OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/public/common/sandbox_init.h" | 5 #include "content/public/common/sandbox_init.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "content/common/sandbox_win.h" | 9 #include "content/common/sandbox_win.h" |
10 #include "content/public/common/content_switches.h" | 10 #include "content/public/common/content_switches.h" |
11 #include "sandbox/win/src/sandbox.h" | 11 #include "sandbox/win/src/sandbox.h" |
12 #include "sandbox/win/src/sandbox_types.h" | 12 #include "sandbox/win/src/sandbox_types.h" |
13 | 13 |
14 namespace content { | 14 namespace content { |
15 | 15 |
16 bool InitializeSandbox(sandbox::SandboxInterfaceInfo* sandbox_info) { | 16 bool InitializeSandbox(sandbox::SandboxInterfaceInfo* sandbox_info) { |
17 const base::CommandLine& command_line = | 17 const base::CommandLine& command_line = |
18 *base::CommandLine::ForCurrentProcess(); | 18 *base::CommandLine::ForCurrentProcess(); |
19 sandbox::BrokerServices* broker_services = sandbox_info->broker_services; | 19 sandbox::BrokerServices* broker_services = sandbox_info->broker_services; |
20 if (broker_services) { | 20 if (broker_services) { |
21 if (!InitBrokerServices(broker_services)) | 21 if (!InitBrokerServices(broker_services)) |
22 return false; | 22 return false; |
23 | 23 |
24 // IMPORTANT: This piece of code needs to run as early as possible in the | 24 // IMPORTANT: This piece of code needs to run as early as possible in the |
25 // process because it will initialize the sandbox broker, which requires the | 25 // process because it will initialize the sandbox broker, which requires the |
26 // process to swap its window station. During this time all the UI will be | 26 // process to swap its window station. During this time all the UI will be |
27 // broken. This has to run before threads and windows are created. | 27 // broken. This has to run before threads and windows are created. |
28 if (!command_line.HasSwitch(switches::kNoSandbox)) { | 28 if (!command_line.HasSwitch(switches::kNoSandbox)) { |
29 // Precreate the desktop and window station used by the renderers. | 29 // Precreate the desktop and window station used by the renderers. |
30 sandbox::TargetPolicy* policy = broker_services->CreatePolicy(); | 30 scoped_refptr<sandbox::TargetPolicy> policy = |
| 31 broker_services->CreatePolicy(); |
31 sandbox::ResultCode result = policy->CreateAlternateDesktop(true); | 32 sandbox::ResultCode result = policy->CreateAlternateDesktop(true); |
32 CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result); | 33 CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result); |
33 policy->Release(); | |
34 } | 34 } |
35 return true; | 35 return true; |
36 } | 36 } |
37 | 37 |
38 if (command_line.HasSwitch(switches::kNoSandbox)) | 38 if (command_line.HasSwitch(switches::kNoSandbox)) |
39 return true; | 39 return true; |
40 | 40 |
41 sandbox::TargetServices* target_services = sandbox_info->target_services; | 41 sandbox::TargetServices* target_services = sandbox_info->target_services; |
42 return InitTargetServices(target_services); | 42 return InitTargetServices(target_services); |
43 } | 43 } |
44 | 44 |
45 bool BrokerDuplicateSharedMemoryHandle( | 45 bool BrokerDuplicateSharedMemoryHandle( |
46 const base::SharedMemoryHandle& source_handle, | 46 const base::SharedMemoryHandle& source_handle, |
47 base::ProcessId target_process_id, | 47 base::ProcessId target_process_id, |
48 base::SharedMemoryHandle* target_handle) { | 48 base::SharedMemoryHandle* target_handle) { |
49 HANDLE duped_handle; | 49 HANDLE duped_handle; |
50 if (!BrokerDuplicateHandle(source_handle.GetHandle(), target_process_id, | 50 if (!BrokerDuplicateHandle(source_handle.GetHandle(), target_process_id, |
51 &duped_handle, | 51 &duped_handle, |
52 FILE_GENERIC_READ | FILE_GENERIC_WRITE, 0)) { | 52 FILE_GENERIC_READ | FILE_GENERIC_WRITE, 0)) { |
53 return false; | 53 return false; |
54 } | 54 } |
55 | 55 |
56 *target_handle = base::SharedMemoryHandle(duped_handle, target_process_id); | 56 *target_handle = base::SharedMemoryHandle(duped_handle, target_process_id); |
57 return true; | 57 return true; |
58 } | 58 } |
59 | 59 |
60 } // namespace content | 60 } // namespace content |
OLD | NEW |