Remove Legacy NPAPI Flash Sandbox support

content/common/sandbox_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_policy.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 226 matching lines @@
 // Adds policy rules for unloaded the known dlls that cause chrome to crash.
 // Eviction of injected DLLs is done by the sandbox so that the injected module
 // does not get a chance to execute any code.
 void AddGenericDllEvictionPolicy(sandbox::TargetPolicy* policy) {
   for (int ix = 0; ix != arraysize(kTroublesomeDlls); ++ix)
     BlacklistAddOneDll(kTroublesomeDlls[ix], true, policy);
 }
 
 // Same as AddGenericDllEvictionPolicy but specifically for plugins. In this
 // case we add the blacklisted dlls even if they are not loaded in this process.
 void AddPluginDllEvictionPolicy(sandbox::TargetPolicy* policy) {

[cpu_(ooo_6.6-7.5), 2012/10/04 17:46:40]

It seems the pepper plugin does not use this code so I think all code related to
PluginDllEviction can be removed, including the list.

[jschuh, 2012/10/04 22:14:53]

Done.

   for (int ix = 0; ix != arraysize(kTroublesomePluginDlls); ++ix)
     BlacklistAddOneDll(kTroublesomePluginDlls[ix], false, policy);
 }
 
 // Same as AddGenericDllEvictionPolicy but specifically for the GPU process.
 // In this we add the blacklisted dlls even if they are not loaded in this
 // process.
 void AddGpuDllEvictionPolicy(sandbox::TargetPolicy* policy) {
   for (int ix = 0; ix != arraysize(kTroublesomeGpuDlls); ++ix)
     BlacklistAddOneDll(kTroublesomeGpuDlls[ix], false, policy);
@@ skipping 442 matching lines @@
   }
 
   bool child_needs_help =
       DebugFlags::ProcessDebugFlags(cmd_line, type, in_sandbox);
 
   // Prefetch hints on windows:
   // Using a different prefetch profile per process type will allow Windows
   // to create separate pretetch settings for browser, renderer etc.
   cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", type));
 
-  sandbox::ResultCode result;
   base::win::ScopedProcessInformation target;
   sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
 
-#if !defined(NACL_WIN64)  // We don't need this code on win nacl64.
-  if (type == content::PROCESS_TYPE_PLUGIN &&
-      !browser_command_line.HasSwitch(switches::kNoSandbox) &&
-      content::GetContentClient()->SandboxPlugin(cmd_line, policy)) {
-    in_sandbox = true;
-  }
-#endif
-
   if (!in_sandbox) {

[cpu_(ooo_6.6-7.5), 2012/10/04 17:46:40]

we don't need to create policy (line 711) and then release it (line 714) now
that we don't have the SandboxPlugin call.

[jschuh, 2012/10/04 22:14:53]

Done.

     policy->Release();
     base::ProcessHandle process = 0;
     base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process);
     g_broker_services->AddTargetPeer(process);
     return process;
   }
 
   // TODO(jschuh): Make NaCl work with DEP and SEHOP. crbug.com/147752
   sandbox::MitigationFlags mitigations = MITIGATION_HEAP_TERMINATE |
                                          MITIGATION_BOTTOM_UP_ASLR |
@@ skipping 15 matching lines @@
                 MITIGATION_EXTENSION_DLL_DISABLE |
                 MITIGATION_DLL_SEARCH_ORDER;
 #if defined(NACL_WIN64)
   mitigations |= MITIGATION_DEP |
                  MITIGATION_DEP_NO_ATL_THUNK;
 #endif
 
   if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
-  if (type == content::PROCESS_TYPE_PLUGIN) {
-    AddGenericDllEvictionPolicy(policy);
-    AddPluginDllEvictionPolicy(policy);
-  } else if (type == content::PROCESS_TYPE_GPU) {
+  if (type == content::PROCESS_TYPE_GPU) {
     if (!AddPolicyForGPU(cmd_line, policy))
       return 0;
   } else {
     if (!AddPolicyForRenderer(policy))
       return 0;
     // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
     // Just have to figure out what needs to be warmed up first.
     if (type == content::PROCESS_TYPE_RENDERER ||
         type == content::PROCESS_TYPE_WORKER) {
       AddBaseHandleClosePolicy(policy);
     }
 
     // Pepper uses the renderer's policy, whith some tweaks.
     if (cmd_line->HasSwitch(switches::kGuestRenderer) ||
         type == content::PROCESS_TYPE_PPAPI_PLUGIN) {
       if (!AddPolicyForPepperPlugin(policy))
         return 0;
     }
 
 
     if (type_str != switches::kRendererProcess) {
       // Hack for Google Desktop crash. Trick GD into not injecting its DLL into
       // this subprocess. See
       // http://code.google.com/p/chromium/issues/detail?id=25580
       cmd_line->AppendSwitchASCII("ignored", " --type=renderer ");
     }
   }
 
+  sandbox::ResultCode result;
   if (!exposed_dir.empty()) {
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
                              exposed_dir.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return 0;
 
     FilePath exposed_files = exposed_dir.AppendASCII("*");
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
@@ skipping 94 matching lines @@
   return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
 }
 
 base::ProcessHandle StartProcessWithAccess(
     CommandLine* cmd_line,
     const FilePath& exposed_dir) {
   return sandbox::StartProcessWithAccess(cmd_line, exposed_dir);
 }
 
 }  // namespace content