| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/common/sandbox_policy.h" | |
| 6 | |
| 7 #include <string> | |
| 8 | |
| 9 #include "base/command_line.h" | |
| 10 #include "base/debug/debugger.h" | |
| 11 #include "base/debug/trace_event.h" | |
| 12 #include "base/file_util.h" | |
| 13 #include "base/logging.h" | |
| 14 #include "base/path_service.h" | |
| 15 #include "base/process_util.h" | |
| 16 #include "base/stringprintf.h" | |
| 17 #include "base/string_util.h" | |
| 18 #include "base/win/windows_version.h" | |
| 19 #include "content/browser/content_browser_client.h" | |
| 20 #include "content/common/content_switches.h" | |
| 21 #include "content/common/child_process_info.h" | |
| 22 #include "content/common/debug_flags.h" | |
| 23 #include "sandbox/src/sandbox.h" | |
| 24 | |
| 25 static sandbox::BrokerServices* g_broker_services = NULL; | |
| 26 | |
| 27 namespace { | |
| 28 | |
| 29 // The DLLs listed here are known (or under strong suspicion) of causing crashes | |
| 30 // when they are loaded in the renderer. Note: at runtime we generate short | |
| 31 // versions of the dll name only if the dll has an extension. | |
| 32 const wchar_t* const kTroublesomeDlls[] = { | |
| 33 L"adialhk.dll", // Kaspersky Internet Security. | |
| 34 L"acpiz.dll", // Unknown. | |
| 35 L"avgrsstx.dll", // AVG 8. | |
| 36 L"babylonchromepi.dll", // Babylon translator. | |
| 37 L"btkeyind.dll", // Widcomm Bluetooth. | |
| 38 L"cmcsyshk.dll", // CMC Internet Security. | |
| 39 L"cooliris.dll", // CoolIris. | |
| 40 L"dockshellhook.dll", // Stardock Objectdock. | |
| 41 L"googledesktopnetwork3.dll", // Google Desktop Search v5. | |
| 42 L"fwhook.dll", // PC Tools Firewall Plus. | |
| 43 L"hookprocesscreation.dll", // Blumentals Program protector. | |
| 44 L"hookterminateapis.dll", // Blumentals and Cyberprinter. | |
| 45 L"hookprintapis.dll", // Cyberprinter. | |
| 46 L"imon.dll", // NOD32 Antivirus. | |
| 47 L"ioloHL.dll", // Iolo (System Mechanic). | |
| 48 L"kloehk.dll", // Kaspersky Internet Security. | |
| 49 L"lawenforcer.dll", // Spyware-Browser AntiSpyware (Spybro). | |
| 50 L"libdivx.dll", // DivX. | |
| 51 L"lvprcinj01.dll", // Logitech QuickCam. | |
| 52 L"madchook.dll", // Madshi (generic hooking library). | |
| 53 L"mdnsnsp.dll", // Bonjour. | |
| 54 L"moonsysh.dll", // Moon Secure Antivirus. | |
| 55 L"npdivx32.dll", // DivX. | |
| 56 L"npggNT.des", // GameGuard 2008. | |
| 57 L"npggNT.dll", // GameGuard (older). | |
| 58 L"oawatch.dll", // Online Armor. | |
| 59 L"pavhook.dll", // Panda Internet Security. | |
| 60 L"pavshook.dll", // Panda Antivirus. | |
| 61 L"pavshookwow.dll", // Panda Antivirus. | |
| 62 L"pctavhook.dll", // PC Tools Antivirus. | |
| 63 L"pctgmhk.dll", // PC Tools Spyware Doctor. | |
| 64 L"prntrack.dll", // Pharos Systems. | |
| 65 L"radhslib.dll", // Radiant Naomi Internet Filter. | |
| 66 L"radprlib.dll", // Radiant Naomi Internet Filter. | |
| 67 L"rapportnikko.dll", // Trustware Rapport. | |
| 68 L"rlhook.dll", // Trustware Bufferzone. | |
| 69 L"rooksdol.dll", // Trustware Rapport. | |
| 70 L"rpchromebrowserrecordhelper.dll", // RealPlayer. | |
| 71 L"rpmainbrowserrecordplugin.dll", // RealPlayer. | |
| 72 L"r3hook.dll", // Kaspersky Internet Security. | |
| 73 L"sahook.dll", // McAfee Site Advisor. | |
| 74 L"sbrige.dll", // Unknown. | |
| 75 L"sc2hook.dll", // Supercopier 2. | |
| 76 L"sguard.dll", // Iolo (System Guard). | |
| 77 L"smum32.dll", // Spyware Doctor version 6. | |
| 78 L"smumhook.dll", // Spyware Doctor version 5. | |
| 79 L"ssldivx.dll", // DivX. | |
| 80 L"syncor11.dll", // SynthCore Midi interface. | |
| 81 L"systools.dll", // Panda Antivirus. | |
| 82 L"tfwah.dll", // Threatfire (PC tools). | |
| 83 L"ycwebcamerasource.ax", // Cyberlink Camera helper. | |
| 84 L"wblind.dll", // Stardock Object desktop. | |
| 85 L"wbhelp.dll", // Stardock Object desktop. | |
| 86 L"winstylerthemehelper.dll" // Tuneup utilities 2006. | |
| 87 }; | |
| 88 | |
| 89 // Adds the policy rules for the path and path\ with the semantic |access|. | |
| 90 // If |children| is set to true, we need to add the wildcard rules to also | |
| 91 // apply the rule to the subfiles and subfolders. | |
| 92 bool AddDirectory(int path, const wchar_t* sub_dir, bool children, | |
| 93 sandbox::TargetPolicy::Semantics access, | |
| 94 sandbox::TargetPolicy* policy) { | |
| 95 FilePath directory; | |
| 96 if (!PathService::Get(path, &directory)) | |
| 97 return false; | |
| 98 | |
| 99 if (sub_dir) { | |
| 100 directory = directory.Append(sub_dir); | |
| 101 file_util::AbsolutePath(&directory); | |
| 102 } | |
| 103 | |
| 104 sandbox::ResultCode result; | |
| 105 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, | |
| 106 directory.value().c_str()); | |
| 107 if (result != sandbox::SBOX_ALL_OK) | |
| 108 return false; | |
| 109 | |
| 110 std::wstring directory_str = directory.value() + L"\\"; | |
| 111 if (children) | |
| 112 directory_str += L"*"; | |
| 113 // Otherwise, add the version of the path that ends with a separator. | |
| 114 | |
| 115 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, | |
| 116 directory_str.c_str()); | |
| 117 if (result != sandbox::SBOX_ALL_OK) | |
| 118 return false; | |
| 119 | |
| 120 return true; | |
| 121 } | |
| 122 | |
| 123 // Adds the policy rules for the path and path\* with the semantic |access|. | |
| 124 // We need to add the wildcard rules to also apply the rule to the subkeys. | |
| 125 bool AddKeyAndSubkeys(std::wstring key, | |
| 126 sandbox::TargetPolicy::Semantics access, | |
| 127 sandbox::TargetPolicy* policy) { | |
| 128 sandbox::ResultCode result; | |
| 129 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, | |
| 130 key.c_str()); | |
| 131 if (result != sandbox::SBOX_ALL_OK) | |
| 132 return false; | |
| 133 | |
| 134 key += L"\\*"; | |
| 135 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, | |
| 136 key.c_str()); | |
| 137 if (result != sandbox::SBOX_ALL_OK) | |
| 138 return false; | |
| 139 | |
| 140 return true; | |
| 141 } | |
| 142 | |
| 143 // Compares the loaded |module| file name matches |module_name|. | |
| 144 bool IsExpandedModuleName(HMODULE module, const wchar_t* module_name) { | |
| 145 wchar_t path[MAX_PATH]; | |
| 146 DWORD sz = ::GetModuleFileNameW(module, path, arraysize(path)); | |
| 147 if ((sz == arraysize(path)) || (sz == 0)) { | |
| 148 // XP does not set the last error properly, so we bail out anyway. | |
| 149 return false; | |
| 150 } | |
| 151 if (!::GetLongPathName(path, path, arraysize(path))) | |
| 152 return false; | |
| 153 FilePath fname(path); | |
| 154 return (fname.BaseName().value() == module_name); | |
| 155 } | |
| 156 | |
| 157 // Adds a single dll by |module_name| into the |policy| blacklist. | |
| 158 // To minimize the list we only add an unload policy only if the dll is | |
| 159 // also loaded in this process. All the injected dlls of interest do this. | |
| 160 void BlacklistAddOneDll(const wchar_t* module_name, | |
| 161 sandbox::TargetPolicy* policy) { | |
| 162 HMODULE module = ::GetModuleHandleW(module_name); | |
| 163 if (!module) { | |
| 164 // The module could have been loaded with a 8.3 short name. We use | |
| 165 // the most common case: 'thelongname.dll' becomes 'thelon~1.dll'. | |
| 166 std::wstring name(module_name); | |
| 167 size_t period = name.rfind(L'.'); | |
| 168 DCHECK_NE(std::string::npos, period); | |
| 169 DCHECK_LE(3U, (name.size() - period)); | |
| 170 if (period <= 8) | |
| 171 return; | |
| 172 std::wstring alt_name = name.substr(0, 6) + L"~1"; | |
| 173 alt_name += name.substr(period, name.size()); | |
| 174 module = ::GetModuleHandleW(alt_name.c_str()); | |
| 175 if (!module) | |
| 176 return; | |
| 177 // We found it, but because it only has 6 significant letters, we | |
| 178 // want to make sure it is the right one. | |
| 179 if (!IsExpandedModuleName(module, module_name)) | |
| 180 return; | |
| 181 // Found a match. We add both forms to the policy. | |
| 182 policy->AddDllToUnload(alt_name.c_str()); | |
| 183 } | |
| 184 policy->AddDllToUnload(module_name); | |
| 185 VLOG(1) << "dll to unload found: " << module_name; | |
| 186 return; | |
| 187 } | |
| 188 | |
| 189 // Adds policy rules for unloaded the known dlls that cause chrome to crash. | |
| 190 // Eviction of injected DLLs is done by the sandbox so that the injected module | |
| 191 // does not get a chance to execute any code. | |
| 192 void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { | |
| 193 for (int ix = 0; ix != arraysize(kTroublesomeDlls); ++ix) | |
| 194 BlacklistAddOneDll(kTroublesomeDlls[ix], policy); | |
| 195 } | |
| 196 | |
| 197 // Adds the generic policy rules to a sandbox TargetPolicy. | |
| 198 bool AddGenericPolicy(sandbox::TargetPolicy* policy) { | |
| 199 sandbox::ResultCode result; | |
| 200 | |
| 201 // Add the policy for the pipes | |
| 202 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | |
| 203 sandbox::TargetPolicy::FILES_ALLOW_ANY, | |
| 204 L"\\??\\pipe\\chrome.*"); | |
| 205 if (result != sandbox::SBOX_ALL_OK) | |
| 206 return false; | |
| 207 | |
| 208 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 209 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
| 210 L"\\\\.\\pipe\\chrome.nacl.*"); | |
| 211 if (result != sandbox::SBOX_ALL_OK) | |
| 212 return false; | |
| 213 | |
| 214 // Add the policy for debug message only in debug | |
| 215 #ifndef NDEBUG | |
| 216 FilePath app_dir; | |
| 217 if (!PathService::Get(base::DIR_MODULE, &app_dir)) | |
| 218 return false; | |
| 219 | |
| 220 wchar_t long_path_buf[MAX_PATH]; | |
| 221 DWORD long_path_return_value = GetLongPathName(app_dir.value().c_str(), | |
| 222 long_path_buf, | |
| 223 MAX_PATH); | |
| 224 if (long_path_return_value == 0 || long_path_return_value >= MAX_PATH) | |
| 225 return false; | |
| 226 | |
| 227 string16 debug_message(long_path_buf); | |
| 228 file_util::AppendToPath(&debug_message, L"debug_message.exe"); | |
| 229 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, | |
| 230 sandbox::TargetPolicy::PROCESS_MIN_EXEC, | |
| 231 debug_message.c_str()); | |
| 232 if (result != sandbox::SBOX_ALL_OK) | |
| 233 return false; | |
| 234 #endif // NDEBUG | |
| 235 | |
| 236 return true; | |
| 237 } | |
| 238 | |
| 239 // For the GPU process we gotten as far as USER_LIMITED. The next level | |
| 240 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL | |
| 241 // backend. Note that the GPU process is connected to the interactive | |
| 242 // desktop. | |
| 243 // TODO(cpu): Lock down the sandbox more if possible. | |
| 244 // TODO(apatrick): Use D3D9Ex to render windowless. | |
| 245 bool AddPolicyForGPU(CommandLine*, sandbox::TargetPolicy* policy) { | |
| 246 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | |
| 247 | |
| 248 if (base::win::GetVersion() > base::win::VERSION_XP) { | |
| 249 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | |
| 250 sandbox::USER_LIMITED); | |
| 251 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
| 252 } else { | |
| 253 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, | |
| 254 sandbox::USER_LIMITED); | |
| 255 } | |
| 256 | |
| 257 AddDllEvictionPolicy(policy); | |
| 258 return true; | |
| 259 } | |
| 260 | |
| 261 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) { | |
| 262 policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0); | |
| 263 | |
| 264 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; | |
| 265 if (base::win::GetVersion() > base::win::VERSION_XP) { | |
| 266 // On 2003/Vista the initial token has to be restricted if the main | |
| 267 // token is restricted. | |
| 268 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; | |
| 269 } | |
| 270 | |
| 271 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); | |
| 272 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
| 273 | |
| 274 bool use_winsta = !CommandLine::ForCurrentProcess()->HasSwitch( | |
| 275 switches::kDisableAltWinstation); | |
| 276 | |
| 277 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(use_winsta)) { | |
| 278 DLOG(WARNING) << "Failed to apply desktop security to the renderer"; | |
| 279 } | |
| 280 | |
| 281 AddDllEvictionPolicy(policy); | |
| 282 } | |
| 283 | |
| 284 // The Pepper process as locked-down as a renderer execpt that it can | |
| 285 // create the server side of chrome pipes. | |
| 286 bool AddPolicyForPepperPlugin(sandbox::TargetPolicy* policy) { | |
| 287 sandbox::ResultCode result; | |
| 288 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 289 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
| 290 L"\\\\.\\pipe\\chrome.*"); | |
| 291 if (result != sandbox::SBOX_ALL_OK) { | |
| 292 NOTREACHED(); | |
| 293 return false; | |
| 294 } | |
| 295 AddPolicyForRenderer(policy); | |
| 296 return true; | |
| 297 } | |
| 298 | |
| 299 } // namespace | |
| 300 | |
| 301 namespace sandbox { | |
| 302 | |
| 303 void InitBrokerServices(sandbox::BrokerServices* broker_services) { | |
| 304 // TODO(abarth): DCHECK(CalledOnValidThread()); | |
| 305 // See <http://b/1287166>. | |
| 306 CHECK(broker_services); | |
| 307 CHECK(!g_broker_services); | |
| 308 broker_services->Init(); | |
| 309 g_broker_services = broker_services; | |
| 310 } | |
| 311 | |
| 312 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line, | |
| 313 const FilePath& exposed_dir) { | |
| 314 base::ProcessHandle process = 0; | |
| 315 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | |
| 316 ChildProcessInfo::ProcessType type; | |
| 317 std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType); | |
| 318 if (type_str == switches::kRendererProcess) { | |
| 319 type = ChildProcessInfo::RENDER_PROCESS; | |
| 320 } else if (type_str == switches::kExtensionProcess) { | |
| 321 // Extensions are just renderers with another name. | |
| 322 type = ChildProcessInfo::RENDER_PROCESS; | |
| 323 } else if (type_str == switches::kPluginProcess) { | |
| 324 type = ChildProcessInfo::PLUGIN_PROCESS; | |
| 325 } else if (type_str == switches::kWorkerProcess) { | |
| 326 type = ChildProcessInfo::WORKER_PROCESS; | |
| 327 } else if (type_str == switches::kNaClLoaderProcess) { | |
| 328 type = ChildProcessInfo::NACL_LOADER_PROCESS; | |
| 329 } else if (type_str == switches::kUtilityProcess) { | |
| 330 type = ChildProcessInfo::UTILITY_PROCESS; | |
| 331 } else if (type_str == switches::kNaClBrokerProcess) { | |
| 332 type = ChildProcessInfo::NACL_BROKER_PROCESS; | |
| 333 } else if (type_str == switches::kGpuProcess) { | |
| 334 type = ChildProcessInfo::GPU_PROCESS; | |
| 335 } else if (type_str == switches::kPpapiPluginProcess) { | |
| 336 type = ChildProcessInfo::PPAPI_PLUGIN_PROCESS; | |
| 337 } else { | |
| 338 NOTREACHED(); | |
| 339 return 0; | |
| 340 } | |
| 341 | |
| 342 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str); | |
| 343 | |
| 344 // To decide if the process is going to be sandboxed we have two cases. | |
| 345 // First case: all process types except the nacl broker, and the plugin | |
| 346 // process are sandboxed by default. | |
| 347 bool in_sandbox = | |
| 348 (type != ChildProcessInfo::NACL_BROKER_PROCESS) && | |
| 349 (type != ChildProcessInfo::PLUGIN_PROCESS); | |
| 350 | |
| 351 // If it is the GPU process then it can be disabled by a command line flag. | |
| 352 if ((type == ChildProcessInfo::GPU_PROCESS) && | |
| 353 (browser_command_line.HasSwitch(switches::kDisableGpuSandbox))) { | |
| 354 in_sandbox = false; | |
| 355 VLOG(1) << "GPU sandbox is disabled"; | |
| 356 } | |
| 357 | |
| 358 if (browser_command_line.HasSwitch(switches::kNoSandbox)) { | |
| 359 // The user has explicity opted-out from all sandboxing. | |
| 360 in_sandbox = false; | |
| 361 } | |
| 362 | |
| 363 #if !defined (GOOGLE_CHROME_BUILD) | |
| 364 if (browser_command_line.HasSwitch(switches::kInProcessPlugins)) { | |
| 365 // In process plugins won't work if the sandbox is enabled. | |
| 366 in_sandbox = false; | |
| 367 } | |
| 368 #endif | |
| 369 if (!browser_command_line.HasSwitch(switches::kDisable3DAPIs) && | |
| 370 !browser_command_line.HasSwitch(switches::kDisableExperimentalWebGL) && | |
| 371 browser_command_line.HasSwitch(switches::kInProcessWebGL)) { | |
| 372 // In process WebGL won't work if the sandbox is enabled. | |
| 373 in_sandbox = false; | |
| 374 } | |
| 375 | |
| 376 // Propagate the Chrome Frame flag to sandboxed processes if present. | |
| 377 if (browser_command_line.HasSwitch(switches::kChromeFrame)) { | |
| 378 if (!cmd_line->HasSwitch(switches::kChromeFrame)) { | |
| 379 cmd_line->AppendSwitch(switches::kChromeFrame); | |
| 380 } | |
| 381 } | |
| 382 | |
| 383 bool child_needs_help = | |
| 384 DebugFlags::ProcessDebugFlags(cmd_line, type, in_sandbox); | |
| 385 | |
| 386 // Prefetch hints on windows: | |
| 387 // Using a different prefetch profile per process type will allow Windows | |
| 388 // to create separate pretetch settings for browser, renderer etc. | |
| 389 cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", type)); | |
| 390 | |
| 391 sandbox::ResultCode result; | |
| 392 PROCESS_INFORMATION target = {0}; | |
| 393 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); | |
| 394 | |
| 395 if (type == ChildProcessInfo::PLUGIN_PROCESS && | |
| 396 !browser_command_line.HasSwitch(switches::kNoSandbox) && | |
| 397 content::GetContentClient()->browser()->SandboxPlugin(cmd_line, policy)) { | |
| 398 in_sandbox = true; | |
| 399 AddDllEvictionPolicy(policy); | |
| 400 } | |
| 401 | |
| 402 if (!in_sandbox) { | |
| 403 policy->Release(); | |
| 404 base::LaunchApp(*cmd_line, false, false, &process); | |
| 405 return process; | |
| 406 } | |
| 407 | |
| 408 if (type == ChildProcessInfo::GPU_PROCESS) { | |
| 409 if (!AddPolicyForGPU(cmd_line, policy)) | |
| 410 return 0; | |
| 411 } else if (type == ChildProcessInfo::PPAPI_PLUGIN_PROCESS) { | |
| 412 if (!AddPolicyForPepperPlugin(policy)) | |
| 413 return 0; | |
| 414 } else { | |
| 415 AddPolicyForRenderer(policy); | |
| 416 | |
| 417 if (type_str != switches::kRendererProcess) { | |
| 418 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | |
| 419 // this subprocess. See | |
| 420 // http://code.google.com/p/chromium/issues/detail?id=25580 | |
| 421 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | |
| 422 } | |
| 423 } | |
| 424 | |
| 425 if (!exposed_dir.empty()) { | |
| 426 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | |
| 427 sandbox::TargetPolicy::FILES_ALLOW_ANY, | |
| 428 exposed_dir.value().c_str()); | |
| 429 if (result != sandbox::SBOX_ALL_OK) | |
| 430 return 0; | |
| 431 | |
| 432 FilePath exposed_files = exposed_dir.AppendASCII("*"); | |
| 433 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | |
| 434 sandbox::TargetPolicy::FILES_ALLOW_ANY, | |
| 435 exposed_files.value().c_str()); | |
| 436 if (result != sandbox::SBOX_ALL_OK) | |
| 437 return 0; | |
| 438 } | |
| 439 | |
| 440 if (!AddGenericPolicy(policy)) { | |
| 441 NOTREACHED(); | |
| 442 return 0; | |
| 443 } | |
| 444 | |
| 445 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | |
| 446 | |
| 447 result = g_broker_services->SpawnTarget( | |
| 448 cmd_line->GetProgram().value().c_str(), | |
| 449 cmd_line->command_line_string().c_str(), | |
| 450 policy, &target); | |
| 451 policy->Release(); | |
| 452 | |
| 453 TRACE_EVENT_END_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | |
| 454 | |
| 455 if (sandbox::SBOX_ALL_OK != result) | |
| 456 return 0; | |
| 457 | |
| 458 ResumeThread(target.hThread); | |
| 459 CloseHandle(target.hThread); | |
| 460 process = target.hProcess; | |
| 461 | |
| 462 // Help the process a little. It can't start the debugger by itself if | |
| 463 // the process is in a sandbox. | |
| 464 if (child_needs_help) | |
| 465 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); | |
| 466 | |
| 467 return process; | |
| 468 } | |
| 469 | |
| 470 } // namespace sandbox | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7084010:
Move sandbox_policy to content. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/