Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/utility_process_host_impl.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nacl compile issues Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/renderer_host/render_process_host_impl.cc ('k') | content/common/sandbox_init_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/utility_process_host_impl.h" 5 #include "content/browser/utility_process_host_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 23 matching lines...) Expand all
34 #include "content/public/common/process_type.h" 34 #include "content/public/common/process_type.h"
35 #include "content/public/common/sandbox_type.h" 35 #include "content/public/common/sandbox_type.h"
36 #include "content/public/common/sandboxed_process_launcher_delegate.h" 36 #include "content/public/common/sandboxed_process_launcher_delegate.h"
37 #include "ipc/ipc_switches.h" 37 #include "ipc/ipc_switches.h"
38 #include "ui/base/ui_base_switches.h" 38 #include "ui/base/ui_base_switches.h"
39 39
40 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) 40 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
41 #include "content/public/browser/zygote_handle_linux.h" 41 #include "content/public/browser/zygote_handle_linux.h"
42 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) 42 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
43 43
44 #if defined(OS_WIN)
45 #include "sandbox/win/src/sandbox_policy.h"
46 #include "sandbox/win/src/sandbox_types.h"
47 #endif
48
49 namespace content { 44 namespace content {
50 45
51 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) 46 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
52 namespace { 47 namespace {
53 ZygoteHandle g_utility_zygote; 48 ZygoteHandle g_utility_zygote;
54 } // namespace 49 } // namespace
55 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) 50 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
56 51
57 // NOTE: changes to this class need to be reviewed by the security team. 52 // NOTE: changes to this class need to be reviewed by the security team.
58 class UtilitySandboxedProcessLauncherDelegate 53 class UtilitySandboxedProcessLauncherDelegate
(...skipping 15 matching lines...) Expand all
74 ipc_fd_(host->TakeClientFileDescriptor()) 69 ipc_fd_(host->TakeClientFileDescriptor())
75 #endif // OS_WIN 70 #endif // OS_WIN
76 {} 71 {}
77 72
78 ~UtilitySandboxedProcessLauncherDelegate() override {} 73 ~UtilitySandboxedProcessLauncherDelegate() override {}
79 74
80 #if defined(OS_WIN) 75 #if defined(OS_WIN)
81 bool ShouldLaunchElevated() override { return launch_elevated_; } 76 bool ShouldLaunchElevated() override { return launch_elevated_; }
82 77
83 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { 78 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {
84 if (exposed_dir_.empty()) 79 return true;
85 return true;
86
87 sandbox::ResultCode result;
88 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
89 sandbox::TargetPolicy::FILES_ALLOW_ANY,
90 exposed_dir_.value().c_str());
91 if (result != sandbox::SBOX_ALL_OK)
92 return false;
93
94 base::FilePath exposed_files = exposed_dir_.AppendASCII("*");
95 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
96 sandbox::TargetPolicy::FILES_ALLOW_ANY,
97 exposed_files.value().c_str());
98 return result == sandbox::SBOX_ALL_OK;
99 } 80 }
100 81
101 #elif defined(OS_POSIX) 82 #elif defined(OS_POSIX)
102 83
103 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) 84 #if !defined(OS_MACOSX) && !defined(OS_ANDROID)
104 ZygoteHandle* GetZygote() override { 85 ZygoteHandle* GetZygote() override {
105 if (no_sandbox_ || !exposed_dir_.empty()) 86 if (no_sandbox_ || !exposed_dir_.empty())
106 return nullptr; 87 return nullptr;
107 return GetGenericZygote(); 88 return GetGenericZygote();
108 } 89 }
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after
398 base::ProcessHandle handle; 379 base::ProcessHandle handle;
399 if (RenderProcessHost::run_renderer_in_process()) 380 if (RenderProcessHost::run_renderer_in_process())
400 handle = base::GetCurrentProcessHandle(); 381 handle = base::GetCurrentProcessHandle();
401 else 382 else
402 handle = process_->GetData().handle; 383 handle = process_->GetData().handle;
403 384
404 mojo_application_host_->Activate(this, handle); 385 mojo_application_host_->Activate(this, handle);
405 } 386 }
406 387
407 } // namespace content 388 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/render_process_host_impl.cc ('k') | content/common/sandbox_init_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698