OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <set> | 8 #include <set> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
171 #include "ui/base/resource/resource_bundle.h" | 171 #include "ui/base/resource/resource_bundle.h" |
172 #include "ui/resources/grit/ui_resources.h" | 172 #include "ui/resources/grit/ui_resources.h" |
173 #include "url/gurl.h" | 173 #include "url/gurl.h" |
174 #include "url/origin.h" | 174 #include "url/origin.h" |
175 | 175 |
176 #if defined(OS_WIN) | 176 #if defined(OS_WIN) |
177 #include "base/strings/string_tokenizer.h" | 177 #include "base/strings/string_tokenizer.h" |
178 #include "base/win/windows_version.h" | 178 #include "base/win/windows_version.h" |
179 #include "chrome/browser/chrome_browser_main_win.h" | 179 #include "chrome/browser/chrome_browser_main_win.h" |
180 #include "components/startup_metric_utils/common/pre_read_field_trial_utils_win.
h" | 180 #include "components/startup_metric_utils/common/pre_read_field_trial_utils_win.
h" |
181 #include "sandbox/win/src/sandbox_policy.h" | |
182 #elif defined(OS_MACOSX) | 181 #elif defined(OS_MACOSX) |
183 #include "chrome/browser/chrome_browser_main_mac.h" | 182 #include "chrome/browser/chrome_browser_main_mac.h" |
184 #elif defined(OS_CHROMEOS) | 183 #elif defined(OS_CHROMEOS) |
185 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" | 184 #include "chrome/browser/chromeos/attestation/platform_verification_impl.h" |
186 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" | 185 #include "chrome/browser/chromeos/chrome_browser_main_chromeos.h" |
187 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" | 186 #include "chrome/browser/chromeos/drive/fileapi/file_system_backend_delegate.h" |
188 #include "chrome/browser/chromeos/file_manager/app_id.h" | 187 #include "chrome/browser/chromeos/file_manager/app_id.h" |
189 #include "chrome/browser/chromeos/file_system_provider/fileapi/backend_delegate.
h" | 188 #include "chrome/browser/chromeos/file_system_provider/fileapi/backend_delegate.
h" |
190 #include "chrome/browser/chromeos/fileapi/file_system_backend.h" | 189 #include "chrome/browser/chromeos/fileapi/file_system_backend.h" |
191 #include "chrome/browser/chromeos/fileapi/mtp_file_system_backend_delegate.h" | 190 #include "chrome/browser/chromeos/fileapi/mtp_file_system_backend_delegate.h" |
(...skipping 2500 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2692 case PROCESS_TYPE_NACL_BROKER: | 2691 case PROCESS_TYPE_NACL_BROKER: |
2693 return base::string16(); | 2692 return base::string16(); |
2694 #endif | 2693 #endif |
2695 } | 2694 } |
2696 | 2695 |
2697 // Should never reach here. | 2696 // Should never reach here. |
2698 CHECK(0); | 2697 CHECK(0); |
2699 return base::string16(); | 2698 return base::string16(); |
2700 } | 2699 } |
2701 | 2700 |
2702 bool ChromeContentBrowserClient::PreSpawnRenderer( | |
2703 sandbox::TargetPolicy* policy) { | |
2704 // This code is duplicated in nacl_exe_win_64.cc. | |
2705 // Allow the server side of a pipe restricted to the "chrome.nacl." | |
2706 // namespace so that it cannot impersonate other system or other chrome | |
2707 // service pipes. | |
2708 sandbox::ResultCode result = policy->AddRule( | |
2709 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
2710 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
2711 L"\\\\.\\pipe\\chrome.nacl.*"); | |
2712 if (result != sandbox::SBOX_ALL_OK) | |
2713 return false; | |
2714 | |
2715 // Renderers need to send named pipe handles and shared memory | |
2716 // segment handles to NaCl loader processes. | |
2717 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | |
2718 sandbox::TargetPolicy::HANDLES_DUP_ANY, | |
2719 L"File"); | |
2720 return result == sandbox::SBOX_ALL_OK; | |
2721 } | |
2722 | |
2723 bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType( | 2701 bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType( |
2724 const std::string& mime_type) const { | 2702 const std::string& mime_type) const { |
2725 // First, check if any variation parameters have enabled or disabled this | 2703 // First, check if any variation parameters have enabled or disabled this |
2726 // mime type either specifically or globally. | 2704 // mime type either specifically or globally. |
2727 std::map<std::string, std::string> mime_params; | 2705 std::map<std::string, std::string> mime_params; |
2728 if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", | 2706 if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes", |
2729 &mime_params)) { | 2707 &mime_params)) { |
2730 bool enabled = false; | 2708 bool enabled = false; |
2731 for (const auto& param : mime_params) { | 2709 for (const auto& param : mime_params) { |
2732 if (param.first == mime_type || param.first == "*") { | 2710 if (param.first == mime_type || param.first == "*") { |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2975 if (channel <= kMaxDisableEncryptionChannel) { | 2953 if (channel <= kMaxDisableEncryptionChannel) { |
2976 static const char* const kWebRtcDevSwitchNames[] = { | 2954 static const char* const kWebRtcDevSwitchNames[] = { |
2977 switches::kDisableWebRtcEncryption, | 2955 switches::kDisableWebRtcEncryption, |
2978 }; | 2956 }; |
2979 to_command_line->CopySwitchesFrom(from_command_line, | 2957 to_command_line->CopySwitchesFrom(from_command_line, |
2980 kWebRtcDevSwitchNames, | 2958 kWebRtcDevSwitchNames, |
2981 arraysize(kWebRtcDevSwitchNames)); | 2959 arraysize(kWebRtcDevSwitchNames)); |
2982 } | 2960 } |
2983 } | 2961 } |
2984 #endif // defined(ENABLE_WEBRTC) | 2962 #endif // defined(ENABLE_WEBRTC) |
OLD | NEW |