Avoid adding Mojo service to the utility process when running with elevated privileges.

chrome/utility/chrome_content_utility_client.cc

Index: chrome/utility/chrome_content_utility_client.cc
diff --git a/chrome/utility/chrome_content_utility_client.cc b/chrome/utility/chrome_content_utility_client.cc
index 85cbd630dd66f88a15a17687789d87583cbb9bb7..e7f7ac2098be7a38265617dbefbac450528b94fc 100644
--- a/chrome/utility/chrome_content_utility_client.cc
+++ b/chrome/utility/chrome_content_utility_client.cc
@@ -197,6 +197,15 @@ bool ChromeContentUtilityClient::OnMessageReceived(
 
 void ChromeContentUtilityClient::RegisterMojoServices(
     content::ServiceRegistry* registry) {
+  // When the utility process is running with elevated privileges, we need to
+  // filter messages so that only a whitelist of IPCs can run. In Mojo, there's
+  // no way of filtering individual messages. Instead, we can avoid adding
+  // non-whitelisted Mojo services to the ServiceRegistry.
+  // TODO(amistry): Use a whitelist once the whistlisted IPCs have been
+  // converted to Mojo.
+  if (filter_messages_)
+    return;
+
 #if !defined(OS_ANDROID)
   registry->AddService<net::interfaces::ProxyResolverFactory>(
       base::Bind(CreateProxyResolverFactory));