| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/path_service.h" | |
| 9 #include "base/string_number_conversions.h" | |
| 10 #include "base/win/windows_version.h" | |
| 11 #include "chrome/app/breakpad_mac.h" | 8 #include "chrome/app/breakpad_mac.h" |
| 12 #include "chrome/browser/browser_process.h" | 9 #include "chrome/browser/browser_process.h" |
| 13 #include "chrome/browser/character_encoding.h" | 10 #include "chrome/browser/character_encoding.h" |
| 14 #include "chrome/browser/chrome_plugin_message_filter.h" | 11 #include "chrome/browser/chrome_plugin_message_filter.h" |
| 15 #include "chrome/browser/chrome_worker_message_filter.h" | 12 #include "chrome/browser/chrome_worker_message_filter.h" |
| 16 #include "chrome/browser/content_settings/host_content_settings_map.h" | 13 #include "chrome/browser/content_settings/host_content_settings_map.h" |
| 17 #include "chrome/browser/content_settings/tab_specific_content_settings.h" | 14 #include "chrome/browser/content_settings/tab_specific_content_settings.h" |
| 18 #include "chrome/browser/debugger/devtools_handler.h" | 15 #include "chrome/browser/debugger/devtools_handler.h" |
| 19 #include "chrome/browser/desktop_notification_handler.h" | 16 #include "chrome/browser/desktop_notification_handler.h" |
| 20 #include "chrome/browser/extensions/extension_message_handler.h" | 17 #include "chrome/browser/extensions/extension_message_handler.h" |
| 21 #include "chrome/browser/extensions/extension_service.h" | 18 #include "chrome/browser/extensions/extension_service.h" |
| 22 #include "chrome/browser/google/google_util.h" | 19 #include "chrome/browser/google/google_util.h" |
| 23 #include "chrome/browser/prefs/pref_service.h" | 20 #include "chrome/browser/prefs/pref_service.h" |
| 24 #include "chrome/browser/printing/printing_message_filter.h" | 21 #include "chrome/browser/printing/printing_message_filter.h" |
| 25 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
| 26 #include "chrome/browser/profiles/profile_io_data.h" | 23 #include "chrome/browser/profiles/profile_io_data.h" |
| 27 #include "chrome/browser/renderer_host/chrome_render_message_filter.h" | 24 #include "chrome/browser/renderer_host/chrome_render_message_filter.h" |
| 28 #include "chrome/browser/renderer_host/chrome_render_view_host_observer.h" | 25 #include "chrome/browser/renderer_host/chrome_render_view_host_observer.h" |
| 29 #include "chrome/browser/renderer_host/text_input_client_message_filter.h" | 26 #include "chrome/browser/renderer_host/text_input_client_message_filter.h" |
| 30 #include "chrome/browser/search_engines/search_provider_install_state_message_fi
lter.h" | 27 #include "chrome/browser/search_engines/search_provider_install_state_message_fi
lter.h" |
| 31 #include "chrome/browser/spellcheck_message_filter.h" | 28 #include "chrome/browser/spellcheck_message_filter.h" |
| 32 #include "chrome/browser/ui/webui/chrome_web_ui_factory.h" | 29 #include "chrome/browser/ui/webui/chrome_web_ui_factory.h" |
| 33 #include "chrome/common/child_process_logging.h" | 30 #include "chrome/common/child_process_logging.h" |
| 34 #include "chrome/common/chrome_paths.h" | |
| 35 #include "chrome/common/chrome_switches.h" | 31 #include "chrome/common/chrome_switches.h" |
| 36 #include "chrome/common/extensions/extension_messages.h" | 32 #include "chrome/common/extensions/extension_messages.h" |
| 37 #include "chrome/common/pref_names.h" | 33 #include "chrome/common/pref_names.h" |
| 38 #include "chrome/common/render_messages.h" | 34 #include "chrome/common/render_messages.h" |
| 39 #include "chrome/common/url_constants.h" | 35 #include "chrome/common/url_constants.h" |
| 40 #include "content/browser/browsing_instance.h" | 36 #include "content/browser/browsing_instance.h" |
| 41 #include "content/browser/child_process_security_policy.h" | 37 #include "content/browser/child_process_security_policy.h" |
| 42 #include "content/browser/plugin_process_host.h" | 38 #include "content/browser/plugin_process_host.h" |
| 43 #include "content/browser/renderer_host/browser_render_process_host.h" | 39 #include "content/browser/renderer_host/browser_render_process_host.h" |
| 44 #include "content/browser/renderer_host/render_view_host.h" | 40 #include "content/browser/renderer_host/render_view_host.h" |
| 45 #include "content/browser/resource_context.h" | 41 #include "content/browser/resource_context.h" |
| 46 #include "content/browser/site_instance.h" | 42 #include "content/browser/site_instance.h" |
| 47 #include "content/browser/tab_contents/tab_contents.h" | 43 #include "content/browser/tab_contents/tab_contents.h" |
| 48 #include "content/browser/worker_host/worker_process_host.h" | 44 #include "content/browser/worker_host/worker_process_host.h" |
| 49 #include "content/common/bindings_policy.h" | 45 #include "content/common/bindings_policy.h" |
| 50 #include "net/base/cookie_monster.h" | 46 #include "net/base/cookie_monster.h" |
| 51 #include "net/base/cookie_options.h" | 47 #include "net/base/cookie_options.h" |
| 52 | 48 |
| 53 #if defined(OS_LINUX) | 49 #if defined(OS_LINUX) |
| 54 #include "base/linux_util.h" | 50 #include "base/linux_util.h" |
| 55 #include "chrome/browser/crash_handler_host_linux.h" | 51 #include "chrome/browser/crash_handler_host_linux.h" |
| 56 #endif // OS_LINUX | 52 #endif // OS_LINUX |
| 57 | 53 |
| 58 #if defined(OS_WIN) | |
| 59 #include "chrome/common/sandbox_policy.h" | |
| 60 #include "sandbox/src/sandbox.h" | |
| 61 #endif | |
| 62 | |
| 63 namespace { | 54 namespace { |
| 64 | 55 |
| 65 void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) { | 56 void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) { |
| 66 // Note that due to GetEffectiveURL(), even hosted apps will have a | 57 // Note that due to GetEffectiveURL(), even hosted apps will have a |
| 67 // chrome-extension:// URL for their site, so we can ignore that wrinkle here. | 58 // chrome-extension:// URL for their site, so we can ignore that wrinkle here. |
| 68 SiteInstance* site_instance = render_view_host->site_instance(); | 59 SiteInstance* site_instance = render_view_host->site_instance(); |
| 69 const GURL& site = site_instance->site(); | 60 const GURL& site = site_instance->site(); |
| 70 RenderProcessHost* process = render_view_host->process(); | 61 RenderProcessHost* process = render_view_host->process(); |
| 71 | 62 |
| 72 if (!site.SchemeIs(chrome::kExtensionScheme)) | 63 if (!site.SchemeIs(chrome::kExtensionScheme)) |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 if (type == Extension::TYPE_EXTENSION || | 102 if (type == Extension::TYPE_EXTENSION || |
| 112 type == Extension::TYPE_USER_SCRIPT || | 103 type == Extension::TYPE_USER_SCRIPT || |
| 113 type == Extension::TYPE_PACKAGED_APP || | 104 type == Extension::TYPE_PACKAGED_APP || |
| 114 (type == Extension::TYPE_HOSTED_APP && | 105 (type == Extension::TYPE_HOSTED_APP && |
| 115 extension->location() == Extension::COMPONENT)) { | 106 extension->location() == Extension::COMPONENT)) { |
| 116 render_view_host->Send(new ExtensionMsg_ActivateExtension(extension->id())); | 107 render_view_host->Send(new ExtensionMsg_ActivateExtension(extension->id())); |
| 117 render_view_host->AllowBindings(BindingsPolicy::EXTENSION); | 108 render_view_host->AllowBindings(BindingsPolicy::EXTENSION); |
| 118 } | 109 } |
| 119 } | 110 } |
| 120 | 111 |
| 121 #if defined(OS_WIN) | |
| 122 // Launches the privileged flash broker, used when flash is sandboxed. | |
| 123 // The broker is the same flash dll, except that it uses a different | |
| 124 // entrypoint (BrokerMain) and it is hosted in windows' generic surrogate | |
| 125 // process rundll32. After launching the broker we need to pass to | |
| 126 // the flash plugin the process id of the broker via the command line | |
| 127 // using --flash-broker=pid. | |
| 128 // More info about rundll32 at http://support.microsoft.com/kb/164787. | |
| 129 bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) { | |
| 130 FilePath rundll; | |
| 131 if (!PathService::Get(base::DIR_SYSTEM, &rundll)) | |
| 132 return false; | |
| 133 rundll = rundll.AppendASCII("rundll32.exe"); | |
| 134 // Rundll32 cannot handle paths with spaces, so we use the short path. | |
| 135 wchar_t short_path[MAX_PATH]; | |
| 136 if (0 == ::GetShortPathNameW(plugin_path.value().c_str(), | |
| 137 short_path, arraysize(short_path))) | |
| 138 return false; | |
| 139 // Here is the kicker, if the user has disabled 8.3 (short path) support | |
| 140 // on the volume GetShortPathNameW does not fail but simply returns the | |
| 141 // input path. In this case if the path had any spaces then rundll32 will | |
| 142 // incorrectly interpret its parameters. So we quote the path, even though | |
| 143 // the kb/164787 says you should not. | |
| 144 std::wstring cmd_final = | |
| 145 base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome", | |
| 146 rundll.value().c_str(), | |
| 147 short_path); | |
| 148 base::ProcessHandle process; | |
| 149 if (!base::LaunchApp(cmd_final, false, true, &process)) | |
| 150 return false; | |
| 151 | |
| 152 cmd_line->AppendSwitchASCII("flash-broker", | |
| 153 base::Int64ToString(::GetProcessId(process))); | |
| 154 | |
| 155 // The flash broker, unders some circumstances can linger beyond the lifetime | |
| 156 // of the flash player, so we put it in a job object, when the browser | |
| 157 // terminates the job object is destroyed (by the OS) and the flash broker | |
| 158 // is terminated. | |
| 159 HANDLE job = ::CreateJobObjectW(NULL, NULL); | |
| 160 JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_limits = {0}; | |
| 161 job_limits.BasicLimitInformation.LimitFlags = | |
| 162 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; | |
| 163 if (::SetInformationJobObject(job, JobObjectExtendedLimitInformation, | |
| 164 &job_limits, sizeof(job_limits))) { | |
| 165 ::AssignProcessToJobObject(job, process); | |
| 166 // Yes, we are leaking the object here. Read comment above. | |
| 167 } else { | |
| 168 ::CloseHandle(job); | |
| 169 return false; | |
| 170 } | |
| 171 | |
| 172 ::CloseHandle(process); | |
| 173 return true; | |
| 174 } | |
| 175 #endif // OS_WIN | |
| 176 | |
| 177 } | 112 } |
| 178 | 113 |
| 179 namespace chrome { | 114 namespace chrome { |
| 180 | 115 |
| 181 void ChromeContentBrowserClient::RenderViewHostCreated( | 116 void ChromeContentBrowserClient::RenderViewHostCreated( |
| 182 RenderViewHost* render_view_host) { | 117 RenderViewHost* render_view_host) { |
| 183 new ChromeRenderViewHostObserver(render_view_host); | 118 new ChromeRenderViewHostObserver(render_view_host); |
| 184 new DesktopNotificationHandler(render_view_host); | 119 new DesktopNotificationHandler(render_view_host); |
| 185 new DevToolsHandler(render_view_host); | 120 new DevToolsHandler(render_view_host); |
| 186 new ExtensionMessageHandler(render_view_host); | 121 new ExtensionMessageHandler(render_view_host); |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 381 if (process_type == switches::kPpapiPluginProcess) | 316 if (process_type == switches::kPpapiPluginProcess) |
| 382 return PpapiCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); | 317 return PpapiCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); |
| 383 | 318 |
| 384 if (process_type == switches::kGpuProcess) | 319 if (process_type == switches::kGpuProcess) |
| 385 return GpuCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); | 320 return GpuCrashHandlerHostLinux::GetInstance()->GetDeathSignalSocket(); |
| 386 | 321 |
| 387 return -1; | 322 return -1; |
| 388 } | 323 } |
| 389 #endif | 324 #endif |
| 390 | 325 |
| 391 #if defined(OS_WIN) | |
| 392 bool ChromeContentBrowserClient::SandboxPlugin(CommandLine* command_line, | |
| 393 sandbox::TargetPolicy* policy) { | |
| 394 std::wstring plugin_dll = command_line-> | |
| 395 GetSwitchValueNative(switches::kPluginPath); | |
| 396 | |
| 397 FilePath builtin_flash; | |
| 398 if (!PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash)) | |
| 399 return false; | |
| 400 | |
| 401 FilePath plugin_path(plugin_dll); | |
| 402 if (plugin_path != builtin_flash) | |
| 403 return false; | |
| 404 | |
| 405 if (base::win::GetVersion() <= base::win::VERSION_XP || | |
| 406 CommandLine::ForCurrentProcess()->HasSwitch( | |
| 407 switches::kDisableFlashSandbox)) { | |
| 408 return false; | |
| 409 } | |
| 410 | |
| 411 // Add the policy for the pipes. | |
| 412 sandbox::ResultCode result = sandbox::SBOX_ALL_OK; | |
| 413 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 414 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
| 415 L"\\\\.\\pipe\\chrome.*"); | |
| 416 if (result != sandbox::SBOX_ALL_OK) { | |
| 417 NOTREACHED(); | |
| 418 return false; | |
| 419 } | |
| 420 | |
| 421 // Spawn the flash broker and apply sandbox policy. | |
| 422 if (LoadFlashBroker(plugin_path, command_line)) { | |
| 423 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | |
| 424 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | |
| 425 sandbox::USER_INTERACTIVE); | |
| 426 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
| 427 } else { | |
| 428 // Could not start the broker, use a very weak policy instead. | |
| 429 DLOG(WARNING) << "Failed to start flash broker"; | |
| 430 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | |
| 431 policy->SetTokenLevel( | |
| 432 sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED); | |
| 433 } | |
| 434 | |
| 435 return true; | |
| 436 } | |
| 437 #endif | |
| 438 | |
| 439 } // namespace chrome | 326 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7084010:
Move sandbox_policy to content. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/