Add command line option to enable PPAPI win32k lockdown.

content/common/sandbox_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_win.h"
 
 #include <string>
 
 #include "base/base_switches.h"
 #include "base/command_line.h"
@@ skipping 551 matching lines @@
   if (base::win::GetVersion() == base::win::VERSION_WIN8 ||
       base::win::GetVersion() == base::win::VERSION_WIN8_1) {
     const base::CommandLine& command_line =
         *base::CommandLine::ForCurrentProcess();
     if (command_line.HasSwitch(switches::kEnableAppContainer)) {
       policy->SetLowBox(sid);
     }
   }
 }
 
+bool AddWin32kLockdownPolicy(sandbox::TargetPolicy* policy) {
+#if !defined(NACL_WIN64)
+  if (!IsWin32kRendererLockdownEnabled())
+    return true;
+
+  // Enable win32k lockdown if not already.
+  sandbox::MitigationFlags flags = policy->GetProcessMitigations();
+  if ((flags & sandbox::MITIGATION_WIN32K_DISABLE) ==
+      sandbox::MITIGATION_WIN32K_DISABLE)
+    return true;
+
+  sandbox::ResultCode result =
+      policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
+                      sandbox::TargetPolicy::FAKE_USER_GDI_INIT, nullptr);
+  if (result != sandbox::SBOX_ALL_OK)
+    return false;
+
+  flags |= sandbox::MITIGATION_WIN32K_DISABLE;
+  result = policy->SetProcessMitigations(flags);
+  if (result != sandbox::SBOX_ALL_OK)
+    return false;
+#endif
+  return true;
+}
+
 bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
   // TODO(abarth): DCHECK(CalledOnValidThread());
   //               See <http://b/1287166>.
   DCHECK(broker_services);
   DCHECK(!g_broker_services);
   sandbox::ResultCode result = broker_services->Init();
   g_broker_services = broker_services;
 
   // In non-official builds warn about dangerous uses of DuplicateHandle.
 #ifndef OFFICIAL_BUILD
@@ skipping 67 matching lines @@
   }
 
   sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
 
   sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE |
                                          sandbox::MITIGATION_BOTTOM_UP_ASLR |
                                          sandbox::MITIGATION_DEP |
                                          sandbox::MITIGATION_DEP_NO_ATL_THUNK |
                                          sandbox::MITIGATION_SEHOP;
 
+  if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
+    return base::Process();
+
 #if !defined(NACL_WIN64)
   if (type_str == switches::kRendererProcess &&
       IsWin32kRendererLockdownEnabled()) {
-    if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
-                        sandbox::TargetPolicy::FAKE_USER_GDI_INIT,
-                        NULL) != sandbox::SBOX_ALL_OK) {
+    if (!AddWin32kLockdownPolicy(policy))
       return base::Process();
-    }
-    mitigations |= sandbox::MITIGATION_WIN32K_DISABLE;
   }
 #endif
 
-  if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
-    return base::Process();
-
   mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
                 sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return base::Process();
 
   SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy);
 
   bool disable_default_policy = false;
   base::FilePath exposed_dir;
@@ skipping 143 matching lines @@
   }
 
   return false;
 }
 
 bool BrokerAddTargetPeer(HANDLE peer_process) {
   return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
 }
 
 }  // namespace content