| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/chrome_content_client.h" | 5 #include "chrome/common/chrome_content_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/process_util.h" | 10 #include "base/process_util.h" |
| (...skipping 417 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 428 DVLOG(ERROR) << "Failed adding sandbox rule for Talk plugin"; | 428 DVLOG(ERROR) << "Failed adding sandbox rule for Talk plugin"; |
| 429 } | 429 } |
| 430 } | 430 } |
| 431 talk_key.Close(); | 431 talk_key.Close(); |
| 432 } | 432 } |
| 433 | 433 |
| 434 // Spawn the flash broker and apply sandbox policy. | 434 // Spawn the flash broker and apply sandbox policy. |
| 435 if (LoadFlashBroker(plugin_path, command_line)) { | 435 if (LoadFlashBroker(plugin_path, command_line)) { |
| 436 // UI job restrictions break windowless Flash, so just pick up single | 436 // UI job restrictions break windowless Flash, so just pick up single |
| 437 // process limit for now. | 437 // process limit for now. |
| 438 policy->SetJobLevel(sandbox::JOB_LIMITED_USER, | 438 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 439 JOB_OBJECT_UILIMIT_DISPLAYSETTINGS | | |
| 440 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | | |
| 441 JOB_OBJECT_UILIMIT_DESKTOP | | |
| 442 JOB_OBJECT_UILIMIT_EXITWINDOWS); | |
| 443 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | 439 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 444 sandbox::USER_LIMITED); | 440 sandbox::USER_INTERACTIVE); |
| 445 // Allow the Flash plugin to forward some messages back to Chrome. | 441 // Allow the Flash plugin to forward some messages back to Chrome. |
| 446 if (base::win::GetVersion() == base::win::VERSION_VISTA) { | 442 if (base::win::GetVersion() == base::win::VERSION_VISTA) { |
| 447 // Per-window message filters required on Win7 or later must be added to: | 443 // Per-window message filters required on Win7 or later must be added to: |
| 448 // render_widget_host_view_win.cc RenderWidgetHostViewWin::ReparentWindow | 444 // render_widget_host_view_win.cc RenderWidgetHostViewWin::ReparentWindow |
| 449 ::ChangeWindowMessageFilter(WM_MOUSEWHEEL, MSGFLT_ADD); | 445 ::ChangeWindowMessageFilter(WM_MOUSEWHEEL, MSGFLT_ADD); |
| 450 ::ChangeWindowMessageFilter(WM_APPCOMMAND, MSGFLT_ADD); | 446 ::ChangeWindowMessageFilter(WM_APPCOMMAND, MSGFLT_ADD); |
| 451 } | 447 } |
| 452 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | 448 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 453 } else { | 449 } else { |
| 454 // Could not start the broker, use a very weak policy instead. | 450 // Could not start the broker, use a very weak policy instead. |
| (...skipping 14 matching lines...) Expand all Loading... |
| 469 DCHECK(sandbox_profile_resource_id); | 465 DCHECK(sandbox_profile_resource_id); |
| 470 if (sandbox_type == CHROME_SANDBOX_TYPE_NACL_LOADER) { | 466 if (sandbox_type == CHROME_SANDBOX_TYPE_NACL_LOADER) { |
| 471 *sandbox_profile_resource_id = IDR_NACL_SANDBOX_PROFILE; | 467 *sandbox_profile_resource_id = IDR_NACL_SANDBOX_PROFILE; |
| 472 return true; | 468 return true; |
| 473 } | 469 } |
| 474 return false; | 470 return false; |
| 475 } | 471 } |
| 476 #endif | 472 #endif |
| 477 | 473 |
| 478 } // namespace chrome | 474 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9692001:
Revert USER_LIMITED Flash changes (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/