content/browser/ppapi_plugin_process_host.cc - Issue 1851213002: Remove sandbox on Windows.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/ppapi_plugin_process_host.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix nacl compile issues Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/browser/ppapi_plugin_process_host.cc

diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc

index 56ae0eea7f4a8c901e0a6f080d06aa1fe49e62e6..947f537dd2f74557177f75922147a6fc85094766 100644

--- a/content/browser/ppapi_plugin_process_host.cc

+++ b/content/browser/ppapi_plugin_process_host.cc

@@ -41,9 +41,6 @@

#if defined(OS_WIN)

#include "content/browser/renderer_host/dwrite_font_proxy_message_filter_win.h"

-#include "content/common/sandbox_win.h"

-#include "sandbox/win/src/process_mitigations.h"

-#include "sandbox/win/src/sandbox_policy.h"

#include "ui/gfx/win/dpi.h"

#endif

@@ -73,42 +70,10 @@ class PpapiPluginSandboxedProcessLauncherDelegate

#if defined(OS_WIN)

bool ShouldSandbox() override {

- return !is_broker_;

+ return false;

}

bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {

- if (is_broker_)

- return true;

- // The Pepper process is as locked-down as a renderer except that it can

- // create the server side of Chrome pipes.

- sandbox::ResultCode result;

- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,

- sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,

- L"\\\\.\\pipe\\chrome.*");

- if (result != sandbox::SBOX_ALL_OK)

- return false;

- content::ContentBrowserClient* browser_client =

- GetContentClient()->browser();

-#if !defined(NACL_WIN64)

- if (IsWin32kRendererLockdownEnabled()) {

- for (const auto& mime_type : info_.mime_types) {

- if (browser_client->IsWin32kLockdownEnabledForMimeType(

- mime_type.mime_type)) {

- if (!AddWin32kLockdownPolicy(policy))

- return false;

- break;

- }

-#endif

- const base::string16& sid =

- browser_client->GetAppContainerSidForSandboxType(GetSandboxType());

- if (!sid.empty())

- AddAppContainerPolicy(policy, sid.c_str());

return true;

}

« no previous file with comments | « content/browser/gpu/gpu_process_host.cc ('k') | content/browser/renderer_host/render_process_host_impl.cc » ('j') | no next file with comments »