| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 564 } | 564 } |
| 565 | 565 |
| 566 bool InitTargetServices(sandbox::TargetServices* target_services) { | 566 bool InitTargetServices(sandbox::TargetServices* target_services) { |
| 567 DCHECK(target_services); | 567 DCHECK(target_services); |
| 568 DCHECK(!g_target_services); | 568 DCHECK(!g_target_services); |
| 569 sandbox::ResultCode result = target_services->Init(); | 569 sandbox::ResultCode result = target_services->Init(); |
| 570 g_target_services = target_services; | 570 g_target_services = target_services; |
| 571 return sandbox::SBOX_ALL_OK == result; | 571 return sandbox::SBOX_ALL_OK == result; |
| 572 } | 572 } |
| 573 | 573 |
| 574 bool ShouldUseDirectWrite() { |
| 575 // If the flag is currently on, and we're on Win7 or above, we enable |
| 576 // DirectWrite. Skia does not require the additions to DirectWrite |
| 577 // in QFE 2670838, so a Win7 check is sufficient. We don't not currently |
| 578 // attempt to support Vista, where SP2 and the Platform Update are required. |
| 579 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 580 return command_line.HasSwitch(switches::kEnableDirectWrite) && |
| 581 base::win::GetVersion() >= base::win::VERSION_WIN7; |
| 582 } |
| 583 |
| 574 base::ProcessHandle StartSandboxedProcess( | 584 base::ProcessHandle StartSandboxedProcess( |
| 575 SandboxedProcessLauncherDelegate* delegate, | 585 SandboxedProcessLauncherDelegate* delegate, |
| 576 CommandLine* cmd_line) { | 586 CommandLine* cmd_line) { |
| 577 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | 587 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); |
| 578 std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType); | 588 std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType); |
| 579 | 589 |
| 580 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str); | 590 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str); |
| 581 | 591 |
| 582 bool in_sandbox = true; | 592 bool in_sandbox = true; |
| 583 if (delegate) | 593 if (delegate) |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 630 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); | 640 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); |
| 631 | 641 |
| 632 bool disable_default_policy = false; | 642 bool disable_default_policy = false; |
| 633 base::FilePath exposed_dir; | 643 base::FilePath exposed_dir; |
| 634 if (delegate) | 644 if (delegate) |
| 635 delegate->PreSandbox(&disable_default_policy, &exposed_dir); | 645 delegate->PreSandbox(&disable_default_policy, &exposed_dir); |
| 636 | 646 |
| 637 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) | 647 if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy)) |
| 638 return 0; | 648 return 0; |
| 639 | 649 |
| 640 if (type_str != switches::kRendererProcess) { | 650 if (type_str == switches::kRendererProcess) { |
| 651 if (ShouldUseDirectWrite()) { |
| 652 AddDirectory(base::DIR_WINDOWS_FONTS, |
| 653 NULL, |
| 654 true, |
| 655 sandbox::TargetPolicy::FILES_ALLOW_READONLY, |
| 656 policy); |
| 657 // We do not automatically propagate this from the browser command line, |
| 658 // and instead only add it when we're actually setting up the sandbox to |
| 659 // work with DirectWrite. |
| 660 cmd_line->AppendSwitch(switches::kEnableDirectWrite); |
| 661 } |
| 662 } else { |
| 641 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | 663 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into |
| 642 // this subprocess. See | 664 // this subprocess. See |
| 643 // http://code.google.com/p/chromium/issues/detail?id=25580 | 665 // http://code.google.com/p/chromium/issues/detail?id=25580 |
| 644 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | 666 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); |
| 645 } | 667 } |
| 646 | 668 |
| 647 sandbox::ResultCode result; | 669 sandbox::ResultCode result; |
| 648 if (!exposed_dir.empty()) { | 670 if (!exposed_dir.empty()) { |
| 649 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 671 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
| 650 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 672 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 744 } | 766 } |
| 745 | 767 |
| 746 return false; | 768 return false; |
| 747 } | 769 } |
| 748 | 770 |
| 749 bool BrokerAddTargetPeer(HANDLE peer_process) { | 771 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 750 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 772 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 751 } | 773 } |
| 752 | 774 |
| 753 } // namespace content | 775 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 209163002:
Support DirectWrite with sandbox on (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src