OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/gpu/gpu_process_host.h" | 5 #include "content/browser/gpu/gpu_process_host.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 #include "ui/base/ui_base_switches.h" | 55 #include "ui/base/ui_base_switches.h" |
56 #include "ui/events/latency_info.h" | 56 #include "ui/events/latency_info.h" |
57 #include "ui/gl/gl_switches.h" | 57 #include "ui/gl/gl_switches.h" |
58 | 58 |
59 #if defined(OS_ANDROID) | 59 #if defined(OS_ANDROID) |
60 #include "base/android/build_info.h" | 60 #include "base/android/build_info.h" |
61 #endif | 61 #endif |
62 | 62 |
63 #if defined(OS_WIN) | 63 #if defined(OS_WIN) |
64 #include "base/win/windows_version.h" | 64 #include "base/win/windows_version.h" |
65 #include "content/common/sandbox_win.h" | |
66 #include "sandbox/win/src/sandbox_policy.h" | |
67 #include "ui/gfx/switches.h" | 65 #include "ui/gfx/switches.h" |
68 #include "ui/gfx/win/rendering_window_manager.h" | 66 #include "ui/gfx/win/rendering_window_manager.h" |
69 #endif | 67 #endif |
70 | 68 |
71 #if defined(USE_OZONE) | 69 #if defined(USE_OZONE) |
72 #include "ui/ozone/public/ozone_switches.h" | 70 #include "ui/ozone/public/ozone_switches.h" |
73 #endif | 71 #endif |
74 | 72 |
75 #if defined(USE_X11) && !defined(OS_CHROMEOS) | 73 #if defined(USE_X11) && !defined(OS_CHROMEOS) |
76 #include "ui/gfx/x/x11_switches.h" | 74 #include "ui/gfx/x/x11_switches.h" |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 | 190 |
193 bool DisableDefaultPolicy() override { | 191 bool DisableDefaultPolicy() override { |
194 return true; | 192 return true; |
195 } | 193 } |
196 | 194 |
197 // For the GPU process we gotten as far as USER_LIMITED. The next level | 195 // For the GPU process we gotten as far as USER_LIMITED. The next level |
198 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL | 196 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL |
199 // backend. Note that the GPU process is connected to the interactive | 197 // backend. Note that the GPU process is connected to the interactive |
200 // desktop. | 198 // desktop. |
201 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { | 199 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { |
202 if (base::win::GetVersion() > base::win::VERSION_XP) { | |
203 if (cmd_line_->GetSwitchValueASCII(switches::kUseGL) == | |
204 gfx::kGLImplementationDesktopName) { | |
205 // Open GL path. | |
206 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | |
207 sandbox::USER_LIMITED); | |
208 SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); | |
209 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
210 } else { | |
211 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | |
212 sandbox::USER_LIMITED); | |
213 | |
214 // UI restrictions break when we access Windows from outside our job. | |
215 // However, we don't want a proxy window in this process because it can | |
216 // introduce deadlocks where the renderer blocks on the gpu, which in | |
217 // turn blocks on the browser UI thread. So, instead we forgo a window | |
218 // message pump entirely and just add job restrictions to prevent child | |
219 // processes. | |
220 SetJobLevel(*cmd_line_, | |
221 sandbox::JOB_LIMITED_USER, | |
222 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | | |
223 JOB_OBJECT_UILIMIT_DESKTOP | | |
224 JOB_OBJECT_UILIMIT_EXITWINDOWS | | |
225 JOB_OBJECT_UILIMIT_DISPLAYSETTINGS, | |
226 policy); | |
227 | |
228 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
229 } | |
230 } else { | |
231 SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); | |
232 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, | |
233 sandbox::USER_LIMITED); | |
234 } | |
235 | |
236 // Allow the server side of GPU sockets, which are pipes that have | |
237 // the "chrome.gpu" namespace and an arbitrary suffix. | |
238 sandbox::ResultCode result = policy->AddRule( | |
239 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
240 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
241 L"\\\\.\\pipe\\chrome.gpu.*"); | |
242 if (result != sandbox::SBOX_ALL_OK) | |
243 return false; | |
244 | |
245 // Block this DLL even if it is not loaded by the browser process. | |
246 policy->AddDllToUnload(L"cmsetac.dll"); | |
247 | |
248 #ifdef USE_AURA | |
249 // GPU also needs to add sections to the browser for aura | |
250 // TODO(jschuh): refactor the GPU channel to remove this. crbug.com/128786 | |
251 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | |
252 sandbox::TargetPolicy::HANDLES_DUP_BROKER, | |
253 L"Section"); | |
254 if (result != sandbox::SBOX_ALL_OK) | |
255 return false; | |
256 #endif | |
257 | |
258 if (cmd_line_->HasSwitch(switches::kEnableLogging)) { | |
259 base::string16 log_file_path = logging::GetLogFileFullPath(); | |
260 if (!log_file_path.empty()) { | |
261 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | |
262 sandbox::TargetPolicy::FILES_ALLOW_ANY, | |
263 log_file_path.c_str()); | |
264 if (result != sandbox::SBOX_ALL_OK) | |
265 return false; | |
266 } | |
267 } | |
268 | |
269 return true; | 200 return true; |
270 } | 201 } |
271 #elif defined(OS_POSIX) | 202 #elif defined(OS_POSIX) |
272 | 203 |
273 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } | 204 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } |
274 #endif // OS_WIN | 205 #endif // OS_WIN |
275 | 206 |
276 SandboxType GetSandboxType() override { | 207 SandboxType GetSandboxType() override { |
277 return SANDBOX_TYPE_GPU; | 208 return SANDBOX_TYPE_GPU; |
278 } | 209 } |
(...skipping 885 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1164 TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader"); | 1095 TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader"); |
1165 ClientIdToShaderCacheMap::iterator iter = | 1096 ClientIdToShaderCacheMap::iterator iter = |
1166 client_id_to_shader_cache_.find(client_id); | 1097 client_id_to_shader_cache_.find(client_id); |
1167 // If the cache doesn't exist then this is an off the record profile. | 1098 // If the cache doesn't exist then this is an off the record profile. |
1168 if (iter == client_id_to_shader_cache_.end()) | 1099 if (iter == client_id_to_shader_cache_.end()) |
1169 return; | 1100 return; |
1170 iter->second->Cache(GetShaderPrefixKey() + ":" + key, shader); | 1101 iter->second->Cache(GetShaderPrefixKey() + ":" + key, shader); |
1171 } | 1102 } |
1172 | 1103 |
1173 } // namespace content | 1104 } // namespace content |
OLD | NEW |