| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/gpu/gpu_process_host.h" | 5 #include "content/browser/gpu/gpu_process_host.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <list> | 10 #include <list> |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 234 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL | 234 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL |
| 235 // backend. Note that the GPU process is connected to the interactive | 235 // backend. Note that the GPU process is connected to the interactive |
| 236 // desktop. | 236 // desktop. |
| 237 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { | 237 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { |
| 238 if (base::win::GetVersion() > base::win::VERSION_XP) { | 238 if (base::win::GetVersion() > base::win::VERSION_XP) { |
| 239 if (cmd_line_.GetSwitchValueASCII(switches::kUseGL) == | 239 if (cmd_line_.GetSwitchValueASCII(switches::kUseGL) == |
| 240 gl::kGLImplementationDesktopName) { | 240 gl::kGLImplementationDesktopName) { |
| 241 // Open GL path. | 241 // Open GL path. |
| 242 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | 242 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 243 sandbox::USER_LIMITED); | 243 sandbox::USER_LIMITED); |
| 244 SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); | 244 SetJobLevel(sandbox::JOB_UNPROTECTED, 0, policy); |
| 245 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | 245 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 246 } else { | 246 } else { |
| 247 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | 247 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 248 sandbox::USER_LIMITED); | 248 sandbox::USER_LIMITED); |
| 249 | 249 |
| 250 // UI restrictions break when we access Windows from outside our job. | 250 // UI restrictions break when we access Windows from outside our job. |
| 251 // However, we don't want a proxy window in this process because it can | 251 // However, we don't want a proxy window in this process because it can |
| 252 // introduce deadlocks where the renderer blocks on the gpu, which in | 252 // introduce deadlocks where the renderer blocks on the gpu, which in |
| 253 // turn blocks on the browser UI thread. So, instead we forgo a window | 253 // turn blocks on the browser UI thread. So, instead we forgo a window |
| 254 // message pump entirely and just add job restrictions to prevent child | 254 // message pump entirely and just add job restrictions to prevent child |
| 255 // processes. | 255 // processes. |
| 256 SetJobLevel(cmd_line_, | 256 SetJobLevel(sandbox::JOB_LIMITED_USER, |
| 257 sandbox::JOB_LIMITED_USER, | |
| 258 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | | 257 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | |
| 259 JOB_OBJECT_UILIMIT_DESKTOP | | 258 JOB_OBJECT_UILIMIT_DESKTOP | |
| 260 JOB_OBJECT_UILIMIT_EXITWINDOWS | | 259 JOB_OBJECT_UILIMIT_EXITWINDOWS | |
| 261 JOB_OBJECT_UILIMIT_DISPLAYSETTINGS, | 260 JOB_OBJECT_UILIMIT_DISPLAYSETTINGS, |
| 262 policy); | 261 policy); |
| 263 | 262 |
| 264 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | 263 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 265 } | 264 } |
| 266 } else { | 265 } else { |
| 267 SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy); | 266 SetJobLevel(sandbox::JOB_UNPROTECTED, 0, policy); |
| 268 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, | 267 policy->SetTokenLevel(sandbox::USER_UNPROTECTED, |
| 269 sandbox::USER_LIMITED); | 268 sandbox::USER_LIMITED); |
| 270 } | 269 } |
| 271 | 270 |
| 272 // Allow the server side of GPU sockets, which are pipes that have | 271 // Allow the server side of GPU sockets, which are pipes that have |
| 273 // the "chrome.gpu" namespace and an arbitrary suffix. | 272 // the "chrome.gpu" namespace and an arbitrary suffix. |
| 274 sandbox::ResultCode result = policy->AddRule( | 273 sandbox::ResultCode result = policy->AddRule( |
| 275 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 274 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 276 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 275 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 277 L"\\\\.\\pipe\\chrome.gpu.*"); | 276 L"\\\\.\\pipe\\chrome.gpu.*"); |
| (...skipping 964 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1242 TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader"); | 1241 TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader"); |
| 1243 ClientIdToShaderCacheMap::iterator iter = | 1242 ClientIdToShaderCacheMap::iterator iter = |
| 1244 client_id_to_shader_cache_.find(client_id); | 1243 client_id_to_shader_cache_.find(client_id); |
| 1245 // If the cache doesn't exist then this is an off the record profile. | 1244 // If the cache doesn't exist then this is an off the record profile. |
| 1246 if (iter == client_id_to_shader_cache_.end()) | 1245 if (iter == client_id_to_shader_cache_.end()) |
| 1247 return; | 1246 return; |
| 1248 iter->second->Cache(GetShaderPrefixKey(shader) + ":" + key, shader); | 1247 iter->second->Cache(GetShaderPrefixKey(shader) + ":" + key, shader); |
| 1249 } | 1248 } |
| 1250 | 1249 |
| 1251 } // namespace content | 1250 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2672003002:
Remove the --allow-no-sandbox-job flag in favor of automatic recognition. (Closed)
