OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
74 | 74 |
75 // The Pepper process is as locked-down as a renderer except that it can | 75 // The Pepper process is as locked-down as a renderer except that it can |
76 // create the server side of Chrome pipes. | 76 // create the server side of Chrome pipes. |
77 sandbox::ResultCode result; | 77 sandbox::ResultCode result; |
78 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 78 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
79 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 79 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
80 L"\\\\.\\pipe\\chrome.*"); | 80 L"\\\\.\\pipe\\chrome.*"); |
81 if (result != sandbox::SBOX_ALL_OK) | 81 if (result != sandbox::SBOX_ALL_OK) |
82 return false; | 82 return false; |
83 | 83 |
| 84 content::ContentBrowserClient* browser_client = |
| 85 GetContentClient()->browser(); |
| 86 |
84 #if !defined(NACL_WIN64) | 87 #if !defined(NACL_WIN64) |
85 for (const auto& mime_type : info_.mime_types) { | 88 if (IsWin32kRendererLockdownEnabled()) { |
86 if (IsWin32kLockdownEnabledForMimeType(mime_type.mime_type)) { | 89 for (const auto& mime_type : info_.mime_types) { |
87 if (!AddWin32kLockdownPolicy(policy)) | 90 if (browser_client->IsWin32kLockdownEnabledForMimeType( |
88 return false; | 91 mime_type.mime_type)) { |
89 break; | 92 if (!AddWin32kLockdownPolicy(policy)) |
| 93 return false; |
| 94 break; |
| 95 } |
90 } | 96 } |
91 } | 97 } |
92 #endif | 98 #endif |
93 const base::string16& sid = | 99 const base::string16& sid = |
94 GetContentClient()->browser()->GetAppContainerSidForSandboxType( | 100 browser_client->GetAppContainerSidForSandboxType(GetSandboxType()); |
95 GetSandboxType()); | |
96 if (!sid.empty()) | 101 if (!sid.empty()) |
97 AddAppContainerPolicy(policy, sid.c_str()); | 102 AddAppContainerPolicy(policy, sid.c_str()); |
98 | 103 |
99 return true; | 104 return true; |
100 } | 105 } |
101 | 106 |
102 #elif defined(OS_POSIX) | 107 #elif defined(OS_POSIX) |
103 bool ShouldUseZygote() override { | 108 bool ShouldUseZygote() override { |
104 const base::CommandLine& browser_command_line = | 109 const base::CommandLine& browser_command_line = |
105 *base::CommandLine::ForCurrentProcess(); | 110 *base::CommandLine::ForCurrentProcess(); |
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
513 // sent_requests_ queue should be the one that the plugin just created. | 518 // sent_requests_ queue should be the one that the plugin just created. |
514 Client* client = sent_requests_.front(); | 519 Client* client = sent_requests_.front(); |
515 sent_requests_.pop(); | 520 sent_requests_.pop(); |
516 | 521 |
517 const ChildProcessData& data = process_->GetData(); | 522 const ChildProcessData& data = process_->GetData(); |
518 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 523 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
519 data.id); | 524 data.id); |
520 } | 525 } |
521 | 526 |
522 } // namespace content | 527 } // namespace content |
OLD | NEW |