Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(446)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/ppapi_plugin_process_host.cc

Issue 1645143003: Merge M49: Change Win32k PPAPI lockdown to use finch params for mime type. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2623
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | content/common/content_switches_internal.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/ppapi_plugin_process_host.h" 5 #include "content/browser/ppapi_plugin_process_host.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <string> 9 #include <string>
10 #include <utility> 10 #include <utility>
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
74 74
75 // The Pepper process is as locked-down as a renderer except that it can 75 // The Pepper process is as locked-down as a renderer except that it can
76 // create the server side of Chrome pipes. 76 // create the server side of Chrome pipes.
77 sandbox::ResultCode result; 77 sandbox::ResultCode result;
78 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, 78 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
79 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, 79 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
80 L"\\\\.\\pipe\\chrome.*"); 80 L"\\\\.\\pipe\\chrome.*");
81 if (result != sandbox::SBOX_ALL_OK) 81 if (result != sandbox::SBOX_ALL_OK)
82 return false; 82 return false;
83 83
84 content::ContentBrowserClient* browser_client =
85 GetContentClient()->browser();
86
84 #if !defined(NACL_WIN64) 87 #if !defined(NACL_WIN64)
85 for (const auto& mime_type : info_.mime_types) { 88 if (IsWin32kRendererLockdownEnabled()) {
86 if (IsWin32kLockdownEnabledForMimeType(mime_type.mime_type)) { 89 for (const auto& mime_type : info_.mime_types) {
87 if (!AddWin32kLockdownPolicy(policy)) 90 if (browser_client->IsWin32kLockdownEnabledForMimeType(
88 return false; 91 mime_type.mime_type)) {
89 break; 92 if (!AddWin32kLockdownPolicy(policy))
93 return false;
94 break;
95 }
90 } 96 }
91 } 97 }
92 #endif 98 #endif
93 const base::string16& sid = 99 const base::string16& sid =
94 GetContentClient()->browser()->GetAppContainerSidForSandboxType( 100 browser_client->GetAppContainerSidForSandboxType(GetSandboxType());
95 GetSandboxType());
96 if (!sid.empty()) 101 if (!sid.empty())
97 AddAppContainerPolicy(policy, sid.c_str()); 102 AddAppContainerPolicy(policy, sid.c_str());
98 103
99 return true; 104 return true;
100 } 105 }
101 106
102 #elif defined(OS_POSIX) 107 #elif defined(OS_POSIX)
103 bool ShouldUseZygote() override { 108 bool ShouldUseZygote() override {
104 const base::CommandLine& browser_command_line = 109 const base::CommandLine& browser_command_line =
105 *base::CommandLine::ForCurrentProcess(); 110 *base::CommandLine::ForCurrentProcess();
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after
513 // sent_requests_ queue should be the one that the plugin just created. 518 // sent_requests_ queue should be the one that the plugin just created.
514 Client* client = sent_requests_.front(); 519 Client* client = sent_requests_.front();
515 sent_requests_.pop(); 520 sent_requests_.pop();
516 521
517 const ChildProcessData& data = process_->GetData(); 522 const ChildProcessData& data = process_->GetData();
518 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), 523 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle),
519 data.id); 524 data.id);
520 } 525 }
521 526
522 } // namespace content 527 } // namespace content
OLDNEW
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | content/common/content_switches_internal.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698