| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
| 13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 14 #include "content/browser/browser_child_process_host_impl.h" | 14 #include "content/browser/browser_child_process_host_impl.h" |
| 15 #include "content/browser/plugin_service_impl.h" | 15 #include "content/browser/plugin_service_impl.h" |
| 16 #include "content/browser/renderer_host/render_message_filter.h" | 16 #include "content/browser/renderer_host/render_message_filter.h" |
| 17 #include "content/common/child_process_host_impl.h" | 17 #include "content/common/child_process_host_impl.h" |
| 18 #include "content/common/child_process_messages.h" | 18 #include "content/common/child_process_messages.h" |
| 19 #include "content/common/content_switches_internal.h" |
| 19 #include "content/public/browser/content_browser_client.h" | 20 #include "content/public/browser/content_browser_client.h" |
| 20 #include "content/public/common/content_constants.h" | 21 #include "content/public/common/content_constants.h" |
| 21 #include "content/public/common/content_switches.h" | 22 #include "content/public/common/content_switches.h" |
| 22 #include "content/public/common/pepper_plugin_info.h" | 23 #include "content/public/common/pepper_plugin_info.h" |
| 23 #include "content/public/common/process_type.h" | 24 #include "content/public/common/process_type.h" |
| 24 #include "content/public/common/sandbox_type.h" | 25 #include "content/public/common/sandbox_type.h" |
| 25 #include "content/public/common/sandboxed_process_launcher_delegate.h" | 26 #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| 26 #include "ipc/ipc_switches.h" | 27 #include "ipc/ipc_switches.h" |
| 27 #include "net/base/network_change_notifier.h" | 28 #include "net/base/network_change_notifier.h" |
| 28 #include "ppapi/proxy/ppapi_messages.h" | 29 #include "ppapi/proxy/ppapi_messages.h" |
| 29 #include "ui/base/ui_base_switches.h" | 30 #include "ui/base/ui_base_switches.h" |
| 30 | 31 |
| 31 #if defined(OS_WIN) | 32 #if defined(OS_WIN) |
| 32 #include "content/common/sandbox_win.h" | 33 #include "content/common/sandbox_win.h" |
| 34 #include "sandbox/win/src/process_mitigations.h" |
| 33 #include "sandbox/win/src/sandbox_policy.h" | 35 #include "sandbox/win/src/sandbox_policy.h" |
| 34 #endif | 36 #endif |
| 35 | 37 |
| 36 namespace content { | 38 namespace content { |
| 37 | 39 |
| 38 // NOTE: changes to this class need to be reviewed by the security team. | 40 // NOTE: changes to this class need to be reviewed by the security team. |
| 39 class PpapiPluginSandboxedProcessLauncherDelegate | 41 class PpapiPluginSandboxedProcessLauncherDelegate |
| 40 : public content::SandboxedProcessLauncherDelegate { | 42 : public content::SandboxedProcessLauncherDelegate { |
| 41 public: | 43 public: |
| 42 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, | 44 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, |
| 43 const PepperPluginInfo& info, | 45 const PepperPluginInfo& info, |
| 44 ChildProcessHost* host) | 46 ChildProcessHost* host) |
| 45 : | 47 : info_(info), |
| 46 #if defined(OS_POSIX) | 48 #if defined(OS_POSIX) |
| 47 info_(info), | |
| 48 ipc_fd_(host->TakeClientFileDescriptor()), | 49 ipc_fd_(host->TakeClientFileDescriptor()), |
| 49 #endif // OS_POSIX | 50 #endif // OS_POSIX |
| 50 is_broker_(is_broker) {} | 51 is_broker_(is_broker) {} |
| 51 | 52 |
| 52 ~PpapiPluginSandboxedProcessLauncherDelegate() override {} | 53 ~PpapiPluginSandboxedProcessLauncherDelegate() override {} |
| 53 | 54 |
| 54 #if defined(OS_WIN) | 55 #if defined(OS_WIN) |
| 55 bool ShouldSandbox() override { | 56 bool ShouldSandbox() override { |
| 56 return !is_broker_; | 57 return !is_broker_; |
| 57 } | 58 } |
| 58 | 59 |
| 59 void PreSpawnTarget(sandbox::TargetPolicy* policy, bool* success) override { | 60 void PreSpawnTarget(sandbox::TargetPolicy* policy, bool* success) override { |
| 60 if (is_broker_) | 61 if (is_broker_) |
| 61 return; | 62 return; |
| 62 // The Pepper process as locked-down as a renderer execpt that it can | 63 *success = false; |
| 63 // create the server side of chrome pipes. | 64 // The Pepper process is as locked-down as a renderer except that it can |
| 65 // create the server side of Chrome pipes. |
| 64 sandbox::ResultCode result; | 66 sandbox::ResultCode result; |
| 65 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 67 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 66 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 68 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 67 L"\\\\.\\pipe\\chrome.*"); | 69 L"\\\\.\\pipe\\chrome.*"); |
| 68 *success = (result == sandbox::SBOX_ALL_OK); | 70 if (result != sandbox::SBOX_ALL_OK) |
| 69 | 71 return; |
| 72 #if !defined(NACL_WIN64) |
| 73 for (const auto& mime_type : info_.mime_types) { |
| 74 if (IsWin32kLockdownEnabledForMimeType(mime_type.mime_type)) { |
| 75 if (!AddWin32kLockdownPolicy(policy)) |
| 76 return; |
| 77 break; |
| 78 } |
| 79 } |
| 80 #endif |
| 70 const base::string16& sid = | 81 const base::string16& sid = |
| 71 GetContentClient()->browser()->GetAppContainerSidForSandboxType( | 82 GetContentClient()->browser()->GetAppContainerSidForSandboxType( |
| 72 GetSandboxType()); | 83 GetSandboxType()); |
| 73 if (!sid.empty()) | 84 if (!sid.empty()) |
| 74 AddAppContainerPolicy(policy, sid.c_str()); | 85 AddAppContainerPolicy(policy, sid.c_str()); |
| 86 |
| 87 *success = true; |
| 75 } | 88 } |
| 76 | 89 |
| 77 #elif defined(OS_POSIX) | 90 #elif defined(OS_POSIX) |
| 78 bool ShouldUseZygote() override { | 91 bool ShouldUseZygote() override { |
| 79 const base::CommandLine& browser_command_line = | 92 const base::CommandLine& browser_command_line = |
| 80 *base::CommandLine::ForCurrentProcess(); | 93 *base::CommandLine::ForCurrentProcess(); |
| 81 base::CommandLine::StringType plugin_launcher = browser_command_line | 94 base::CommandLine::StringType plugin_launcher = browser_command_line |
| 82 .GetSwitchValueNative(switches::kPpapiPluginLauncher); | 95 .GetSwitchValueNative(switches::kPpapiPluginLauncher); |
| 83 return !is_broker_ && plugin_launcher.empty(); | 96 return !is_broker_ && plugin_launcher.empty(); |
| 84 } | 97 } |
| 85 base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); } | 98 base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); } |
| 86 #endif // OS_WIN | 99 #endif // OS_WIN |
| 87 | 100 |
| 88 SandboxType GetSandboxType() override { | 101 SandboxType GetSandboxType() override { |
| 89 return SANDBOX_TYPE_PPAPI; | 102 return SANDBOX_TYPE_PPAPI; |
| 90 } | 103 } |
| 91 | 104 |
| 92 private: | 105 private: |
| 106 const PepperPluginInfo& info_; |
| 93 #if defined(OS_POSIX) | 107 #if defined(OS_POSIX) |
| 94 const PepperPluginInfo& info_; | |
| 95 base::ScopedFD ipc_fd_; | 108 base::ScopedFD ipc_fd_; |
| 96 #endif // OS_POSIX | 109 #endif // OS_POSIX |
| 97 bool is_broker_; | 110 bool is_broker_; |
| 98 | 111 |
| 99 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); | 112 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); |
| 100 }; | 113 }; |
| 101 | 114 |
| 102 class PpapiPluginProcessHost::PluginNetworkObserver | 115 class PpapiPluginProcessHost::PluginNetworkObserver |
| 103 : public net::NetworkChangeNotifier::IPAddressObserver, | 116 : public net::NetworkChangeNotifier::IPAddressObserver, |
| 104 public net::NetworkChangeNotifier::ConnectionTypeObserver { | 117 public net::NetworkChangeNotifier::ConnectionTypeObserver { |
| (...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 490 // sent_requests_ queue should be the one that the plugin just created. | 503 // sent_requests_ queue should be the one that the plugin just created. |
| 491 Client* client = sent_requests_.front(); | 504 Client* client = sent_requests_.front(); |
| 492 sent_requests_.pop(); | 505 sent_requests_.pop(); |
| 493 | 506 |
| 494 const ChildProcessData& data = process_->GetData(); | 507 const ChildProcessData& data = process_->GetData(); |
| 495 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 508 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
| 496 data.id); | 509 data.id); |
| 497 } | 510 } |
| 498 | 511 |
| 499 } // namespace content | 512 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1306243012:
Add command line option to enable PPAPI win32k lockdown. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@move_render_font_code