| Index: content/common/sandbox_policy.cc
|
| ===================================================================
|
| --- content/common/sandbox_policy.cc (revision 188735)
|
| +++ content/common/sandbox_policy.cc (working copy)
|
| @@ -31,10 +31,12 @@
|
| #include "sandbox/win/src/win_utils.h"
|
| #include "ui/gl/gl_switches.h"
|
|
|
| -static sandbox::BrokerServices* g_broker_services = NULL;
|
| -static sandbox::TargetServices* g_target_services = NULL;
|
| -
|
| +namespace content {
|
| namespace {
|
| +sandbox::BrokerServices* g_broker_services = NULL;
|
| +sandbox::TargetServices* g_target_services = NULL;
|
| +base::LazyInstance<SandboxedProcessStartingCallback>
|
| + g_sandboxed_process_starting_callback = LAZY_INSTANCE_INITIALIZER;
|
|
|
| // The DLLs listed here are known (or under strong suspicion) of causing crashes
|
| // when they are loaded in the renderer. Note: at runtime we generate short
|
| @@ -323,14 +325,7 @@
|
| L"\\??\\pipe\\chrome.*");
|
| if (result != sandbox::SBOX_ALL_OK)
|
| return false;
|
| - // Allow the server side of a pipe restricted to the "chrome.nacl."
|
| - // namespace so that it cannot impersonate other system or other chrome
|
| - // service pipes.
|
| - result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
|
| - sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
| - L"\\\\.\\pipe\\chrome.nacl.*");
|
| - if (result != sandbox::SBOX_ALL_OK)
|
| - return false;
|
| +
|
| // Allow the server side of sync sockets, which are pipes that have
|
| // the "chrome.sync" namespace and a randomly generated suffix.
|
| result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
|
| @@ -477,14 +472,6 @@
|
| if (result != sandbox::SBOX_ALL_OK)
|
| return false;
|
|
|
| - // Renderers need to send named pipe handles and shared memory
|
| - // segment handles to NaCl loader processes.
|
| - result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
|
| - sandbox::TargetPolicy::HANDLES_DUP_ANY,
|
| - L"File");
|
| - if (result != sandbox::SBOX_ALL_OK)
|
| - return false;
|
| -
|
| sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
|
| if (base::win::GetVersion() > base::win::VERSION_XP) {
|
| // On 2003/Vista the initial token has to be restricted if the main
|
| @@ -618,8 +605,6 @@
|
|
|
| } // namespace
|
|
|
| -namespace content {
|
| -
|
| bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
|
| // TODO(abarth): DCHECK(CalledOnValidThread());
|
| // See <http://b/1287166>.
|
| @@ -628,7 +613,7 @@
|
| sandbox::ResultCode result = broker_services->Init();
|
| g_broker_services = broker_services;
|
|
|
| -// In non-official builds warn about dangerous uses of DuplicateHandle.
|
| + // In non-official builds warn about dangerous uses of DuplicateHandle.
|
| BOOL is_in_job = FALSE;
|
| #ifdef NACL_WIN64
|
| CHECK(::IsProcessInJob(::GetCurrentProcess(), NULL, &is_in_job));
|
| @@ -820,6 +805,11 @@
|
| return 0;
|
| }
|
|
|
| + if (!g_sandboxed_process_starting_callback.Pointer()->is_null()) {
|
| + g_sandboxed_process_starting_callback.Pointer()->Run(
|
| + cmd_line, policy);
|
| + }
|
| +
|
| if (browser_command_line.HasSwitch(switches::kEnableLogging)) {
|
| // If stdout/stderr point to a Windows console, these calls will
|
| // have no effect.
|
| @@ -872,6 +862,11 @@
|
| return target.TakeProcessHandle();
|
| }
|
|
|
| +void SetSandboxedProcessStartingCallback(
|
| + const SandboxedProcessStartingCallback& callback) {
|
| + g_sandboxed_process_starting_callback.Get() = callback;
|
| +}
|
| +
|
| bool BrokerDuplicateHandle(HANDLE source_handle,
|
| DWORD target_process_id,
|
| HANDLE* target_handle,
|
|
|
Chromium Code Reviews
Issue 12805004:
Remove mention of the nacl process in content. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/