Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chrome_content_browser_client.cc

Issue 1609133002: Change Win32k PPAPI lockdown to use finch params for mime type. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: code review changes Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | content/browser/ppapi_plugin_process_host.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 769938ceb7ad980bf1def0aa05ef054574d692c9..ae9b67f54373e511c0cd7701be013f098a592b36 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -165,6 +165,7 @@
#include "ui/resources/grit/ui_resources.h"
#if defined(OS_WIN)
+#include "base/strings/string_tokenizer.h"
#include "base/win/windows_version.h"
#include "chrome/browser/chrome_browser_main_win.h"
#include "sandbox/win/src/sandbox_policy.h"
@@ -2640,7 +2641,55 @@ bool ChromeContentBrowserClient::PreSpawnRenderer(
L"File");
return result == sandbox::SBOX_ALL_OK;
}
-#endif
+
+bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType(
+ const std::string& mime_type) const {
+ // First, check if any variation parameters have enabled or disabled this
+ // mime type either specifically or globally.
+ std::map<std::string, std::string> mime_params;
+ if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes",
+ &mime_params)) {
+ bool enabled = false;
+ for (const auto& param : mime_params) {
+ if (param.first == mime_type || param.first == "*") {
+ // Disabled entries take precedence over Enabled entries.
+ if (base::StartsWith(param.second, "Disabled",
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ return false;
+ }
+ if (base::StartsWith(param.second, "Enabled",
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ enabled = true;
+ }
+ }
+ }
+ return enabled;
+ }
+
+ // Second, check the command line to see if this mime type is enabled
+ // either specifically or globally.
+ const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
+
+ if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes))
+ return false;
+
+ std::string mime_types =
+ cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes);
+
+ // Consider the value * to enable all mime types for lockdown.
+ if (mime_types == "*")
+ return true;
+
+ base::StringTokenizer tokenizer(mime_types, ",");
+ tokenizer.set_quote_chars("\"");
+ while (tokenizer.GetNext()) {
+ if (tokenizer.token() == mime_type)
+ return true;
+ }
+
+ return false;
+}
+#endif // defined(OS_WIN)
void ChromeContentBrowserClient::RegisterFrameMojoShellServices(
content::ServiceRegistry* registry,
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | content/browser/ppapi_plugin_process_host.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698