Index: content/common/sandbox_win.cc |
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc |
index aea586054e51329e97627abc203ac3cfdb7f2b06..e2c9e8f1408a86e9177ae2b8b9d3c7a219706981 100644 |
--- a/content/common/sandbox_win.cc |
+++ b/content/common/sandbox_win.cc |
@@ -309,6 +309,17 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) { |
if (result != sandbox::SBOX_ALL_OK) |
return false; |
+ // XXX: This is in the wrong place, it should only apply to the renderer. |
scottmg
2014/03/21 23:04:06
This needs to be made renderer-only rather than in
Will Harris
2014/03/21 23:55:47
suggested location below around 657
|
+ base::FilePath directory; |
+ if (!PathService::Get(base::DIR_WINDOWS_FONTS, &directory)) |
+ return false; |
+ directory.Append(FILE_PATH_LITERAL("\\*")); |
+ result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
+ sandbox::TargetPolicy::FILES_ALLOW_READONLY, |
+ directory.value().c_str()); |
+ if (result != sandbox::SBOX_ALL_OK) |
+ return false; |
+ |
// Add the policy for debug message only in debug |
#ifndef NDEBUG |
base::FilePath app_dir; |