| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 158 #include "net/cookies/canonical_cookie.h" | 158 #include "net/cookies/canonical_cookie.h" |
| 159 #include "net/cookies/cookie_options.h" | 159 #include "net/cookies/cookie_options.h" |
| 160 #include "net/ssl/ssl_cert_request_info.h" | 160 #include "net/ssl/ssl_cert_request_info.h" |
| 161 #include "ppapi/host/ppapi_host.h" | 161 #include "ppapi/host/ppapi_host.h" |
| 162 #include "storage/browser/fileapi/external_mount_points.h" | 162 #include "storage/browser/fileapi/external_mount_points.h" |
| 163 #include "ui/base/l10n/l10n_util.h" | 163 #include "ui/base/l10n/l10n_util.h" |
| 164 #include "ui/base/resource/resource_bundle.h" | 164 #include "ui/base/resource/resource_bundle.h" |
| 165 #include "ui/resources/grit/ui_resources.h" | 165 #include "ui/resources/grit/ui_resources.h" |
| 166 | 166 |
| 167 #if defined(OS_WIN) | 167 #if defined(OS_WIN) |
| 168 #include "base/strings/string_tokenizer.h" |
| 168 #include "base/win/windows_version.h" | 169 #include "base/win/windows_version.h" |
| 169 #include "chrome/browser/chrome_browser_main_win.h" | 170 #include "chrome/browser/chrome_browser_main_win.h" |
| 170 #include "sandbox/win/src/sandbox_policy.h" | 171 #include "sandbox/win/src/sandbox_policy.h" |
| 171 #elif defined(OS_MACOSX) | 172 #elif defined(OS_MACOSX) |
| 172 #include "chrome/browser/chrome_browser_main_mac.h" | 173 #include "chrome/browser/chrome_browser_main_mac.h" |
| 173 #elif defined(OS_CHROMEOS) | 174 #elif defined(OS_CHROMEOS) |
| 174 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" | 175 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" |
| 175 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" | 176 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" |
| 176 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" | 177 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" |
| 177 #include "chrome/browser/chromeos/file_manager/app_id.h" | 178 #include "chrome/browser/chromeos/file_manager/app_id.h" |
| (...skipping 2455 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2633 if (result != sandbox::SBOX_ALL_OK) | 2634 if (result != sandbox::SBOX_ALL_OK) |
| 2634 return false; | 2635 return false; |
| 2635 | 2636 |
| 2636 // Renderers need to send named pipe handles and shared memory | 2637 // Renderers need to send named pipe handles and shared memory |
| 2637 // segment handles to NaCl loader processes. | 2638 // segment handles to NaCl loader processes. |
| 2638 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | 2639 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
| 2639 sandbox::TargetPolicy::HANDLES_DUP_ANY, | 2640 sandbox::TargetPolicy::HANDLES_DUP_ANY, |
| 2640 L"File"); | 2641 L"File"); |
| 2641 return result == sandbox::SBOX_ALL_OK; | 2642 return result == sandbox::SBOX_ALL_OK; |
| 2642 } | 2643 } |
| 2643 #endif | 2644 |
| 2645 bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType( |
| 2646 const std::string& mime_type) const { |
| 2647 // First, check if any variation parameters have enabled or disabled this |
| 2648 // mime type either specifically or globally. |
| 2649 std::map<std::string, std::string> mime_params; |
| 2650 if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", |
| 2651 &mime_params)) { |
| 2652 bool enabled = false; |
| 2653 for (const auto& param : mime_params) { |
| 2654 if (param.first == mime_type || param.first == "*") { |
| 2655 // Disabled entries take precedence over Enabled entries. |
| 2656 if (base::StartsWith(param.second, "Disabled", |
| 2657 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2658 return false; |
| 2659 } |
| 2660 if (base::StartsWith(param.second, "Enabled", |
| 2661 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2662 enabled = true; |
| 2663 } |
| 2664 } |
| 2665 } |
| 2666 return enabled; |
| 2667 } |
| 2668 |
| 2669 // Second, check the command line to see if this mime type is enabled |
| 2670 // either specifically or globally. |
| 2671 const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess(); |
| 2672 |
| 2673 if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes)) |
| 2674 return false; |
| 2675 |
| 2676 std::string mime_types = |
| 2677 cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes); |
| 2678 |
| 2679 // Consider the value * to enable all mime types for lockdown. |
| 2680 if (mime_types == "*") |
| 2681 return true; |
| 2682 |
| 2683 base::StringTokenizer tokenizer(mime_types, ","); |
| 2684 tokenizer.set_quote_chars("\""); |
| 2685 while (tokenizer.GetNext()) { |
| 2686 if (tokenizer.token() == mime_type) |
| 2687 return true; |
| 2688 } |
| 2689 |
| 2690 return false; |
| 2691 } |
| 2692 #endif // defined(OS_WIN) |
| 2644 | 2693 |
| 2645 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( | 2694 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( |
| 2646 content::ServiceRegistry* registry, | 2695 content::ServiceRegistry* registry, |
| 2647 content::RenderFrameHost* render_frame_host) { | 2696 content::RenderFrameHost* render_frame_host) { |
| 2648 #if defined(OS_CHROMEOS) | 2697 #if defined(OS_CHROMEOS) |
| 2649 registry->AddService( | 2698 registry->AddService( |
| 2650 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, | 2699 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, |
| 2651 render_frame_host)); | 2700 render_frame_host)); |
| 2652 #endif | 2701 #endif |
| 2653 } | 2702 } |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2828 if (channel <= kMaxDisableEncryptionChannel) { | 2877 if (channel <= kMaxDisableEncryptionChannel) { |
| 2829 static const char* const kWebRtcDevSwitchNames[] = { | 2878 static const char* const kWebRtcDevSwitchNames[] = { |
| 2830 switches::kDisableWebRtcEncryption, | 2879 switches::kDisableWebRtcEncryption, |
| 2831 }; | 2880 }; |
| 2832 to_command_line->CopySwitchesFrom(from_command_line, | 2881 to_command_line->CopySwitchesFrom(from_command_line, |
| 2833 kWebRtcDevSwitchNames, | 2882 kWebRtcDevSwitchNames, |
| 2834 arraysize(kWebRtcDevSwitchNames)); | 2883 arraysize(kWebRtcDevSwitchNames)); |
| 2835 } | 2884 } |
| 2836 } | 2885 } |
| 2837 #endif // defined(ENABLE_WEBRTC) | 2886 #endif // defined(ENABLE_WEBRTC) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1609133002:
Change Win32k PPAPI lockdown to use finch params for mime type. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master