| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/sandbox_policy.h" | 5 #include "chrome/common/sandbox_policy.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "app/win/win_util.h" | 9 #include "app/win/win_util.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 L"npggNT.dll", // GameGuard (older). | 57 L"npggNT.dll", // GameGuard (older). |
| 58 L"oawatch.dll", // Online Armor. | 58 L"oawatch.dll", // Online Armor. |
| 59 L"pavhook.dll", // Panda Internet Security. | 59 L"pavhook.dll", // Panda Internet Security. |
| 60 L"pavshook.dll", // Panda Antivirus. | 60 L"pavshook.dll", // Panda Antivirus. |
| 61 L"pctavhook.dll", // PC Tools Antivirus. | 61 L"pctavhook.dll", // PC Tools Antivirus. |
| 62 L"pctgmhk.dll", // PC Tools Spyware Doctor. | 62 L"pctgmhk.dll", // PC Tools Spyware Doctor. |
| 63 L"prntrack.dll", // Pharos Systems. | 63 L"prntrack.dll", // Pharos Systems. |
| 64 L"radhslib.dll", // Radiant Naomi Internet Filter. | 64 L"radhslib.dll", // Radiant Naomi Internet Filter. |
| 65 L"radprlib.dll", // Radiant Naomi Internet Filter. | 65 L"radprlib.dll", // Radiant Naomi Internet Filter. |
| 66 L"rlhook.dll", // Trustware Bufferzone. | 66 L"rlhook.dll", // Trustware Bufferzone. |
| 67 L"rpchromebrowserrecordhelper.dll", // RealPlayer. |
| 67 L"r3hook.dll", // Kaspersky Internet Security. | 68 L"r3hook.dll", // Kaspersky Internet Security. |
| 68 L"sahook.dll", // McAfee Site Advisor. | 69 L"sahook.dll", // McAfee Site Advisor. |
| 69 L"sbrige.dll", // Unknown. | 70 L"sbrige.dll", // Unknown. |
| 70 L"sc2hook.dll", // Supercopier 2. | 71 L"sc2hook.dll", // Supercopier 2. |
| 71 L"sguard.dll", // Iolo (System Guard). | 72 L"sguard.dll", // Iolo (System Guard). |
| 72 L"smum32.dll", // Spyware Doctor version 6. | 73 L"smum32.dll", // Spyware Doctor version 6. |
| 73 L"smumhook.dll", // Spyware Doctor version 5. | 74 L"smumhook.dll", // Spyware Doctor version 5. |
| 74 L"ssldivx.dll", // DivX. | 75 L"ssldivx.dll", // DivX. |
| 75 L"syncor11.dll", // SynthCore Midi interface. | 76 L"syncor11.dll", // SynthCore Midi interface. |
| 76 L"systools.dll", // Panda Antivirus. | 77 L"systools.dll", // Panda Antivirus. |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 318 bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) { | 319 bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) { |
| 319 FilePath rundll; | 320 FilePath rundll; |
| 320 if (!PathService::Get(base::DIR_SYSTEM, &rundll)) | 321 if (!PathService::Get(base::DIR_SYSTEM, &rundll)) |
| 321 return false; | 322 return false; |
| 322 rundll = rundll.AppendASCII("rundll32.exe"); | 323 rundll = rundll.AppendASCII("rundll32.exe"); |
| 323 // Rundll32 cannot handle paths with spaces, so we use the short path. | 324 // Rundll32 cannot handle paths with spaces, so we use the short path. |
| 324 wchar_t short_path[MAX_PATH]; | 325 wchar_t short_path[MAX_PATH]; |
| 325 if (0 == ::GetShortPathNameW(plugin_path.value().c_str(), | 326 if (0 == ::GetShortPathNameW(plugin_path.value().c_str(), |
| 326 short_path, arraysize(short_path))) | 327 short_path, arraysize(short_path))) |
| 327 return false; | 328 return false; |
| 329 // Here is the kicker, if the user has disabled 8.3 (short path) support |
| 330 // on the volume GetShortPathNameW does not fail but simply returns the |
| 331 // input path. In this case if the path had any spaces then rundll32 will |
| 332 // incorrectly interpret its parameters. So we quote the path, even though |
| 333 // the kb/164787 says you should not. |
| 328 std::wstring cmd_final = | 334 std::wstring cmd_final = |
| 329 base::StringPrintf(L"%ls %ls,BrokerMain browser=chrome", | 335 base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome", |
| 330 rundll.value().c_str(), | 336 rundll.value().c_str(), |
| 331 short_path); | 337 short_path); |
| 332 base::ProcessHandle process; | 338 base::ProcessHandle process; |
| 333 if (!base::LaunchApp(cmd_final, false, true, &process)) | 339 if (!base::LaunchApp(cmd_final, false, true, &process)) |
| 334 return false; | 340 return false; |
| 335 | 341 |
| 336 cmd_line->AppendSwitchASCII("flash-broker", | 342 cmd_line->AppendSwitchASCII("flash-broker", |
| 337 base::Int64ToString(::GetProcessId(process))); | 343 base::Int64ToString(::GetProcessId(process))); |
| 338 | 344 |
| 339 // The flash broker, unders some circumstances can linger beyond the lifetime | 345 // The flash broker, unders some circumstances can linger beyond the lifetime |
| (...skipping 11 matching lines...) Expand all Loading... |
| 351 } else { | 357 } else { |
| 352 ::CloseHandle(job); | 358 ::CloseHandle(job); |
| 353 return false; | 359 return false; |
| 354 } | 360 } |
| 355 | 361 |
| 356 ::CloseHandle(process); | 362 ::CloseHandle(process); |
| 357 return true; | 363 return true; |
| 358 } | 364 } |
| 359 | 365 |
| 360 // Creates a sandbox for the built-in flash plugin running in a restricted | 366 // Creates a sandbox for the built-in flash plugin running in a restricted |
| 361 // environment. This is a work in progress and for the time being do not | 367 // environment. This policy is in continual flux as flash changes |
| 362 // pay attention to the duplication between this function and the above | 368 // capabilities. For more information see bug 50796. |
| 363 // function. For more information see bug 50796. | |
| 364 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) { | 369 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) { |
| 365 // TODO(cpu): Lock down the job level more. | |
| 366 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | 370 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 371 // Vista and Win7 get a weaker token but have low integrity. |
| 372 if (base::win::GetVersion() > base::win::VERSION_XP) { |
| 373 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 374 sandbox::USER_INTERACTIVE); |
| 375 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 376 } else { |
| 377 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, |
| 378 sandbox::USER_LIMITED); |
| 367 | 379 |
| 368 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; | 380 if (!AddKeyAndSubkeys(L"HKEY_LOCAL_MACHINE\\SOFTWARE", |
| 381 sandbox::TargetPolicy::REG_ALLOW_READONLY, |
| 382 policy)) |
| 383 return false; |
| 384 if (!AddKeyAndSubkeys(L"HKEY_LOCAL_MACHINE\\SYSTEM", |
| 385 sandbox::TargetPolicy::REG_ALLOW_READONLY, |
| 386 policy)) |
| 387 return false; |
| 369 | 388 |
| 370 if (base::win::GetVersion() > base::win::VERSION_XP) | 389 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE", |
| 371 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; | 390 sandbox::TargetPolicy::REG_ALLOW_READONLY, |
| 391 policy)) |
| 392 return false; |
| 393 } |
| 372 | 394 |
| 373 policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED); | 395 AddDllEvictionPolicy(policy); |
| 374 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
| 375 | |
| 376 // TODO(cpu): Proxy registry access and remove these policies. | |
| 377 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\ADOBE", | |
| 378 sandbox::TargetPolicy::REG_ALLOW_ANY, | |
| 379 policy)) | |
| 380 return false; | |
| 381 | |
| 382 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\MACROMEDIA", | |
| 383 sandbox::TargetPolicy::REG_ALLOW_ANY, | |
| 384 policy)) | |
| 385 return false; | |
| 386 return true; | 396 return true; |
| 387 } | 397 } |
| 388 | 398 |
| 389 // Returns true of the plugin specified in |cmd_line| is the built-in | 399 // Returns true of the plugin specified in |cmd_line| is the built-in |
| 390 // flash plugin and optionally returns its full path in |flash_path| | 400 // flash plugin and optionally returns its full path in |flash_path| |
| 391 bool IsBuiltInFlash(const CommandLine* cmd_line, FilePath* flash_path) { | 401 bool IsBuiltInFlash(const CommandLine* cmd_line, FilePath* flash_path) { |
| 392 std::wstring plugin_dll = cmd_line-> | 402 std::wstring plugin_dll = cmd_line-> |
| 393 GetSwitchValueNative(switches::kPluginPath); | 403 GetSwitchValueNative(switches::kPluginPath); |
| 394 | 404 |
| 395 FilePath builtin_flash; | 405 FilePath builtin_flash; |
| (...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 638 | 648 |
| 639 // Help the process a little. It can't start the debugger by itself if | 649 // Help the process a little. It can't start the debugger by itself if |
| 640 // the process is in a sandbox. | 650 // the process is in a sandbox. |
| 641 if (child_needs_help) | 651 if (child_needs_help) |
| 642 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); | 652 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); |
| 643 | 653 |
| 644 return process; | 654 return process; |
| 645 } | 655 } |
| 646 | 656 |
| 647 } // namespace sandbox | 657 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6139006:
Change the flash sandbox policy to add support for:... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/