Remove Legacy NPAPI Flash Sandbox support

chrome/common/chrome_content_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/chrome_content_client.h"
 
 #include "base/command_line.h"
 #include "base/cpu.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
@@ skipping 286 matching lines @@
       switches::kEnableBundledPpapiFlash);
 
   *plugin = CreatePepperFlashInfo(flash_path, FLAPPER_VERSION_STRING);
   *override_npapi_flash = force_enable || IsPepperFlashEnabledByDefault();
   return true;
 #else
   return false;
 #endif  // FLAPPER_AVAILABLE
 }
 
-#if defined(OS_WIN)
-// Launches the privileged flash broker, used when flash is sandboxed.
-// The broker is the same flash dll, except that it uses a different
-// entrypoint (BrokerMain) and it is hosted in windows' generic surrogate
-// process rundll32. After launching the broker we need to pass to
-// the flash plugin the process id of the broker via the command line
-// using --flash-broker=pid.
-// More info about rundll32 at http://support.microsoft.com/kb/164787.
-bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
-  FilePath rundll;
-  if (!PathService::Get(base::DIR_SYSTEM, &rundll))
-    return false;
-  rundll = rundll.AppendASCII("rundll32.exe");
-  // Rundll32 cannot handle paths with spaces, so we use the short path.
-  wchar_t short_path[MAX_PATH];
-  if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
-                               short_path, arraysize(short_path)))
-    return false;
-  // Here is the kicker, if the user has disabled 8.3 (short path) support
-  // on the volume GetShortPathNameW does not fail but simply returns the
-  // input path. In this case if the path had any spaces then rundll32 will
-  // incorrectly interpret its parameters. So we quote the path, even though
-  // the kb/164787 says you should not.
-  std::wstring cmd_final =
-      base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome",
-                         rundll.value().c_str(),
-                         short_path);
-  base::ProcessHandle process;
-  base::LaunchOptions options;
-  options.start_hidden = true;
-  if (!base::LaunchProcess(cmd_final, options, &process))
-    return false;
-
-  cmd_line->AppendSwitchASCII("flash-broker",
-                              base::Int64ToString(::GetProcessId(process)));
-
-  // The flash broker, unders some circumstances can linger beyond the lifetime
-  // of the flash player, so we put it in a job object, when the browser
-  // terminates the job object is destroyed (by the OS) and the flash broker
-  // is terminated.
-  HANDLE job = ::CreateJobObjectW(NULL, NULL);
-  if (base::SetJobObjectAsKillOnJobClose(job)) {
-    ::AssignProcessToJobObject(job, process);
-    // Yes, we are leaking the object here. Read comment above.
-  } else {
-    ::CloseHandle(job);
-    return false;
-  }
-
-  ::CloseHandle(process);
-  return true;
-}
-#endif  // OS_WIN
-
 }  // namespace
 
 namespace chrome {
 
 const char* const ChromeContentClient::kPDFPluginName = ::kPDFPluginName;
 const char* const ChromeContentClient::kNaClPluginName = ::kNaClPluginName;
 const char* const ChromeContentClient::kNaClOldPluginName =
     ::kNaClOldPluginName;
 
 void ChromeContentClient::SetActiveURL(const GURL& url) {
@@ skipping 80 matching lines @@
     int resource_id,
     ui::ScaleFactor scale_factor) const {
   return ResourceBundle::GetSharedInstance().GetRawDataResource(
       resource_id, scale_factor);
 }
 
 gfx::Image& ChromeContentClient::GetNativeImageNamed(int resource_id) const {
   return ResourceBundle::GetSharedInstance().GetNativeImageNamed(resource_id);
 }
 
-#if defined(OS_WIN)
-bool ChromeContentClient::SandboxPlugin(CommandLine* command_line,
-                                        sandbox::TargetPolicy* policy) {
-  std::wstring plugin_dll = command_line->
-      GetSwitchValueNative(switches::kPluginPath);
-
-  FilePath builtin_flash;
-  if (!PathService::Get(chrome::FILE_FLASH_PLUGIN_EXISTING, &builtin_flash))
-    return false;
-
-  FilePath plugin_path(plugin_dll);
-  if (plugin_path.BaseName() != builtin_flash.BaseName())
-    return false;
-
-  if (base::win::GetVersion() <= base::win::VERSION_XP ||
-      CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kDisableFlashSandbox)) {
-    return false;
-  }
-
-  // Add policy for the plugin proxy window pump event
-  // used by WebPluginDelegateProxy::HandleInputEvent().
-  if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
-                      sandbox::TargetPolicy::HANDLES_DUP_ANY,
-                      L"Event") != sandbox::SBOX_ALL_OK) {
-    NOTREACHED();
-    return false;
-  }
-
-  // Add the policy for the pipes.
-  if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
-                      sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
-                      L"\\\\.\\pipe\\chrome.*") != sandbox::SBOX_ALL_OK) {
-    NOTREACHED();
-    return false;
-  }
-
-  // Spawn the flash broker and apply sandbox policy.
-  if (LoadFlashBroker(plugin_path, command_line)) {
-    // UI job restrictions break windowless Flash, so just pick up single
-    // process limit for now.
-    policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
-    policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
-                          sandbox::USER_INTERACTIVE);
-    // Allow the Flash plugin to forward some messages back to Chrome.
-    if (base::win::GetVersion() == base::win::VERSION_VISTA) {
-      // Per-window message filters required on Win7 or later must be added to:
-      // render_widget_host_view_win.cc RenderWidgetHostViewWin::ReparentWindow
-      ::ChangeWindowMessageFilter(WM_MOUSEWHEEL, MSGFLT_ADD);
-      ::ChangeWindowMessageFilter(WM_APPCOMMAND, MSGFLT_ADD);
-    }
-    policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
-  } else {
-    // Could not start the broker, use a very weak policy instead.
-    DLOG(WARNING) << "Failed to start flash broker";
-    policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
-    policy->SetTokenLevel(
-        sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED);
-  }
-
-  return true;
-}
-#endif
-
 #if defined(OS_MACOSX) && !defined(OS_IOS)
 bool ChromeContentClient::GetSandboxProfileForSandboxType(
     int sandbox_type,
     int* sandbox_profile_resource_id) const {
   DCHECK(sandbox_profile_resource_id);
   if (sandbox_type == CHROME_SANDBOX_TYPE_NACL_LOADER) {
     *sandbox_profile_resource_id = IDR_NACL_SANDBOX_PROFILE;
     return true;
   }
   return false;
 }
 
 std::string ChromeContentClient::GetCarbonInterposePath() const {
   return std::string(kInterposeLibraryPath);
 }
 #endif
 
 bool ChromeContentClient::GetBundledFieldTrialPepperFlash(
     content::PepperPluginInfo* plugin,
     bool* override_npapi_flash) {
   if (!ConductingPepperFlashFieldTrial())
     return false;
   return GetBundledPepperFlash(plugin, override_npapi_flash);
 }
 
 }  // namespace chrome