| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_policy.h" | 5 #include "content/common/sandbox_policy.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/debug/debugger.h" | 10 #include "base/debug/debugger.h" |
| 11 #include "base/debug/trace_event.h" | 11 #include "base/debug/trace_event.h" |
| 12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/path_service.h" | 14 #include "base/path_service.h" |
| 15 #include "base/process_util.h" | 15 #include "base/process_util.h" |
| 16 #include "base/stringprintf.h" | 16 #include "base/stringprintf.h" |
| 17 #include "base/string_util.h" | 17 #include "base/string_util.h" |
| 18 #include "base/win/windows_version.h" | 18 #include "base/win/windows_version.h" |
| 19 #include "content/common/content_client.h" | 19 #include "content/common/content_client.h" |
| 20 #include "content/common/content_switches.h" | 20 #include "content/common/content_switches.h" |
| 21 #include "content/common/child_process_info.h" | 21 #include "content/common/child_process_info.h" |
| 22 #include "content/common/debug_flags.h" | 22 #include "content/common/debug_flags.h" |
| 23 #include "sandbox/src/sandbox.h" | 23 #include "sandbox/src/sandbox.h" |
| 24 #include "ui/gfx/gl/gl_switches.h" |
| 24 | 25 |
| 25 static sandbox::BrokerServices* g_broker_services = NULL; | 26 static sandbox::BrokerServices* g_broker_services = NULL; |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 // The DLLs listed here are known (or under strong suspicion) of causing crashes | 30 // The DLLs listed here are known (or under strong suspicion) of causing crashes |
| 30 // when they are loaded in the renderer. Note: at runtime we generate short | 31 // when they are loaded in the renderer. Note: at runtime we generate short |
| 31 // versions of the dll name only if the dll has an extension. | 32 // versions of the dll name only if the dll has an extension. |
| 32 const wchar_t* const kTroublesomeDlls[] = { | 33 const wchar_t* const kTroublesomeDlls[] = { |
| 33 L"adialhk.dll", // Kaspersky Internet Security. | 34 L"adialhk.dll", // Kaspersky Internet Security. |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 272 | 273 |
| 273 return true; | 274 return true; |
| 274 } | 275 } |
| 275 | 276 |
| 276 // For the GPU process we gotten as far as USER_LIMITED. The next level | 277 // For the GPU process we gotten as far as USER_LIMITED. The next level |
| 277 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL | 278 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL |
| 278 // backend. Note that the GPU process is connected to the interactive | 279 // backend. Note that the GPU process is connected to the interactive |
| 279 // desktop. | 280 // desktop. |
| 280 // TODO(cpu): Lock down the sandbox more if possible. | 281 // TODO(cpu): Lock down the sandbox more if possible. |
| 281 // TODO(apatrick): Use D3D9Ex to render windowless. | 282 // TODO(apatrick): Use D3D9Ex to render windowless. |
| 282 bool AddPolicyForGPU(CommandLine*, sandbox::TargetPolicy* policy) { | 283 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) { |
| 283 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | 284 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 284 | 285 |
| 285 if (base::win::GetVersion() > base::win::VERSION_XP) { | 286 if (base::win::GetVersion() > base::win::VERSION_XP) { |
| 286 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | 287 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 287 sandbox::USER_LIMITED); | 288 sandbox::USER_LIMITED); |
| 288 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | 289 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == |
| 290 gfx::kGLImplementationDesktopName) |
| 291 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 292 else |
| 293 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 289 } else { | 294 } else { |
| 290 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, | 295 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, |
| 291 sandbox::USER_LIMITED); | 296 sandbox::USER_LIMITED); |
| 292 } | 297 } |
| 293 | 298 |
| 294 AddDllEvictionPolicy(policy); | 299 AddDllEvictionPolicy(policy); |
| 295 return true; | 300 return true; |
| 296 } | 301 } |
| 297 | 302 |
| 298 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) { | 303 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) { |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 502 | 507 |
| 503 // Help the process a little. It can't start the debugger by itself if | 508 // Help the process a little. It can't start the debugger by itself if |
| 504 // the process is in a sandbox. | 509 // the process is in a sandbox. |
| 505 if (child_needs_help) | 510 if (child_needs_help) |
| 506 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); | 511 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); |
| 507 | 512 |
| 508 return process; | 513 return process; |
| 509 } | 514 } |
| 510 | 515 |
| 511 } // namespace sandbox | 516 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7517012:
Turn on UIPI for the GPU sandbox. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/