OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 624 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
635 delegate->PreSandbox(&disable_default_policy, &exposed_dir); | 635 delegate->PreSandbox(&disable_default_policy, &exposed_dir); |
636 | 636 |
637 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) | 637 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) |
638 return 0; | 638 return 0; |
639 | 639 |
640 if (type_str != switches::kRendererProcess) { | 640 if (type_str != switches::kRendererProcess) { |
641 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | 641 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into |
642 // this subprocess. See | 642 // this subprocess. See |
643 // http://code.google.com/p/chromium/issues/detail?id=25580 | 643 // http://code.google.com/p/chromium/issues/detail?id=25580 |
644 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | 644 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); |
645 } else { | |
646 AddDirectory(base::DIR_WINDOWS_FONTS, | |
jschuh
2014/03/25 04:03:48
This should be scoped to only when DW is enabled.
| |
647 NULL, | |
648 true, | |
649 sandbox::TargetPolicy::FILES_ALLOW_READONLY, | |
650 policy); | |
645 } | 651 } |
646 | 652 |
647 sandbox::ResultCode result; | 653 sandbox::ResultCode result; |
648 if (!exposed_dir.empty()) { | 654 if (!exposed_dir.empty()) { |
649 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 655 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
650 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 656 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
651 exposed_dir.value().c_str()); | 657 exposed_dir.value().c_str()); |
652 if (result != sandbox::SBOX_ALL_OK) | 658 if (result != sandbox::SBOX_ALL_OK) |
653 return 0; | 659 return 0; |
654 | 660 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
744 } | 750 } |
745 | 751 |
746 return false; | 752 return false; |
747 } | 753 } |
748 | 754 |
749 bool BrokerAddTargetPeer(HANDLE peer_process) { | 755 bool BrokerAddTargetPeer(HANDLE peer_process) { |
750 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 756 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
751 } | 757 } |
752 | 758 |
753 } // namespace content | 759 } // namespace content |
OLD | NEW |