content/common/sandbox_policy.cc - Issue 7768004: Add GPU job object restriction

Side by Side Diff: content/common/sandbox_policy.cc

Issue 7768004: Add GPU job object restriction (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 9 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/sandbox_policy.h"	5 #include "content/common/sandbox_policy.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/command_line.h"	9 #include "base/command_line.h"

10 #include "base/debug/debugger.h"	10 #include "base/debug/debugger.h"

(...skipping 269 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
280 return true;	280 return true;

281 }	281 }

282	282

283 // For the GPU process we gotten as far as USER_LIMITED. The next level	283 // For the GPU process we gotten as far as USER_LIMITED. The next level

284 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL	284 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL

285 // backend. Note that the GPU process is connected to the interactive	285 // backend. Note that the GPU process is connected to the interactive

286 // desktop.	286 // desktop.

287 // TODO(cpu): Lock down the sandbox more if possible.	287 // TODO(cpu): Lock down the sandbox more if possible.

288 // TODO(apatrick): Use D3D9Ex to render windowless.	288 // TODO(apatrick): Use D3D9Ex to render windowless.

289 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) {	289 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) {

290 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);

291

292 if (base::win::GetVersion() > base::win::VERSION_XP) {	290 if (base::win::GetVersion() > base::win::VERSION_XP) {

293 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,	291 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,

294 sandbox::USER_LIMITED);	292 sandbox::USER_LIMITED);

295 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) ==	293 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) ==

296 gfx::kGLImplementationDesktopName)	294 gfx::kGLImplementationDesktopName) {

	295 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);

	296 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);

	297 } else {

	298 // UI restrictions break when we access Windows from outside our job.

	299 // However, we don't want a proxy window in this process because it can

	300 // introduce deadlocks. So, the only job restriction we pick up here is
	brettw 2011/08/27 23:06:47 It might be nice to mention here quickly how such It might be nice to mention here quickly how such deadlocks can occur, and also how these settings avoid a proxy window. jschuh 2011/08/29 16:13:58 Done. Show quoted text On 2011/08/27 23:06:47, brettw wrote: > It might be nice to mention here quickly how such deadlocks can occur, and also > how these settings avoid a proxy window. Done.
	301 // to prevent child processes.

	302 policy->SetJobLevel(sandbox::JOB_LIMITED_USER,

	303 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS \|

	304 JOB_OBJECT_UILIMIT_DESKTOP \|

	305 JOB_OBJECT_UILIMIT_EXITWINDOWS \|

	306 JOB_OBJECT_UILIMIT_DISPLAYSETTINGS);

297 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);	307 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);

298 else	308 }

299 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);

300 } else {	309 } else {

301 policy->SetTokenLevel(sandbox::USER_UNPROTECTED,	310 policy->SetTokenLevel(sandbox::USER_UNPROTECTED,

302 sandbox::USER_LIMITED);	311 sandbox::USER_LIMITED);

303 }	312 }

304	313

305 AddGenericDllEvictionPolicy(policy);	314 AddGenericDllEvictionPolicy(policy);

306 return true;	315 return true;

307 }	316 }

308	317

309 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {	318 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {

(...skipping 227 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
537	546

538 // Help the process a little. It can't start the debugger by itself if	547 // Help the process a little. It can't start the debugger by itself if

539 // the process is in a sandbox.	548 // the process is in a sandbox.

540 if (child_needs_help)	549 if (child_needs_help)

541 base::debug::SpawnDebuggerOnProcess(target.dwProcessId);	550 base::debug::SpawnDebuggerOnProcess(target.dwProcessId);

542	551

543 return process;	552 return process;

544 }	553 }

545	554

546 } // namespace sandbox	555 } // namespace sandbox

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »