| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 | 54 |
| 55 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) | 55 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 56 ZygoteHandle g_ppapi_zygote; | 56 ZygoteHandle g_ppapi_zygote; |
| 57 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) | 57 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 58 | 58 |
| 59 // NOTE: changes to this class need to be reviewed by the security team. | 59 // NOTE: changes to this class need to be reviewed by the security team. |
| 60 class PpapiPluginSandboxedProcessLauncherDelegate | 60 class PpapiPluginSandboxedProcessLauncherDelegate |
| 61 : public content::SandboxedProcessLauncherDelegate { | 61 : public content::SandboxedProcessLauncherDelegate { |
| 62 public: | 62 public: |
| 63 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, | 63 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, |
| 64 const PepperPluginInfo& info, | |
| 65 ChildProcessHost* host) | 64 ChildProcessHost* host) |
| 66 #if defined(OS_WIN) | 65 #if defined(OS_WIN) |
| 67 : info_(info), is_broker_(is_broker) { | 66 : is_broker_(is_broker) { |
| 68 #elif defined(OS_MACOSX) || defined(OS_ANDROID) | 67 #elif defined(OS_MACOSX) || defined(OS_ANDROID) |
| 69 : ipc_fd_(host->TakeClientFileDescriptor()) { | 68 : ipc_fd_(host->TakeClientFileDescriptor()) { |
| 70 #elif defined(OS_POSIX) | 69 #elif defined(OS_POSIX) |
| 71 : ipc_fd_(host->TakeClientFileDescriptor()), is_broker_(is_broker) { | 70 : ipc_fd_(host->TakeClientFileDescriptor()), is_broker_(is_broker) { |
| 72 #else | 71 #else |
| 73 { | 72 { |
| 74 #endif | 73 #endif |
| 75 } | 74 } |
| 76 | 75 |
| 77 ~PpapiPluginSandboxedProcessLauncherDelegate() override {} | 76 ~PpapiPluginSandboxedProcessLauncherDelegate() override {} |
| (...skipping 13 matching lines...) Expand all Loading... |
| 91 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 90 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 92 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 91 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 93 L"\\\\.\\pipe\\chrome.*"); | 92 L"\\\\.\\pipe\\chrome.*"); |
| 94 if (result != sandbox::SBOX_ALL_OK) | 93 if (result != sandbox::SBOX_ALL_OK) |
| 95 return false; | 94 return false; |
| 96 | 95 |
| 97 content::ContentBrowserClient* browser_client = | 96 content::ContentBrowserClient* browser_client = |
| 98 GetContentClient()->browser(); | 97 GetContentClient()->browser(); |
| 99 | 98 |
| 100 #if !defined(NACL_WIN64) | 99 #if !defined(NACL_WIN64) |
| 101 if (IsWin32kRendererLockdownEnabled()) { | 100 if (IsWin32kLockdownEnabled()) { |
| 102 for (const auto& mime_type : info_.mime_types) { | 101 result = AddWin32kLockdownPolicy(policy, true); |
| 103 if (browser_client->IsWin32kLockdownEnabledForMimeType( | 102 if (result != sandbox::SBOX_ALL_OK) |
| 104 mime_type.mime_type)) { | 103 return false; |
| 105 result = AddWin32kLockdownPolicy(policy, true); | |
| 106 if (result != sandbox::SBOX_ALL_OK) | |
| 107 return false; | |
| 108 break; | |
| 109 } | |
| 110 } | |
| 111 } | 104 } |
| 112 #endif | 105 #endif |
| 113 const base::string16& sid = | 106 const base::string16& sid = |
| 114 browser_client->GetAppContainerSidForSandboxType(GetSandboxType()); | 107 browser_client->GetAppContainerSidForSandboxType(GetSandboxType()); |
| 115 if (!sid.empty()) | 108 if (!sid.empty()) |
| 116 AddAppContainerPolicy(policy, sid.c_str()); | 109 AddAppContainerPolicy(policy, sid.c_str()); |
| 117 | 110 |
| 118 return true; | 111 return true; |
| 119 } | 112 } |
| 120 | 113 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 132 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) | 125 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 133 | 126 |
| 134 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } | 127 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } |
| 135 #endif // OS_WIN | 128 #endif // OS_WIN |
| 136 | 129 |
| 137 SandboxType GetSandboxType() override { | 130 SandboxType GetSandboxType() override { |
| 138 return SANDBOX_TYPE_PPAPI; | 131 return SANDBOX_TYPE_PPAPI; |
| 139 } | 132 } |
| 140 | 133 |
| 141 private: | 134 private: |
| 142 #if defined(OS_WIN) | |
| 143 const PepperPluginInfo& info_; | |
| 144 #endif // OS_WIN | |
| 145 #if defined(OS_POSIX) | 135 #if defined(OS_POSIX) |
| 146 base::ScopedFD ipc_fd_; | 136 base::ScopedFD ipc_fd_; |
| 147 #endif // OS_POSIX | 137 #endif // OS_POSIX |
| 148 #if (defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)) || \ | 138 #if (defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)) || \ |
| 149 defined(OS_WIN) | 139 defined(OS_WIN) |
| 150 bool is_broker_; | 140 bool is_broker_; |
| 151 #endif | 141 #endif |
| 152 | 142 |
| 153 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); | 143 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); |
| 154 }; | 144 }; |
| (...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 #endif | 439 #endif |
| 450 | 440 |
| 451 if (!plugin_launcher.empty()) | 441 if (!plugin_launcher.empty()) |
| 452 cmd_line->PrependWrapper(plugin_launcher); | 442 cmd_line->PrependWrapper(plugin_launcher); |
| 453 | 443 |
| 454 // On posix, never use the zygote for the broker. Also, only use the zygote if | 444 // On posix, never use the zygote for the broker. Also, only use the zygote if |
| 455 // we are not using a plugin launcher - having a plugin launcher means we need | 445 // we are not using a plugin launcher - having a plugin launcher means we need |
| 456 // to use another process instead of just forking the zygote. | 446 // to use another process instead of just forking the zygote. |
| 457 process_->Launch( | 447 process_->Launch( |
| 458 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_, | 448 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_, |
| 459 info, | |
| 460 process_->GetHost()), | 449 process_->GetHost()), |
| 461 cmd_line, | 450 cmd_line, |
| 462 true); | 451 true); |
| 463 return true; | 452 return true; |
| 464 } | 453 } |
| 465 | 454 |
| 466 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { | 455 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { |
| 467 base::ProcessHandle process_handle; | 456 base::ProcessHandle process_handle; |
| 468 int renderer_child_id; | 457 int renderer_child_id; |
| 469 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); | 458 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 559 // sent_requests_ queue should be the one that the plugin just created. | 548 // sent_requests_ queue should be the one that the plugin just created. |
| 560 Client* client = sent_requests_.front(); | 549 Client* client = sent_requests_.front(); |
| 561 sent_requests_.pop(); | 550 sent_requests_.pop(); |
| 562 | 551 |
| 563 const ChildProcessData& data = process_->GetData(); | 552 const ChildProcessData& data = process_->GetData(); |
| 564 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 553 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
| 565 data.id); | 554 data.id); |
| 566 } | 555 } |
| 567 | 556 |
| 568 } // namespace content | 557 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2411483002:
Enable win32k lockdown for ppapi processes. (Closed)
