chrome/browser/sandbox_policy.cc - Issue 113190: Add support for alternate window station.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/sandbox_policy.cc

Issue 113190: Add support for alternate window station. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 11 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/sandbox_policy.cc

===================================================================

--- chrome/browser/sandbox_policy.cc (revision 16307)

+++ chrome/browser/sandbox_policy.cc (working copy)

@@ -1,4 +1,4 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

@@ -27,8 +27,6 @@

namespace {

-const wchar_t* const kDesktopName = L"ChromeRendererDesktop";

// The DLLs listed here are known (or under strong suspicion) of causing crashes

// when they are loaded in the renderer.

const wchar_t* const kTroublesomeDlls[] = {

@@ -315,7 +313,8 @@

return false;

}

-void AddPolicyForRenderer(HDESK desktop, sandbox::TargetPolicy* policy) {

+void AddPolicyForRenderer(sandbox::TargetPolicy* policy,

+ bool* on_sandbox_desktop) {

policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);

sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;

@@ -328,9 +327,13 @@

policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);

policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);

- if (desktop) {

- policy->SetDesktop(kDesktopName);

+ bool use_winsta = !CommandLine::ForCurrentProcess()->HasSwitch(

+ switches::kDisableAltWinstation);

+ if (sandbox::SBOX_ALL_OK == policy->SetAlternateDesktop(use_winsta)) {

+ *on_sandbox_desktop = true;

} else {

+ *on_sandbox_desktop = false;

DLOG(WARNING) << "Failed to apply desktop security to the renderer";

}

@@ -391,14 +394,12 @@

PROCESS_INFORMATION target = {0};

sandbox::TargetPolicy* policy = broker_service->CreatePolicy();

- HDESK desktop = NULL;

+ bool on_sandbox_desktop = false;

if (type == ChildProcessInfo::PLUGIN_PROCESS) {

if (!AddPolicyForPlugin(cmd_line, policy))

return 0;

} else {

- desktop = CreateDesktop(

- kDesktopName, NULL, NULL, 0, DESKTOP_CREATEWINDOW, NULL);

- AddPolicyForRenderer(desktop, policy);

+ AddPolicyForRenderer(policy, &on_sandbox_desktop);

}

if (!exposed_dir.empty()) {

@@ -418,8 +419,6 @@

if (!AddGenericPolicy(policy)) {

NOTREACHED();

- if (desktop)

- CloseDesktop(desktop);

return 0;

}

@@ -429,14 +428,10 @@

policy, &target);

policy->Release();

- if (desktop)

- CloseDesktop(desktop);

if (sandbox::SBOX_ALL_OK != result)

return 0;

if (type == ChildProcessInfo::RENDER_PROCESS) {

- bool on_sandbox_desktop = (desktop != NULL);

NotificationService::current()->Notify(

NotificationType::RENDERER_PROCESS_IN_SBOX,

NotificationService::AllSources(),

« no previous file with comments | « chrome/browser/browser_main.cc ('k') | chrome/common/chrome_switches.h » ('j') | chrome/renderer/renderer_main_platform_delegate_win.cc » ('J')