Enable win32k lockdown for ppapi processes.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <map>
 #include <set>
 #include <utility>
 #include <vector>
@@ skipping 2869 matching lines @@
   // namespace so that it cannot impersonate other system or other chrome
   // service pipes.
   sandbox::ResultCode result = policy->AddRule(
       sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
       sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
       L"\\\\.\\pipe\\chrome.nacl.*");
   if (result != sandbox::SBOX_ALL_OK)
     return false;
   return result == sandbox::SBOX_ALL_OK;
 }
-
-bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType(
-    const std::string& mime_type) const {
-  // We don't support PPAPI win32k lockdown prior to Windows 10.
-  if (base::win::GetVersion() < base::win::VERSION_WIN10)
-    return false;
-  // First, check if any variation parameters have enabled or disabled this
-  // mime type either specifically or globally.
-  std::map<std::string, std::string> mime_params;
-  if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes",
-                                     &mime_params)) {
-    bool enabled = false;
-    for (const auto& param : mime_params) {
-      if (param.first == mime_type || param.first == "*") {
-        // Disabled entries take precedence over Enabled entries.
-        if (base::StartsWith(param.second, "Disabled",
-                             base::CompareCase::INSENSITIVE_ASCII)) {
-          return false;
-        }
-        if (base::StartsWith(param.second, "Enabled",
-                             base::CompareCase::INSENSITIVE_ASCII)) {
-          enabled = true;
-        }
-      }
-    }
-    return enabled;
-  }
-
-  // Second, check the command line to see if this mime type is enabled
-  // either specifically or globally.
-  const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
-
-  if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes))
-    return false;
-
-  std::string mime_types =
-      cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes);
-
-  // Consider the value * to enable all mime types for lockdown.
-  if (mime_types == "*")
-    return true;
-
-  base::StringTokenizer tokenizer(mime_types, ",");
-  tokenizer.set_quote_chars("\"");
-  while (tokenizer.GetNext()) {
-    if (tokenizer.token() == mime_type)
-      return true;
-  }
-
-  return false;
-}
 #endif  // defined(OS_WIN)
 
 void ChromeContentBrowserClient::ExposeInterfacesToRenderer(
     shell::InterfaceRegistry* registry,
     content::RenderProcessHost* render_process_host) {
   scoped_refptr<base::SingleThreadTaskRunner> ui_task_runner =
       content::BrowserThread::GetTaskRunnerForThread(
           content::BrowserThread::UI);
   registry->AddInterface(
       base::Bind(&startup_metric_utils::StartupMetricHostImpl::Create),
@@ skipping 342 matching lines @@
   if (channel <= kMaxDisableEncryptionChannel) {
     static const char* const kWebRtcDevSwitchNames[] = {
       switches::kDisableWebRtcEncryption,
     };
     to_command_line->CopySwitchesFrom(from_command_line,
                                       kWebRtcDevSwitchNames,
                                       arraysize(kWebRtcDevSwitchNames));
   }
 }
 #endif  // defined(ENABLE_WEBRTC)