OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 690 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
701 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); | 701 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); |
702 | 702 |
703 bool disable_default_policy = false; | 703 bool disable_default_policy = false; |
704 base::FilePath exposed_dir; | 704 base::FilePath exposed_dir; |
705 if (delegate) | 705 if (delegate) |
706 delegate->PreSandbox(&disable_default_policy, &exposed_dir); | 706 delegate->PreSandbox(&disable_default_policy, &exposed_dir); |
707 | 707 |
708 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) | 708 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) |
709 return base::Process(); | 709 return base::Process(); |
710 | 710 |
711 if (type_str == switches::kRendererProcess) { | |
712 #if !defined(NACL_WIN64) | 711 #if !defined(NACL_WIN64) |
| 712 if (type_str == switches::kRendererProcess || |
| 713 type_str == switches::kPpapiPluginProcess) { |
713 if (gfx::win::ShouldUseDirectWrite()) { | 714 if (gfx::win::ShouldUseDirectWrite()) { |
714 AddDirectory(base::DIR_WINDOWS_FONTS, | 715 AddDirectory(base::DIR_WINDOWS_FONTS, |
715 NULL, | 716 NULL, |
716 true, | 717 true, |
717 sandbox::TargetPolicy::FILES_ALLOW_READONLY, | 718 sandbox::TargetPolicy::FILES_ALLOW_READONLY, |
718 policy); | 719 policy); |
719 | 720 |
720 // If DirectWrite is enabled for font rendering then open the font cache | 721 // If DirectWrite is enabled for font rendering then open the font cache |
721 // section which is created by the browser and pass the handle to the | 722 // section which is created by the browser and pass the handle to the |
722 // renderer process. This is needed because renderer processes on | 723 // renderer process. This is needed because renderer processes on |
723 // Windows 8+ may be running in an AppContainer sandbox and hence their | 724 // Windows 8+ may be running in an AppContainer sandbox and hence their |
724 // kernel object namespace may be partitioned. | 725 // kernel object namespace may be partitioned. |
725 std::string name(content::kFontCacheSharedSectionName); | 726 std::string name(content::kFontCacheSharedSectionName); |
726 name.append(base::UintToString(base::GetCurrentProcId())); | 727 name.append(base::UintToString(base::GetCurrentProcId())); |
727 | 728 |
728 base::SharedMemory direct_write_font_cache_section; | 729 base::SharedMemory direct_write_font_cache_section; |
729 if (direct_write_font_cache_section.Open(name, true)) { | 730 if (direct_write_font_cache_section.Open(name, true)) { |
730 void* shared_handle = | 731 void* shared_handle = |
731 policy->AddHandleToShare(direct_write_font_cache_section.handle()); | 732 policy->AddHandleToShare(direct_write_font_cache_section.handle()); |
732 cmd_line->AppendSwitchASCII(switches::kFontCacheSharedHandle, | 733 cmd_line->AppendSwitchASCII(switches::kFontCacheSharedHandle, |
733 base::UintToString(reinterpret_cast<unsigned int>(shared_handle))); | 734 base::UintToString(reinterpret_cast<unsigned int>(shared_handle))); |
734 } | 735 } |
735 } | 736 } |
| 737 } |
736 #endif | 738 #endif |
737 } else { | 739 |
| 740 if (type_str != switches::kRendererProcess) { |
738 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | 741 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into |
739 // this subprocess. See | 742 // this subprocess. See |
740 // http://code.google.com/p/chromium/issues/detail?id=25580 | 743 // http://code.google.com/p/chromium/issues/detail?id=25580 |
741 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | 744 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); |
742 } | 745 } |
743 | 746 |
744 sandbox::ResultCode result; | 747 sandbox::ResultCode result; |
745 if (!exposed_dir.empty()) { | 748 if (!exposed_dir.empty()) { |
746 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 749 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
747 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 750 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
848 } | 851 } |
849 | 852 |
850 return false; | 853 return false; |
851 } | 854 } |
852 | 855 |
853 bool BrokerAddTargetPeer(HANDLE peer_process) { | 856 bool BrokerAddTargetPeer(HANDLE peer_process) { |
854 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 857 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
855 } | 858 } |
856 | 859 |
857 } // namespace content | 860 } // namespace content |
OLD | NEW |