content/app/sandbox_helper_win.cc - Issue 1854323002: [Windows Sandbox] Turn on MITIGATION_EXTENSION_POINT_DISABLE for child processes.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/app/sandbox_helper_win.cc

Issue 1854323002: [Windows Sandbox] Turn on MITIGATION_EXTENSION_POINT_DISABLE for child processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove DISABLE_EXTENSION_POINT for browser process - until IME support can be fixed. Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « components/nacl/broker/BUILD.gn ('k') | content/common/sandbox_win.cc » ('j') | no next file with comments »

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/public/app/sandbox_helper_win.h"	5 #include "content/public/app/sandbox_helper_win.h"

6	6

7 #include "sandbox/win/src/process_mitigations.h"	7 #include "sandbox/win/src/process_mitigations.h"

8 #include "sandbox/win/src/sandbox_factory.h"	8 #include "sandbox/win/src/sandbox_factory.h"

9	9

10 namespace content {	10 namespace content {

11	11

12 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) {	12 void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) {

13 info->broker_services = sandbox::SandboxFactory::GetBrokerServices();	13 info->broker_services = sandbox::SandboxFactory::GetBrokerServices();

14 if (!info->broker_services) {	14 if (!info->broker_services) {

15 info->target_services = sandbox::SandboxFactory::GetTargetServices();	15 info->target_services = sandbox::SandboxFactory::GetTargetServices();

16 } else {	16 } else {

17 // Ensure the proper mitigations are enforced for the browser process.	17 // Ensure the proper mitigations are enforced for the browser process.

18 sandbox::ApplyProcessMitigationsToCurrentProcess(	18 sandbox::ApplyProcessMitigationsToCurrentProcess(

19 sandbox::MITIGATION_DEP \|	19 sandbox::MITIGATION_DEP \|

20 sandbox::MITIGATION_DEP_NO_ATL_THUNK \|	20 sandbox::MITIGATION_DEP_NO_ATL_THUNK \|

21 sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY);	21 sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY);

	22 // Note: these mitigations are "post-startup". Some mitigations that need

	23 // to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done

	24 // so in Chrome_ELF.

22 }	25 }

23 }	26 }

24	27

25 } // namespace content	28 } // namespace content

OLD	NEW