| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 158 #include "net/cookies/canonical_cookie.h" | 158 #include "net/cookies/canonical_cookie.h" |
| 159 #include "net/cookies/cookie_options.h" | 159 #include "net/cookies/cookie_options.h" |
| 160 #include "net/ssl/ssl_cert_request_info.h" | 160 #include "net/ssl/ssl_cert_request_info.h" |
| 161 #include "ppapi/host/ppapi_host.h" | 161 #include "ppapi/host/ppapi_host.h" |
| 162 #include "storage/browser/fileapi/external_mount_points.h" | 162 #include "storage/browser/fileapi/external_mount_points.h" |
| 163 #include "ui/base/l10n/l10n_util.h" | 163 #include "ui/base/l10n/l10n_util.h" |
| 164 #include "ui/base/resource/resource_bundle.h" | 164 #include "ui/base/resource/resource_bundle.h" |
| 165 #include "ui/resources/grit/ui_resources.h" | 165 #include "ui/resources/grit/ui_resources.h" |
| 166 | 166 |
| 167 #if defined(OS_WIN) | 167 #if defined(OS_WIN) |
| 168 #include "base/strings/string_tokenizer.h" |
| 168 #include "base/win/windows_version.h" | 169 #include "base/win/windows_version.h" |
| 169 #include "chrome/browser/chrome_browser_main_win.h" | 170 #include "chrome/browser/chrome_browser_main_win.h" |
| 170 #include "sandbox/win/src/sandbox_policy.h" | 171 #include "sandbox/win/src/sandbox_policy.h" |
| 171 #elif defined(OS_MACOSX) | 172 #elif defined(OS_MACOSX) |
| 172 #include "chrome/browser/chrome_browser_main_mac.h" | 173 #include "chrome/browser/chrome_browser_main_mac.h" |
| 173 #elif defined(OS_CHROMEOS) | 174 #elif defined(OS_CHROMEOS) |
| 174 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" | 175 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" |
| 175 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" | 176 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" |
| 176 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" | 177 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" |
| 177 #include "chrome/browser/chromeos/file_manager/app_id.h" | 178 #include "chrome/browser/chromeos/file_manager/app_id.h" |
| (...skipping 2449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2627 if (result != sandbox::SBOX_ALL_OK) | 2628 if (result != sandbox::SBOX_ALL_OK) |
| 2628 return false; | 2629 return false; |
| 2629 | 2630 |
| 2630 // Renderers need to send named pipe handles and shared memory | 2631 // Renderers need to send named pipe handles and shared memory |
| 2631 // segment handles to NaCl loader processes. | 2632 // segment handles to NaCl loader processes. |
| 2632 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | 2633 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
| 2633 sandbox::TargetPolicy::HANDLES_DUP_ANY, | 2634 sandbox::TargetPolicy::HANDLES_DUP_ANY, |
| 2634 L"File"); | 2635 L"File"); |
| 2635 return result == sandbox::SBOX_ALL_OK; | 2636 return result == sandbox::SBOX_ALL_OK; |
| 2636 } | 2637 } |
| 2637 #endif | 2638 |
| 2639 bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType( |
| 2640 const std::string& mime_type) const { |
| 2641 // First, check if any variation parameters have enabled or disabled this |
| 2642 // mime type either specifically or globally. |
| 2643 std::map<std::string, std::string> mime_params; |
| 2644 if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", |
| 2645 &mime_params)) { |
| 2646 bool enabled = false; |
| 2647 for (const auto& param : mime_params) { |
| 2648 if (param.first == mime_type || param.first == "*") { |
| 2649 // Disabled entries take precedence over Enabled entries. |
| 2650 if (base::StartsWith(param.second, "Disabled", |
| 2651 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2652 return false; |
| 2653 } |
| 2654 if (base::StartsWith(param.second, "Enabled", |
| 2655 base::CompareCase::INSENSITIVE_ASCII)) { |
| 2656 enabled = true; |
| 2657 } |
| 2658 } |
| 2659 } |
| 2660 return enabled; |
| 2661 } |
| 2662 |
| 2663 // Second, check the command line to see if this mime type is enabled |
| 2664 // either specifically or globally. |
| 2665 const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess(); |
| 2666 |
| 2667 if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes)) |
| 2668 return false; |
| 2669 |
| 2670 std::string mime_types = |
| 2671 cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes); |
| 2672 |
| 2673 // Consider the value * to enable all mime types for lockdown. |
| 2674 if (mime_types == "*") |
| 2675 return true; |
| 2676 |
| 2677 base::StringTokenizer tokenizer(mime_types, ","); |
| 2678 tokenizer.set_quote_chars("\""); |
| 2679 while (tokenizer.GetNext()) { |
| 2680 if (tokenizer.token() == mime_type) |
| 2681 return true; |
| 2682 } |
| 2683 |
| 2684 return false; |
| 2685 } |
| 2686 #endif // defined(OS_WIN) |
| 2638 | 2687 |
| 2639 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( | 2688 void ChromeContentBrowserClient::RegisterFrameMojoShellServices( |
| 2640 content::ServiceRegistry* registry, | 2689 content::ServiceRegistry* registry, |
| 2641 content::RenderFrameHost* render_frame_host) { | 2690 content::RenderFrameHost* render_frame_host) { |
| 2642 #if defined(OS_CHROMEOS) | 2691 #if defined(OS_CHROMEOS) |
| 2643 registry->AddService( | 2692 registry->AddService( |
| 2644 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, | 2693 base::Bind(&chromeos::attestation::PlatformVerificationImpl::Create, |
| 2645 render_frame_host)); | 2694 render_frame_host)); |
| 2646 #endif | 2695 #endif |
| 2647 } | 2696 } |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2822 if (channel <= kMaxDisableEncryptionChannel) { | 2871 if (channel <= kMaxDisableEncryptionChannel) { |
| 2823 static const char* const kWebRtcDevSwitchNames[] = { | 2872 static const char* const kWebRtcDevSwitchNames[] = { |
| 2824 switches::kDisableWebRtcEncryption, | 2873 switches::kDisableWebRtcEncryption, |
| 2825 }; | 2874 }; |
| 2826 to_command_line->CopySwitchesFrom(from_command_line, | 2875 to_command_line->CopySwitchesFrom(from_command_line, |
| 2827 kWebRtcDevSwitchNames, | 2876 kWebRtcDevSwitchNames, |
| 2828 arraysize(kWebRtcDevSwitchNames)); | 2877 arraysize(kWebRtcDevSwitchNames)); |
| 2829 } | 2878 } |
| 2830 } | 2879 } |
| 2831 #endif // defined(ENABLE_WEBRTC) | 2880 #endif // defined(ENABLE_WEBRTC) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1645143003:
Merge M49: Change Win32k PPAPI lockdown to use finch params for mime type. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2623