Change Win32k PPAPI lockdown to use finch params for mime type.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 4ef4c6f439a3c43abf6ac0db48de5597071e44c3..474143df826433e329c63a9655376e74ae1cf151 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -165,8 +165,11 @@
 #include "ui/resources/grit/ui_resources.h"
 
 #if defined(OS_WIN)
+#include "base/strings/string_tokenizer.h"
+#include "base/strings/string_util.h"

[jam, 2016/01/26 15:18:51]

this is already above, so remove

[Will Harris, 2016/01/26 22:57:54]

Done.

 #include "base/win/windows_version.h"
 #include "chrome/browser/chrome_browser_main_win.h"
+#include "components/variations/variations_associated_data.h"

[jam, 2016/01/26 15:18:51]

ditto

[Will Harris, 2016/01/26 22:57:54]

Done.

 #include "sandbox/win/src/sandbox_policy.h"
 #elif defined(OS_MACOSX)
 #include "chrome/browser/chrome_browser_main_mac.h"
@@ -2636,7 +2639,55 @@ bool ChromeContentBrowserClient::PreSpawnRenderer(
                            L"File");
   return result == sandbox::SBOX_ALL_OK;
 }
-#endif
+
+bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType(
+    const std::string& mime_type) const {
+  // First, check if any variation parameters have enabled or disabled this
+  // mime type either specifically or globally.
+  std::map<std::string, std::string> mime_params;
+  if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes",
+                                     &mime_params)) {
+    bool enabled = false;
+    for (const auto& param : mime_params) {
+      if (param.first == mime_type || param.first == "*") {
+        // Disabled entries take precedence over Enabled entries.
+        if (base::StartsWith(param.second, "Disabled",
+                             base::CompareCase::INSENSITIVE_ASCII)) {
+          return false;
+        }
+        if (base::StartsWith(param.second, "Enabled",
+                             base::CompareCase::INSENSITIVE_ASCII)) {
+          enabled = true;
+        }
+      }
+    }
+    return enabled;
+  }
+
+  // Second, check the command line to see if this mime type is enabled
+  // either specifically or globally.
+  const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
+
+  if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes))
+    return false;
+
+  std::string mime_types =
+      cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes);
+
+  // Consider the value * to enable all mime types for lockdown.
+  if (mime_types == "*")
+    return true;
+
+  base::StringTokenizer tokenizer(mime_types, ",");
+  tokenizer.set_quote_chars("\"");
+  while (tokenizer.GetNext()) {
+    if (tokenizer.token() == mime_type)
+      return true;
+  }
+
+  return false;
+}
+#endif  // defined(OS_WIN)
 
 void ChromeContentBrowserClient::RegisterFrameMojoShellServices(
     content::ServiceRegistry* registry,