Index: content/browser/ppapi_plugin_process_host.cc |
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc |
index 74c6e0f75e20290992d96cb1a221c4c4cae59e94..648ecd73a4027291c9c5c07f40a126beeec718a5 100644 |
--- a/content/browser/ppapi_plugin_process_host.cc |
+++ b/content/browser/ppapi_plugin_process_host.cc |
@@ -36,6 +36,9 @@ |
#include "ui/base/ui_base_switches.h" |
#if defined(OS_WIN) |
+#include "base/strings/string_tokenizer.h" |
+#include "base/strings/string_util.h" |
+#include "components/variations/variations_associated_data.h" |
#include "content/browser/renderer_host/dwrite_font_proxy_message_filter_win.h" |
#include "content/common/sandbox_win.h" |
#include "sandbox/win/src/process_mitigations.h" |
@@ -45,6 +48,62 @@ |
namespace content { |
+#if defined(OS_WIN) |
+namespace { |
+ |
+// Returns whether Win32k PPAPI lockdown is enabled for a specific mime type. |
+bool IsWin32kLockdownEnabledForMimeType(const std::string& mime_type) { |
+ // Consider PPAPI lockdown a superset of renderer lockdown. |
+ if (!IsWin32kRendererLockdownEnabled()) |
+ return false; |
+ |
+ std::map<std::string, std::string> mime_params; |
+ |
Alexei Svitkine (slow)
2016/01/20 16:19:52
Nit: Remove empty line.
Will Harris
2016/01/25 19:50:28
Done.
|
+ if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", |
Will Harris
2016/01/25 19:08:10
Q: should this call be above line 57 to ensure tha
Alexei Svitkine (slow)
2016/01/25 19:32:48
So, if its here, those users won't show up on the
Will Harris
2016/01/25 19:35:39
sounds like leaving it here is easier, so users wh
|
+ &mime_params)) { |
+ bool enabled = false; |
+ for (auto param : mime_params) { |
Alexei Svitkine (slow)
2016/01/22 19:27:50
Nit: const auto&
Will Harris
2016/01/25 19:50:28
Done.
|
+ if (param.first == mime_type || param.first == "*") { |
Alexei Svitkine (slow)
2016/01/20 16:19:52
Hmm, I was thinking you just have a single "MimeTy
Will Harris
2016/01/20 16:44:08
This code allows us to enable for all plugins exce
forshaw
2016/01/20 16:57:48
Well I could see it being useful in this scenario
Will Harris
2016/01/25 19:50:28
Acknowledged.
|
+ // Disabled entries take precedence over Enabled entries. |
+ if (base::StartsWith(param.second, "Disabled", |
+ base::CompareCase::INSENSITIVE_ASCII)) { |
+ return false; |
+ } |
+ if (base::StartsWith(param.second, "Enabled", |
+ base::CompareCase::INSENSITIVE_ASCII)) { |
+ enabled = true; |
+ } |
+ } |
+ } |
+ if (enabled) |
+ return true; |
Alexei Svitkine (slow)
2016/01/22 19:27:50
So if something is not explicitly listed as enable
Will Harris
2016/01/25 18:20:28
The idea is that there is a global disable - which
Alexei Svitkine (slow)
2016/01/25 18:54:51
That's fine. In that case, I would suggest changin
Will Harris
2016/01/25 19:08:10
okay yes that makes good sense, will add comments
|
+ } |
+ |
+ const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess(); |
+ |
+ if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes)) |
+ return false; |
+ |
+ std::string mime_types = |
+ cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes); |
+ |
+ // Consider the value * to enable all mime types for lockdown. |
+ if (mime_types == "*") |
+ return true; |
+ |
+ base::StringTokenizer tokenizer(mime_types, ","); |
+ tokenizer.set_quote_chars("\""); |
+ while (tokenizer.GetNext()) { |
+ if (tokenizer.token() == mime_type) |
+ return true; |
+ } |
+ |
+ return false; |
+} |
+ |
+} // namespace |
+#endif // OS_WIN |
+ |
// NOTE: changes to this class need to be reviewed by the security team. |
class PpapiPluginSandboxedProcessLauncherDelegate |
: public content::SandboxedProcessLauncherDelegate { |