| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/path_service.h" |
| 9 #include "base/string_number_conversions.h" |
| 10 #include "base/win/windows_version.h" |
| 8 #include "chrome/app/breakpad_mac.h" | 11 #include "chrome/app/breakpad_mac.h" |
| 9 #include "chrome/browser/browser_process.h" | 12 #include "chrome/browser/browser_process.h" |
| 10 #include "chrome/browser/character_encoding.h" | 13 #include "chrome/browser/character_encoding.h" |
| 11 #include "chrome/browser/chrome_plugin_message_filter.h" | 14 #include "chrome/browser/chrome_plugin_message_filter.h" |
| 12 #include "chrome/browser/chrome_worker_message_filter.h" | 15 #include "chrome/browser/chrome_worker_message_filter.h" |
| 13 #include "chrome/browser/content_settings/host_content_settings_map.h" | 16 #include "chrome/browser/content_settings/host_content_settings_map.h" |
| 14 #include "chrome/browser/content_settings/tab_specific_content_settings.h" | 17 #include "chrome/browser/content_settings/tab_specific_content_settings.h" |
| 15 #include "chrome/browser/debugger/devtools_handler.h" | 18 #include "chrome/browser/debugger/devtools_handler.h" |
| 16 #include "chrome/browser/desktop_notification_handler.h" | 19 #include "chrome/browser/desktop_notification_handler.h" |
| 17 #include "chrome/browser/extensions/extension_message_handler.h" | 20 #include "chrome/browser/extensions/extension_message_handler.h" |
| 18 #include "chrome/browser/extensions/extension_service.h" | 21 #include "chrome/browser/extensions/extension_service.h" |
| 19 #include "chrome/browser/google/google_util.h" | 22 #include "chrome/browser/google/google_util.h" |
| 20 #include "chrome/browser/prefs/pref_service.h" | 23 #include "chrome/browser/prefs/pref_service.h" |
| 21 #include "chrome/browser/printing/printing_message_filter.h" | 24 #include "chrome/browser/printing/printing_message_filter.h" |
| 22 #include "chrome/browser/profiles/profile.h" | 25 #include "chrome/browser/profiles/profile.h" |
| 23 #include "chrome/browser/profiles/profile_io_data.h" | 26 #include "chrome/browser/profiles/profile_io_data.h" |
| 24 #include "chrome/browser/renderer_host/chrome_render_message_filter.h" | 27 #include "chrome/browser/renderer_host/chrome_render_message_filter.h" |
| 25 #include "chrome/browser/renderer_host/chrome_render_view_host_observer.h" | 28 #include "chrome/browser/renderer_host/chrome_render_view_host_observer.h" |
| 26 #include "chrome/browser/renderer_host/text_input_client_message_filter.h" | 29 #include "chrome/browser/renderer_host/text_input_client_message_filter.h" |
| 27 #include "chrome/browser/search_engines/search_provider_install_state_message_fi
lter.h" | 30 #include "chrome/browser/search_engines/search_provider_install_state_message_fi
lter.h" |
| 28 #include "chrome/browser/spellcheck_message_filter.h" | 31 #include "chrome/browser/spellcheck_message_filter.h" |
| 29 #include "chrome/browser/ui/webui/chrome_web_ui_factory.h" | 32 #include "chrome/browser/ui/webui/chrome_web_ui_factory.h" |
| 30 #include "chrome/common/child_process_logging.h" | 33 #include "chrome/common/child_process_logging.h" |
| 34 #include "chrome/common/chrome_paths.h" |
| 31 #include "chrome/common/chrome_switches.h" | 35 #include "chrome/common/chrome_switches.h" |
| 32 #include "chrome/common/extensions/extension_messages.h" | 36 #include "chrome/common/extensions/extension_messages.h" |
| 33 #include "chrome/common/pref_names.h" | 37 #include "chrome/common/pref_names.h" |
| 34 #include "chrome/common/render_messages.h" | 38 #include "chrome/common/render_messages.h" |
| 35 #include "chrome/common/url_constants.h" | 39 #include "chrome/common/url_constants.h" |
| 36 #include "content/browser/browsing_instance.h" | 40 #include "content/browser/browsing_instance.h" |
| 37 #include "content/browser/child_process_security_policy.h" | 41 #include "content/browser/child_process_security_policy.h" |
| 38 #include "content/browser/plugin_process_host.h" | 42 #include "content/browser/plugin_process_host.h" |
| 39 #include "content/browser/renderer_host/browser_render_process_host.h" | 43 #include "content/browser/renderer_host/browser_render_process_host.h" |
| 40 #include "content/browser/renderer_host/render_view_host.h" | 44 #include "content/browser/renderer_host/render_view_host.h" |
| 41 #include "content/browser/resource_context.h" | 45 #include "content/browser/resource_context.h" |
| 42 #include "content/browser/site_instance.h" | 46 #include "content/browser/site_instance.h" |
| 43 #include "content/browser/tab_contents/tab_contents.h" | 47 #include "content/browser/tab_contents/tab_contents.h" |
| 44 #include "content/browser/worker_host/worker_process_host.h" | 48 #include "content/browser/worker_host/worker_process_host.h" |
| 45 #include "content/common/bindings_policy.h" | 49 #include "content/common/bindings_policy.h" |
| 46 #include "net/base/cookie_monster.h" | 50 #include "net/base/cookie_monster.h" |
| 47 #include "net/base/cookie_options.h" | 51 #include "net/base/cookie_options.h" |
| 48 | 52 |
| 49 #if defined(OS_LINUX) | 53 #if defined(OS_LINUX) |
| 50 #include "base/linux_util.h" | 54 #include "base/linux_util.h" |
| 51 #include "chrome/browser/crash_handler_host_linux.h" | 55 #include "chrome/browser/crash_handler_host_linux.h" |
| 52 #endif // OS_LINUX | 56 #endif // OS_LINUX |
| 53 | 57 |
| 58 #if defined(OS_WIN) |
| 59 #include "chrome/common/sandbox_policy.h" |
| 60 #include "sandbox/src/sandbox.h" |
| 61 #endif |
| 62 |
| 54 namespace { | 63 namespace { |
| 55 | 64 |
| 56 void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) { | 65 void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) { |
| 57 // Note that due to GetEffectiveURL(), even hosted apps will have a | 66 // Note that due to GetEffectiveURL(), even hosted apps will have a |
| 58 // chrome-extension:// URL for their site, so we can ignore that wrinkle here. | 67 // chrome-extension:// URL for their site, so we can ignore that wrinkle here. |
| 59 SiteInstance* site_instance = render_view_host->site_instance(); | 68 SiteInstance* site_instance = render_view_host->site_instance(); |
| 60 const GURL& site = site_instance->site(); | 69 const GURL& site = site_instance->site(); |
| 61 RenderProcessHost* process = render_view_host->process(); | 70 RenderProcessHost* process = render_view_host->process(); |
| 62 | 71 |
| 63 if (!site.SchemeIs(chrome::kExtensionScheme)) | 72 if (!site.SchemeIs(chrome::kExtensionScheme)) |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 if (type == Extension::TYPE_EXTENSION || | 111 if (type == Extension::TYPE_EXTENSION || |
| 103 type == Extension::TYPE_USER_SCRIPT || | 112 type == Extension::TYPE_USER_SCRIPT || |
| 104 type == Extension::TYPE_PACKAGED_APP || | 113 type == Extension::TYPE_PACKAGED_APP || |
| 105 (type == Extension::TYPE_HOSTED_APP && | 114 (type == Extension::TYPE_HOSTED_APP && |
| 106 extension->location() == Extension::COMPONENT)) { | 115 extension->location() == Extension::COMPONENT)) { |
| 107 render_view_host->Send(new ExtensionMsg_ActivateExtension(extension->id())); | 116 render_view_host->Send(new ExtensionMsg_ActivateExtension(extension->id())); |
| 108 render_view_host->AllowBindings(BindingsPolicy::EXTENSION); | 117 render_view_host->AllowBindings(BindingsPolicy::EXTENSION); |
| 109 } | 118 } |
| 110 } | 119 } |
| 111 | 120 |
| 121 #if defined(OS_WIN) |
| 122 // Launches the privileged flash broker, used when flash is sandboxed. |
| 123 // The broker is the same flash dll, except that it uses a different |
| 124 // entrypoint (BrokerMain) and it is hosted in windows' generic surrogate |
| 125 // process rundll32. After launching the broker we need to pass to |
| 126 // the flash plugin the process id of the broker via the command line |
| 127 // using --flash-broker=pid. |
| 128 // More info about rundll32 at http://support.microsoft.com/kb/164787. |
| 129 bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) { |
| 130 FilePath rundll; |
| 131 if (!PathService::Get(base::DIR_SYSTEM, &rundll)) |
| 132 return false; |
| 133 rundll = rundll.AppendASCII("rundll32.exe"); |
| 134 // Rundll32 cannot handle paths with spaces, so we use the short path. |
| 135 wchar_t short_path[MAX_PATH]; |
| 136 if (0 == ::GetShortPathNameW(plugin_path.value().c_str(), |
| 137 short_path, arraysize(short_path))) |
| 138 return false; |
| 139 // Here is the kicker, if the user has disabled 8.3 (short path) support |
| 140 // on the volume GetShortPathNameW does not fail but simply returns the |
| 141 // input path. In this case if the path had any spaces then rundll32 will |
| 142 // incorrectly interpret its parameters. So we quote the path, even though |
| 143 // the kb/164787 says you should not. |
| 144 std::wstring cmd_final = |
| 145 base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome", |
| 146 rundll.value().c_str(), |
| 147 short_path); |
| 148 base::ProcessHandle process; |
| 149 if (!base::LaunchApp(cmd_final, false, true, &process)) |
| 150 return false; |
| 151 |
| 152 cmd_line->AppendSwitchASCII("flash-broker", |
| 153 base::Int64ToString(::GetProcessId(process))); |
| 154 |
| 155 // The flash broker, unders some circumstances can linger beyond the lifetime |
| 156 // of the flash player, so we put it in a job object, when the browser |
| 157 // terminates the job object is destroyed (by the OS) and the flash broker |
| 158 // is terminated. |
| 159 HANDLE job = ::CreateJobObjectW(NULL, NULL); |
| 160 JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_limits = {0}; |
| 161 job_limits.BasicLimitInformation.LimitFlags = |
| 162 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; |
| 163 if (::SetInformationJobObject(job, JobObjectExtendedLimitInformation, |
| 164 &job_limits, sizeof(job_limits))) { |
| 165 ::AssignProcessToJobObject(job, process); |
| 166 // Yes, we are leaking the object here. Read comment above. |
| 167 } else { |
| 168 ::CloseHandle(job); |
| 169 return false; |
| 170 } |
| 171 |
| 172 ::CloseHandle(process); |
| 173 return true; |
| 174 } |
| 175 #endif // OS_WIN |
| 176 |
| 112 } | 177 } |
| 113 | 178 |
| 114 namespace chrome { | 179 namespace chrome { |
| 115 | 180 |
| 116 void ChromeContentBrowserClient::RenderViewHostCreated( | 181 void ChromeContentBrowserClient::RenderViewHostCreated( |
| 117 RenderViewHost* render_view_host) { | 182 RenderViewHost* render_view_host) { |
| 118 new ChromeRenderViewHostObserver(render_view_host); | 183 new ChromeRenderViewHostObserver(render_view_host); |
| 119 new DesktopNotificationHandler(render_view_host); | 184 new DesktopNotificationHandler(render_view_host); |
| 120 new DevToolsHandler(render_view_host); | 185 new DevToolsHandler(render_view_host); |
| 121 new ExtensionMessageHandler(render_view_host); | 186 new ExtensionMessageHandler(render_view_host); |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 if (process_type == switches::kPpapiPluginProcess) | 381 if (process_type == switches::kPpapiPluginProcess) |
| 317 return PpapiCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); | 382 return PpapiCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); |
| 318 | 383 |
| 319 if (process_type == switches::kGpuProcess) | 384 if (process_type == switches::kGpuProcess) |
| 320 return GpuCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); | 385 return GpuCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); |
| 321 | 386 |
| 322 return -1; | 387 return -1; |
| 323 } | 388 } |
| 324 #endif | 389 #endif |
| 325 | 390 |
| 391 #if defined(OS_WIN) |
| 392 bool ChromeContentBrowserClient::SandboxPlugin(CommandLine* command_line, |
| 393 sandbox::TargetPolicy* policy) { |
| 394 std::wstring plugin_dll = command_line-> |
| 395 GetSwitchValueNative(switches::kPluginPath); |
| 396 |
| 397 FilePath builtin_flash; |
| 398 if (!PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash)) |
| 399 return false; |
| 400 |
| 401 FilePath plugin_path(plugin_dll); |
| 402 if (plugin_path != builtin_flash) |
| 403 return false; |
| 404 |
| 405 if (base::win::GetVersion() <= base::win::VERSION_XP || |
| 406 CommandLine::ForCurrentProcess()->HasSwitch( |
| 407 switches::kDisableFlashSandbox)) { |
| 408 return false; |
| 409 } |
| 410 |
| 411 // Add the policy for the pipes. |
| 412 sandbox::ResultCode result = sandbox::SBOX_ALL_OK; |
| 413 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 414 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 415 L"\\\\.\\pipe\\chrome.*"); |
| 416 if (result != sandbox::SBOX_ALL_OK) { |
| 417 NOTREACHED(); |
| 418 return false; |
| 419 } |
| 420 |
| 421 // Spawn the flash broker and apply sandbox policy. |
| 422 if (LoadFlashBroker(plugin_path, command_line)) { |
| 423 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 424 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 425 sandbox::USER_INTERACTIVE); |
| 426 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 427 } else { |
| 428 // Could not start the broker, use a very weak policy instead. |
| 429 DLOG(WARNING) << "Failed to start flash broker"; |
| 430 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 431 policy->SetTokenLevel( |
| 432 sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED); |
| 433 } |
| 434 |
| 435 return true; |
| 436 } |
| 437 #endif |
| 438 |
| 326 } // namespace chrome | 439 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7074025:
Get rid of content dependency from sandbox_policy.h (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/