OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <set> | 8 #include <set> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 #include "net/cookies/canonical_cookie.h" | 158 #include "net/cookies/canonical_cookie.h" |
159 #include "net/cookies/cookie_options.h" | 159 #include "net/cookies/cookie_options.h" |
160 #include "net/ssl/ssl_cert_request_info.h" | 160 #include "net/ssl/ssl_cert_request_info.h" |
161 #include "ppapi/host/ppapi_host.h" | 161 #include "ppapi/host/ppapi_host.h" |
162 #include "storage/browser/fileapi/external_mount_points.h" | 162 #include "storage/browser/fileapi/external_mount_points.h" |
163 #include "ui/base/l10n/l10n_util.h" | 163 #include "ui/base/l10n/l10n_util.h" |
164 #include "ui/base/resource/resource_bundle.h" | 164 #include "ui/base/resource/resource_bundle.h" |
165 #include "ui/resources/grit/ui_resources.h" | 165 #include "ui/resources/grit/ui_resources.h" |
166 | 166 |
167 #if defined(OS_WIN) | 167 #if defined(OS_WIN) |
| 168 #include "base/strings/string_tokenizer.h" |
168 #include "base/win/windows_version.h" | 169 #include "base/win/windows_version.h" |
169 #include "chrome/browser/chrome_browser_main_win.h" | 170 #include "chrome/browser/chrome_browser_main_win.h" |
170 #include "sandbox/win/src/sandbox_policy.h" | 171 #include "sandbox/win/src/sandbox_policy.h" |
171 #elif defined(OS_MACOSX) | 172 #elif defined(OS_MACOSX) |
172 #include "chrome/browser/chrome_browser_main_mac.h" | 173 #include "chrome/browser/chrome_browser_main_mac.h" |
173 #elif defined(OS_CHROMEOS) | 174 #elif defined(OS_CHROMEOS) |
174 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" | 175 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" |
175 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" | 176 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" |
176 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" | 177 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" |
177 #include "chrome/browser/chromeos/file_manager/app_id.h" | 178 #include "chrome/browser/chromeos/file_manager/app_id.h" |
(...skipping 2455 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2633 if (result != sandbox::SBOX_ALL_OK) | 2634 if (result != sandbox::SBOX_ALL_OK) |
2634 return false; | 2635 return false; |
2635 | 2636 |
2636 // Renderers need to send named pipe handles and shared memory | 2637 // Renderers need to send named pipe handles and shared memory |
2637 // segment handles to NaCl loader processes. | 2638 // segment handles to NaCl loader processes. |
2638 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | 2639 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
2639 sandbox::TargetPolicy::HANDLES_DUP_ANY, | 2640 sandbox::TargetPolicy::HANDLES_DUP_ANY, |
2640 L"File"); | 2641 L"File"); |
2641 return result == sandbox::SBOX_ALL_OK; | 2642 return result == sandbox::SBOX_ALL_OK; |
2642 } | 2643 } |
2643 #endif | 2644 |
| 2645 bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType( |
| 2646 const std::string& mime_type) const { |
| 2647 // First, check if any variation parameters have enabled or disabled this |
| 2648 // mime type either specifically or globally. |
| 2649 std::map<std::string, std::string> mime_params; |
| 2650 if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", |
| 2651 &mime_params)) { |
| 2652 bool enabled = false; |
| 2653 for (const auto& param : mime_params) { |
| 2654 if (param.first == mime_type || param.first == "*") { |
| 2655 // Disabled entries take precedence over Enabled entries. |
| 2656 if (base::StartsWith(param.second, "Disabled", |
| 2657 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2658 return false; |
| 2659 } |
| 2660 if (base::StartsWith(param.second, "Enabled", |
| 2661 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2662 enabled = true; |
| 2663 } |
| 2664 } |
| 2665 } |
| 2666 return enabled; |
| 2667 } |
| 2668 |
| 2669 // Second, check the command line to see if this mime type is enabled |
| 2670 // either specifically or globally. |
| 2671 const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess(); |
| 2672 |
| 2673 if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes)) |
| 2674 return false; |
| 2675 |
| 2676 std::string mime_types = |
| 2677 cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes); |
| 2678 |
| 2679 // Consider the value * to enable all mime types for lockdown. |
| 2680 if (mime_types == "*") |
| 2681 return true; |
| 2682 |
| 2683 base::StringTokenizer tokenizer(mime_types, ","); |
| 2684 tokenizer.set_quote_chars("\""); |
| 2685 while (tokenizer.GetNext()) { |
| 2686 if (tokenizer.token() == mime_type) |
| 2687 return true; |
| 2688 } |
| 2689 |
| 2690 return false; |
| 2691 } |
| 2692 #endif // defined(OS_WIN) |
2644 | 2693 |
2645 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( | 2694 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( |
2646 content::ServiceRegistry* registry, | 2695 content::ServiceRegistry* registry, |
2647 content::RenderFrameHost* render_frame_host) { | 2696 content::RenderFrameHost* render_frame_host) { |
2648 #if defined(OS_CHROMEOS) | 2697 #if defined(OS_CHROMEOS) |
2649 registry->AddService( | 2698 registry->AddService( |
2650 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, | 2699 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, |
2651 render_frame_host)); | 2700 render_frame_host)); |
2652 #endif | 2701 #endif |
2653 } | 2702 } |
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2828 if (channel <= kMaxDisableEncryptionChannel) { | 2877 if (channel <= kMaxDisableEncryptionChannel) { |
2829 static const char* const kWebRtcDevSwitchNames[] = { | 2878 static const char* const kWebRtcDevSwitchNames[] = { |
2830 switches::kDisableWebRtcEncryption, | 2879 switches::kDisableWebRtcEncryption, |
2831 }; | 2880 }; |
2832 to_command_line->CopySwitchesFrom(from_command_line, | 2881 to_command_line->CopySwitchesFrom(from_command_line, |
2833 kWebRtcDevSwitchNames, | 2882 kWebRtcDevSwitchNames, |
2834 arraysize(kWebRtcDevSwitchNames)); | 2883 arraysize(kWebRtcDevSwitchNames)); |
2835 } | 2884 } |
2836 } | 2885 } |
2837 #endif // defined(ENABLE_WEBRTC) | 2886 #endif // defined(ENABLE_WEBRTC) |
OLD | NEW |