Remove mention of the nacl process in content.

content/browser/ppapi_plugin_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ppapi_plugin_process_host.h"
 
 #include <string>
 
 #include "base/base_switches.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/process_util.h"
 #include "base/utf_string_conversions.h"
 #include "content/browser/browser_child_process_host_impl.h"
 #include "content/browser/plugin_service_impl.h"
 #include "content/browser/renderer_host/render_message_filter.h"
 #include "content/common/child_process_host_impl.h"
 #include "content/common/child_process_messages.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/pepper_plugin_info.h"
 #include "content/public/common/process_type.h"
 #include "ipc/ipc_switches.h"
 #include "net/base/network_change_notifier.h"
 #include "ppapi/proxy/ppapi_messages.h"
 #include "ui/base/ui_base_switches.h"
 #include "webkit/plugins/plugin_switches.h"
 
+#if defined(OS_WIN)
+#include "content/common/sandbox_win.h"
+#include "content/public/common/sandboxed_process_launcher_delegate.h"
+#include "sandbox/win/src/sandbox_policy.h"
+#endif
+
 namespace content {
 
+#if defined(OS_WIN)
+// NOTE: changes to this class need to be reviewed by the security team.
+class PpapiPluginSandboxedProcessLauncherDelegate
+    : public content::SandboxedProcessLauncherDelegate {
+ public:
+  PpapiPluginSandboxedProcessLauncherDelegate() {}
+  virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {}
+
+  virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
+                              bool* success) {
+    // The Pepper process as locked-down as a renderer execpt that it can
+    // create the server side of chrome pipes.
+    sandbox::ResultCode result;
+    result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
+                             sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
+                             L"\\\\.\\pipe\\chrome.*");
+    *success = (result == sandbox::SBOX_ALL_OK);
+  }
+};
+#endif  // OS_WIN
+
 class PpapiPluginProcessHost::PluginNetworkObserver
     : public net::NetworkChangeNotifier::IPAddressObserver,
       public net::NetworkChangeNotifier::ConnectionTypeObserver {
  public:
   explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host)
       : process_host_(process_host) {
     net::NetworkChangeNotifier::AddIPAddressObserver(this);
     net::NetworkChangeNotifier::AddConnectionTypeObserver(this);
   }
 
@@ skipping 236 matching lines @@
   // the plugin is sandboxed, and we are not using a plugin launcher - having a
   // plugin launcher means we need to use another process instead of just
   // forking the zygote.
 #if defined(OS_POSIX)
   bool use_zygote = !is_broker_ && plugin_launcher.empty() && info.is_sandboxed;
   if (!info.is_sandboxed)
     cmd_line->AppendSwitchASCII(switches::kNoSandbox, "");
 #endif  // OS_POSIX
   process_->Launch(
 #if defined(OS_WIN)
-      base::FilePath(),
+      is_broker_ ? NULL : new PpapiPluginSandboxedProcessLauncherDelegate,
 #elif defined(OS_POSIX)
       use_zygote,
       base::EnvironmentVector(),
 #endif
       cmd_line);
   return true;
 }
 
 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) {
   base::ProcessHandle process_handle;
@@ skipping 85 matching lines @@
   // sent_requests_ queue should be the one that the plugin just created.
   Client* client = sent_requests_.front();
   sent_requests_.pop();
 
   const ChildProcessData& data = process_->GetData();
   client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle),
                                data.id);
 }
 
 }  // namespace content