OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <objbase.h> | 8 #include <objbase.h> |
9 #include <windows.h> | 9 #include <windows.h> |
10 #endif | 10 #endif |
(...skipping 29 matching lines...) Expand all Loading... |
40 // doesn't carry into any processes that plugins might start. | 40 // doesn't carry into any processes that plugins might start. |
41 void TrimInterposeEnvironment(); | 41 void TrimInterposeEnvironment(); |
42 | 42 |
43 // Initializes the global Cocoa application object. | 43 // Initializes the global Cocoa application object. |
44 void InitializeChromeApplication(); | 44 void InitializeChromeApplication(); |
45 #elif defined(OS_LINUX) | 45 #elif defined(OS_LINUX) |
46 // Work around an unimplemented instruction in 64-bit Flash. | 46 // Work around an unimplemented instruction in 64-bit Flash. |
47 void WorkaroundFlashLAHF(); | 47 void WorkaroundFlashLAHF(); |
48 #endif | 48 #endif |
49 | 49 |
| 50 #if defined(OS_WIN) |
| 51 // This function is provided so that the built-in flash can lock down the |
| 52 // sandbox by calling DelayedLowerToken(0). |
| 53 extern "C" DWORD __declspec(dllexport) __stdcall DelayedLowerToken(void* ts) { |
| 54 // s_ts is only set the first time the function is called, which happens |
| 55 // in PluginMain. |
| 56 static sandbox::TargetServices* s_ts = |
| 57 reinterpret_cast<sandbox::TargetServices*>(ts); |
| 58 if (ts) |
| 59 return 0; |
| 60 s_ts->LowerToken(); |
| 61 return 1; |
| 62 }; |
| 63 |
| 64 // Returns true if the plugin to be loaded is the internal flash. |
| 65 bool IsPluginBuiltInFlash(const CommandLine& cmd_line) { |
| 66 FilePath path = cmd_line.GetSwitchValuePath(switches::kPluginPath); |
| 67 return (path.BaseName() == FilePath(L"gcswf32.dll")); |
| 68 } |
| 69 #endif |
| 70 |
50 // main() routine for running as the plugin process. | 71 // main() routine for running as the plugin process. |
51 int PluginMain(const MainFunctionParams& parameters) { | 72 int PluginMain(const MainFunctionParams& parameters) { |
52 #if defined(USE_LINUX_BREAKPAD) | 73 #if defined(USE_LINUX_BREAKPAD) |
53 // Needs to be called after we have chrome::DIR_USER_DATA. | 74 // Needs to be called after we have chrome::DIR_USER_DATA. |
54 InitCrashReporter(); | 75 InitCrashReporter(); |
55 #endif | 76 #endif |
56 | 77 |
57 // The main thread of the plugin services UI. | 78 // The main thread of the plugin services UI. |
58 #if defined(OS_MACOSX) | 79 #if defined(OS_MACOSX) |
59 #if !defined(__LP64__) | 80 #if !defined(__LP64__) |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 } | 122 } |
102 #endif | 123 #endif |
103 if (parsed_command_line.HasSwitch(switches::kPluginStartupDialog)) { | 124 if (parsed_command_line.HasSwitch(switches::kPluginStartupDialog)) { |
104 ChildProcess::WaitForDebugger(L"Plugin"); | 125 ChildProcess::WaitForDebugger(L"Plugin"); |
105 } | 126 } |
106 | 127 |
107 { | 128 { |
108 ChildProcess plugin_process; | 129 ChildProcess plugin_process; |
109 plugin_process.set_main_thread(new PluginThread()); | 130 plugin_process.set_main_thread(new PluginThread()); |
110 #if defined(OS_WIN) | 131 #if defined(OS_WIN) |
111 if (!no_sandbox && target_services) | 132 if (!no_sandbox && target_services) { |
112 target_services->LowerToken(); | 133 // We are sandboxing the plugin. If it is a generic plug-in, we lock down |
113 | 134 // the sandbox right away, but if it is the built-in flash we let flash |
| 135 // start elevated and it will call DelayedLowerToken(0) when it's ready. |
| 136 if (IsPluginBuiltInFlash(parsed_command_line)) { |
| 137 DLOG(INFO) << "Sandboxing flash"; |
| 138 DelayedLowerToken(target_services); |
| 139 } else { |
| 140 target_services->LowerToken(); |
| 141 } |
| 142 } |
114 if (sandbox_test_module) { | 143 if (sandbox_test_module) { |
115 RunRendererTests run_security_tests = | 144 RunRendererTests run_security_tests = |
116 reinterpret_cast<RunPluginTests>(GetProcAddress(sandbox_test_module, | 145 reinterpret_cast<RunPluginTests>(GetProcAddress(sandbox_test_module, |
117 kPluginTestCall)); | 146 kPluginTestCall)); |
118 DCHECK(run_security_tests); | 147 DCHECK(run_security_tests); |
119 if (run_security_tests) { | 148 if (run_security_tests) { |
120 int test_count = 0; | 149 int test_count = 0; |
121 DLOG(INFO) << "Running plugin security tests"; | 150 DLOG(INFO) << "Running plugin security tests"; |
122 BOOL result = run_security_tests(&test_count); | 151 BOOL result = run_security_tests(&test_count); |
123 DCHECK(result) << "Test number " << test_count << " has failed."; | 152 DCHECK(result) << "Test number " << test_count << " has failed."; |
(...skipping 11 matching lines...) Expand all Loading... |
135 | 164 |
136 MessageLoop::current()->Run(); | 165 MessageLoop::current()->Run(); |
137 } | 166 } |
138 | 167 |
139 #if defined(OS_WIN) | 168 #if defined(OS_WIN) |
140 CoUninitialize(); | 169 CoUninitialize(); |
141 #endif | 170 #endif |
142 | 171 |
143 return 0; | 172 return 0; |
144 } | 173 } |
OLD | NEW |