Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/sandbox_policy.cc

Issue 3432014: Sandbox built-in flash player. Spawn broker... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/sandbox_policy.cc
===================================================================
--- chrome/common/sandbox_policy.cc (revision 59893)
+++ chrome/common/sandbox_policy.cc (working copy)
@@ -13,6 +13,8 @@
#include "base/logging.h"
#include "base/path_service.h"
#include "base/process_util.h"
+#include "base/stringprintf.h"
+#include "base/string_number_conversions.h"
#include "base/string_util.h"
#include "base/trace_event.h"
#include "base/win_util.h"
@@ -300,6 +302,37 @@
return true;
}
+// Launches the privileged flash broker, used when flash is sandboxed.
+// The broker is the same flash dll, except that it uses a different
+// entrypoint (BrokerMain) and it is hosted in windows' generic surrogate
+// process rundll32. After launching the broker we need to pass to
+// the flash plugin the process id of the broker via the command line
+// using --flash-broker=pid.
+// More info about rundll32 at http://support.microsoft.com/kb/164787.
+bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
+ FilePath rundll;
+ if (!PathService::Get(base::DIR_SYSTEM, &rundll))
+ return false;
+ rundll = rundll.AppendASCII("rundll32.exe");
+ // Rundll32 cannot handle paths with spaces, so we use the short path.
+ wchar_t short_path[MAX_PATH];
+ if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
+ short_path, arraysize(short_path)))
+ return false;
+ std::wstring cmd_final =
+ base::StringPrintf(L"%ls %ls,BrokerMain browser=chrome",
+ rundll.value().c_str(),
+ short_path);
+ base::ProcessHandle process;
+ if (!base::LaunchApp(cmd_final, false, true, &process))
+ return false;
+
+ cmd_line->AppendSwitchASCII("flash-broker",
+ base::Int64ToString(::GetProcessId(process)));
+ ::CloseHandle(process);
+ return true;
+}
+
// Creates a sandbox for the built-in flash plugin running in a restricted
// environment. This is a work in progress and for the time being do not
// pay attention to the duplication between this function and the above
@@ -309,8 +342,10 @@
policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
+
if (win_util::GetWinVersion() > win_util::WINVERSION_XP)
initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
+
policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED);
policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
@@ -325,20 +360,12 @@
sandbox::TargetPolicy::REG_ALLOW_ANY,
policy))
return false;
-
- // Use a different data folder for flash data. This needs to be
- // reverted once we stop the experiments.
- FilePath flash_path;
- PathService::Get(chrome::DIR_USER_DATA, &flash_path);
- flash_path = flash_path.AppendASCII("swflash");
- ::SetEnvironmentVariableW(L"CHROME_FLASH_ROOT",
- flash_path.ToWStringHack().c_str());
return true;
}
// Adds the custom policy rules for a given plugin. |trusted_plugins| contains
// the comma separate list of plugin dll names that should not be sandboxed.
-bool AddPolicyForPlugin(const CommandLine* cmd_line,
+bool AddPolicyForPlugin(CommandLine* cmd_line,
sandbox::TargetPolicy* policy) {
std::wstring plugin_dll = cmd_line->
GetSwitchValueNative(switches::kPluginPath);
@@ -358,8 +385,15 @@
FilePath builtin_flash;
if (PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash)) {
FilePath plugin_path(plugin_dll);
- if (plugin_path == builtin_flash)
+ if (plugin_path == builtin_flash) {
+ // Spawn the flash broker and apply sandbox policy.
+ if (!LoadFlashBroker(plugin_path, cmd_line)) {
+ // Could not start the broker, use a very weak policy instead.
+ DLOG(WARNING) << "Failed to start flash broker";
+ return ApplyPolicyForTrustedPlugin(policy);
+ }
return ApplyPolicyForBuiltInFlashPlugin(policy);
+ }
}
PluginPolicyCategory policy_category =
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698