diff --git a/suite/tests/CMakeLists.txt b/suite/tests/CMakeLists.txt index 9982aae1e..a59582f4f 100644 --- a/suite/tests/CMakeLists.txt +++ b/suite/tests/CMakeLists.txt @@ -3913,6 +3913,19 @@ if (BUILD_CLIENTS) add_cpusim_asm_test(ssse3 Prescott) add_cpusim_asm_test(sse41 Merom) add_cpusim_asm_test(sse42 Penryn) + + # Test -blocklist. + torunonly_ci(tool.drcpusim.block tool.ssse3 drcpusim + "ignore" "-cpu Prescott -blocklist tool.ssse3" "" "") + set(tool.drcpusim.block_toolname "drcpusim") + set(tool.drcpusim.block_expectbase "block") + set(tool.drcpusim.block_basedir "${PROJECT_SOURCE_DIR}/clients/drcpusim/tests") + # Legacy option name. + torunonly_ci(tool.drcpusim.legacy tool.ssse3 drcpusim + "ignore" "-cpu Prescott -blacklist tool.ssse3" "" "") + set(tool.drcpusim.legacy_toolname "drcpusim") + set(tool.drcpusim.legacy_expectbase "block") + set(tool.drcpusim.legacy_basedir "${PROJECT_SOURCE_DIR}/clients/drcpusim/tests") endif () add_exe(tool.cpuid ${PROJECT_SOURCE_DIR}/clients/drcpusim/tests/cpuid.c) @@ -4062,39 +4075,39 @@ if (UNIX) tobuild_ops(linux.execve-null linux/execve-null.c "" "${execve-sub-path}") if (NOT ANDROID) # XXX i#1874: get working on Android - # Test blacklist and whitelist child config vs follow-children options (i#1667). + # Test blocklist and allowlist child config vs follow-children options (i#1667). # Use a different name to avoid parallel test conflicts when we manipulate # config files. add_exe(linux.execve-config linux/execve-sub.c) # We want the environment to keep HOME for config dirs (xref i#1679). add_exe(linux.execv linux/execv.c) - set(linux.child-blacklist_expectbase "child-blacklist") + set(linux.child-blocklist_expectbase "child-blocklist") get_target_path_for_execution(execve-config-path linux.execve-config "${location_suffix}") - torunonly(linux.child-blacklist linux.execv linux/execv.c + torunonly(linux.child-blocklist linux.execv linux/execv.c "-follow_children" "${execve-config-path}") get_target_path_for_execution(drconfig_path drconfig "${location_suffix}") prefix_cmd_if_necessary(drconfig_path ON ${drconfig_path}) - set(linux.child-blacklist_runcmp "${CMAKE_CURRENT_SOURCE_DIR}/runmulti.cmake") - set(linux.child-blacklist_precmd + set(linux.child-blocklist_runcmp "${CMAKE_CURRENT_SOURCE_DIR}/runmulti.cmake") + set(linux.child-blocklist_precmd "${drconfig_path}@-quiet@-reg@linux.execve-config@-norun") - set(linux.child-blacklist_postcmd + set(linux.child-blocklist_postcmd "${drconfig_path}@-quiet@-unreg@linux.execve-config") - set(linux.child-whitelist_expectbase "child-whitelist") - torunonly(linux.child-whitelist linux.execv linux/execv.c + set(linux.child-allowlist_expectbase "child-allowlist") + torunonly(linux.child-allowlist linux.execv linux/execv.c "-no_follow_children" "${execve-config-path}") - set(linux.child-whitelist_runcmp "${CMAKE_CURRENT_SOURCE_DIR}/runmulti.cmake") + set(linux.child-allowlist_runcmp "${CMAKE_CURRENT_SOURCE_DIR}/runmulti.cmake") if (DEBUG) set(debug_args "@-debug") else (DEBUG) set(debug_args "") endif (DEBUG) - set(linux.child-whitelist_precmd + set(linux.child-allowlist_precmd "${drconfig_path}@-quiet@-reg@linux.execve-config${debug_args}@-ops@-stderr_mask@@0") - set(linux.child-whitelist_postcmd + set(linux.child-allowlist_postcmd "${drconfig_path}@-quiet@-unreg@linux.execve-config") - # Can't run in parallel w/ blacklist since manipulating same config file: - set(linux.child-whitelist_depends linux.child-blacklist) + # Can't run in parallel w/ blocklist since manipulating same config file: + set(linux.child-allowlist_depends linux.child-blocklist) endif () tobuild(linux.execve-rec linux/execve-rec.c) diff --git a/suite/tests/linux/child-whitelist.expect b/suite/tests/linux/child-allowlist.expect similarity index 100% rename from suite/tests/linux/child-whitelist.expect rename to suite/tests/linux/child-allowlist.expect diff --git a/suite/tests/linux/child-blacklist.expect b/suite/tests/linux/child-blocklist.expect similarity index 100% rename from suite/tests/linux/child-blacklist.expect rename to suite/tests/linux/child-blocklist.expect diff --git a/tools/DRcontrol.c b/tools/DRcontrol.c index 14648a040..ba7e9f0c5 100644 --- a/tools/DRcontrol.c +++ b/tools/DRcontrol.c @@ -581,7 +581,7 @@ main(int argc, char **argv) checked_operation("set autoinject", set_autoinjection()); } else if (0 == strcmp(preinject, "CLEAR")) { checked_operation("clear autoinject", - set_autoinjection_ex(FALSE, APPINIT_USE_WHITELIST, NULL, + set_autoinjection_ex(FALSE, APPINIT_USE_ALLOWLIST, NULL, L"", NULL, NULL, NULL, 0)); } else if (0 == strcmp(preinject, "LIST")) { WCHAR list[MAX_PARAM_LEN]; diff --git a/tools/drdeploy.c b/tools/drdeploy.c index 23e1ca948..3b5a838ea 100644 --- a/tools/drdeploy.c +++ b/tools/drdeploy.c @@ -1,5 +1,5 @@ /* ********************************************************** - * Copyright (c) 2011-2021 Google, Inc. All rights reserved. + * Copyright (c) 2011-2022 Google, Inc. All rights reserved. * Copyright (c) 2008-2010 VMware, Inc. All rights reserved. * **********************************************************/ @@ -182,7 +182,7 @@ const char *options_list_str = " If a local file already exists it will take precedence.\n" " -norun Create a configuration that excludes the application\n" " from running under DR control. Useful for following\n" - " all child processes except a handful (blacklist).\n" + " all child processes except a handful (blocklist).\n" #endif " -debug Use the DR debug library\n" " -32 Target 32-bit or WOW64 applications\n" diff --git a/tools/drdeploy.in b/tools/drdeploy.in index 8b38bee5d..17d71d32c 100755 --- a/tools/drdeploy.in +++ b/tools/drdeploy.in @@ -1,7 +1,7 @@ #!/bin/sh # ********************************************************** -# Copyright (c) 2011-2012 Google, Inc. All rights reserved. +# Copyright (c) 2011-2022 Google, Inc. All rights reserved. # Copyright (c) 2002-2010 VMware, Inc. All rights reserved. # ********************************************************** @@ -62,7 +62,7 @@ ## being run were compiled for. ## [-norun] Requests that an application NOT be run under DR ## control. Useful for following all child processes -## except a blacklist. DR will still be loaded, and +## except a blocklist. DR will still be loaded, and ## the app API available. ## [-reg <executable>] Only for drconfig. Creates configuration file for ## the specified application name. diff --git a/tools/procdb.pl b/tools/procdb.pl index 4d9413e3c..24db4998b 100755 --- a/tools/procdb.pl +++ b/tools/procdb.pl @@ -1,6 +1,7 @@ #!/usr/bin/perl # ********************************************************** +# Copyright (c) 2021-2022 Google, Inc. All rights reserved. # Copyright (c) 2006 VMware, Inc. All rights reserved. # ********************************************************** @@ -62,7 +63,7 @@ # copy&paste from bugtitle.pl # FIXME: should merge with the logic from wld/wld.pl -# about having a whitelist database on DLLs +# about having an allowlist database on DLLs # adding only exe's that should be seen only once! -- GitLab