OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
564 } | 564 } |
565 | 565 |
566 bool InitTargetServices(sandbox::TargetServices* target_services) { | 566 bool InitTargetServices(sandbox::TargetServices* target_services) { |
567 DCHECK(target_services); | 567 DCHECK(target_services); |
568 DCHECK(!g_target_services); | 568 DCHECK(!g_target_services); |
569 sandbox::ResultCode result = target_services->Init(); | 569 sandbox::ResultCode result = target_services->Init(); |
570 g_target_services = target_services; | 570 g_target_services = target_services; |
571 return sandbox::SBOX_ALL_OK == result; | 571 return sandbox::SBOX_ALL_OK == result; |
572 } | 572 } |
573 | 573 |
574 bool ShouldUseDirectWrite() { | |
575 // If the flag is currently on, and we're on Win7 or above, we enable | |
576 // DirectWrite. Skia does not require the additions to DirectWrite | |
577 // in QFE 2670838, so a Win7 check is sufficient. We don't not currently | |
578 // attempt to support Vista, where SP2 and the Platform Update are required. | |
579 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | |
580 return command_line.HasSwitch(switches::kEnableDirectWrite) && | |
581 base::win::GetVersion() >= base::win::VERSION_WIN7; | |
582 } | |
583 | |
574 base::ProcessHandle StartSandboxedProcess( | 584 base::ProcessHandle StartSandboxedProcess( |
575 SandboxedProcessLauncherDelegate* delegate, | 585 SandboxedProcessLauncherDelegate* delegate, |
576 CommandLine* cmd_line) { | 586 CommandLine* cmd_line) { |
577 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | 587 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); |
578 std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType); | 588 std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType); |
579 | 589 |
580 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str); | 590 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str); |
581 | 591 |
582 bool in_sandbox = true; | 592 bool in_sandbox = true; |
583 if (delegate) | 593 if (delegate) |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
635 delegate->PreSandbox(&disable_default_policy, &exposed_dir); | 645 delegate->PreSandbox(&disable_default_policy, &exposed_dir); |
636 | 646 |
637 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) | 647 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) |
638 return 0; | 648 return 0; |
639 | 649 |
640 if (type_str != switches::kRendererProcess) { | 650 if (type_str != switches::kRendererProcess) { |
641 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | 651 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into |
642 // this subprocess. See | 652 // this subprocess. See |
643 // http://code.google.com/p/chromium/issues/detail?id=25580 | 653 // http://code.google.com/p/chromium/issues/detail?id=25580 |
644 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | 654 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); |
655 } else if (ShouldUseDirectWrite()) { | |
jam
2014/03/25 22:57:26
nit: it would be clearer to have if (type_str == r
scottmg
2014/03/25 23:38:18
Done.
| |
656 AddDirectory(base::DIR_WINDOWS_FONTS, | |
657 NULL, | |
658 true, | |
659 sandbox::TargetPolicy::FILES_ALLOW_READONLY, | |
660 policy); | |
661 // We do not automatically propagate this from the browser command line, | |
662 // and instead only add it when we're actually setting up the sandbox to | |
663 // work with DirectWrite. | |
664 cmd_line->AppendSwitch(switches::kEnableDirectWrite); | |
645 } | 665 } |
646 | 666 |
647 sandbox::ResultCode result; | 667 sandbox::ResultCode result; |
648 if (!exposed_dir.empty()) { | 668 if (!exposed_dir.empty()) { |
649 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 669 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
650 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 670 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
651 exposed_dir.value().c_str()); | 671 exposed_dir.value().c_str()); |
652 if (result != sandbox::SBOX_ALL_OK) | 672 if (result != sandbox::SBOX_ALL_OK) |
653 return 0; | 673 return 0; |
654 | 674 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
744 } | 764 } |
745 | 765 |
746 return false; | 766 return false; |
747 } | 767 } |
748 | 768 |
749 bool BrokerAddTargetPeer(HANDLE peer_process) { | 769 bool BrokerAddTargetPeer(HANDLE peer_process) { |
750 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 770 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
751 } | 771 } |
752 | 772 |
753 } // namespace content | 773 } // namespace content |
OLD | NEW |