Chromium Code Reviews Chromium Code Reviews
Issue 1185333003:
Implement GetSandboxType() on all platforms and implement for all process types. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/common/sandbox_win.cc |
| diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc |
| index 8f76710bc8d36685efbf1e691941fae03b55dfc7..c140bef3dbe3ba4ea80a1ff1918ebb628a2b2616 100644 |
| --- a/content/common/sandbox_win.cc |
| +++ b/content/common/sandbox_win.cc |
| @@ -28,6 +28,7 @@ |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/dwrite_font_platform_win.h" |
| #include "content/public/common/sandbox_init.h" |
| +#include "content/public/common/sandbox_type.h" |
| #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #include "sandbox/win/src/process_mitigations.h" |
| #include "sandbox/win/src/sandbox.h" |
| @@ -575,6 +576,18 @@ void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { |
| policy->AddKernelObjectToClose(L"Section", object_path.data()); |
| } |
| +void MaybeAddAppContainerPolicy(sandbox::TargetPolicy* policy, |
|
nasko
2015/06/19 12:18:19
nit: I'm not a fan of the "Maybe" prefix. While it
jschuh
2015/06/19 14:05:08
Agreed on the "maybe" and I had typed a comment to
Will Harris
2015/06/24 11:37:09
Done.
Will Harris
2015/06/24 11:37:09
Done.
|
| + const wchar_t* sid) { |
| + if (base::win::GetVersion() == base::win::VERSION_WIN8 || |
| + base::win::GetVersion() == base::win::VERSION_WIN8_1) { |
| + const base::CommandLine& command_line = |
| + *base::CommandLine::ForCurrentProcess(); |
| + if (!command_line.HasSwitch(switches::kDisableAppContainer)) { |
| + policy->SetLowBox(sid); |
| + } |
| + } |
| +} |
| + |
| bool InitBrokerServices(sandbox::BrokerServices* broker_services) { |
| // TODO(abarth): DCHECK(CalledOnValidThread()); |
| // See <http://b/1287166>. |
