Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(480)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/sandbox_policy.cc

Issue 213019: Preparing rollback in case things don't work out.... (Closed) Base URL: svn://chrome-svn.corp.google.com/chrome/trunk/src/
Patch Set: Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/renderer_host/resource_message_filter.cc ('k') | chrome/chrome.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/sandbox_policy.h" 5 #include "chrome/browser/sandbox_policy.h"
6 6
7 #include "app/win_util.h" 7 #include "app/win_util.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/debug_util.h" 9 #include "base/debug_util.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
(...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 base::ProcessHandle process = 0; 352 base::ProcessHandle process = 0;
353 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); 353 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
354 ChildProcessInfo::ProcessType type; 354 ChildProcessInfo::ProcessType type;
355 std::wstring type_str = cmd_line->GetSwitchValue(switches::kProcessType); 355 std::wstring type_str = cmd_line->GetSwitchValue(switches::kProcessType);
356 if (type_str == switches::kRendererProcess) { 356 if (type_str == switches::kRendererProcess) {
357 type = ChildProcessInfo::RENDER_PROCESS; 357 type = ChildProcessInfo::RENDER_PROCESS;
358 } else if (type_str == switches::kPluginProcess) { 358 } else if (type_str == switches::kPluginProcess) {
359 type = ChildProcessInfo::PLUGIN_PROCESS; 359 type = ChildProcessInfo::PLUGIN_PROCESS;
360 } else if (type_str == switches::kWorkerProcess) { 360 } else if (type_str == switches::kWorkerProcess) {
361 type = ChildProcessInfo::WORKER_PROCESS; 361 type = ChildProcessInfo::WORKER_PROCESS;
362 } else if (type_str == switches::kNaClProcess) {
363 type = ChildProcessInfo::NACL_PROCESS;
364 } else if (type_str == switches::kUtilityProcess) { 362 } else if (type_str == switches::kUtilityProcess) {
365 type = ChildProcessInfo::UTILITY_PROCESS; 363 type = ChildProcessInfo::UTILITY_PROCESS;
366 } else { 364 } else {
367 NOTREACHED(); 365 NOTREACHED();
368 return 0; 366 return 0;
369 } 367 }
370 368
371 bool in_sandbox = 369 bool in_sandbox =
372 !browser_command_line.HasSwitch(switches::kNoSandbox) && 370 !browser_command_line.HasSwitch(switches::kNoSandbox) &&
373 (type != ChildProcessInfo::PLUGIN_PROCESS || 371 (type != ChildProcessInfo::PLUGIN_PROCESS ||
(...skipping 15 matching lines...) Expand all
389 387
390 // spawn the child process in the sandbox 388 // spawn the child process in the sandbox
391 sandbox::BrokerServices* broker_service = 389 sandbox::BrokerServices* broker_service =
392 g_browser_process->broker_services(); 390 g_browser_process->broker_services();
393 391
394 sandbox::ResultCode result; 392 sandbox::ResultCode result;
395 PROCESS_INFORMATION target = {0}; 393 PROCESS_INFORMATION target = {0};
396 sandbox::TargetPolicy* policy = broker_service->CreatePolicy(); 394 sandbox::TargetPolicy* policy = broker_service->CreatePolicy();
397 395
398 bool on_sandbox_desktop = false; 396 bool on_sandbox_desktop = false;
399 // TODO(gregoryd): try locked-down policy for sel_ldr after we fix IMC.
400 // TODO(gregoryd): do we need a new desktop for sel_ldr?
401 if (type == ChildProcessInfo::PLUGIN_PROCESS) { 397 if (type == ChildProcessInfo::PLUGIN_PROCESS) {
402 if (!AddPolicyForPlugin(cmd_line, policy)) 398 if (!AddPolicyForPlugin(cmd_line, policy))
403 return 0; 399 return 0;
404 } else { 400 } else {
405 AddPolicyForRenderer(policy, &on_sandbox_desktop); 401 AddPolicyForRenderer(policy, &on_sandbox_desktop);
406 } 402 }
407 403
408 if (!exposed_dir.empty()) { 404 if (!exposed_dir.empty()) {
409 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, 405 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
410 sandbox::TargetPolicy::FILES_ALLOW_ANY, 406 sandbox::TargetPolicy::FILES_ALLOW_ANY,
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
447 443
448 // Help the process a little. It can't start the debugger by itself if 444 // Help the process a little. It can't start the debugger by itself if
449 // the process is in a sandbox. 445 // the process is in a sandbox.
450 if (child_needs_help) 446 if (child_needs_help)
451 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId); 447 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId);
452 448
453 return process; 449 return process;
454 } 450 }
455 451
456 } // namespace sandbox 452 } // namespace sandbox
OLDNEW
« no previous file with comments | « chrome/browser/renderer_host/resource_message_filter.cc ('k') | chrome/chrome.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698