Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1348)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 2672003002: Remove the --allow-no-sandbox-job flag in favor of automatic recognition. (Closed)
Patch Set: Address comments. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 6dee6e96a96299cd3aa01a46772f727c46ec6bf4..a3b954e063f24847e6bc7cddee27c12cb9bab4da 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -251,9 +251,6 @@ base::string16 PrependWindowsSessionPath(const base::char16* object) {
// Checks if the sandbox should be let to run without a job object assigned.
bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
- if (!cmd_line.HasSwitch(switches::kAllowNoSandboxJob))
- return true;
-
// Windows 8 allows nested jobs so we don't need to check if we are in other
// job.
if (base::win::GetVersion() >= base::win::VERSION_WIN8)
@@ -277,6 +274,20 @@ bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
if (job_info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_BREAKAWAY_OK)
return true;
+ // Lastly in place of the flag which was supposed to be used only for running
+ // Chrome in remote sessions we do this check explicitly here.
+ // According to MS this flag can be false for a remote session only on Windows
+ // Server 2012 and newer so if we do the check last we should be on the safe
+ // side. See: https://msdn.microsoft.com/en-us/library/aa380798.aspx.
+ if (!::GetSystemMetrics(SM_REMOTESESSION)) {
+ // TODO(pastarmovj): Remove this check and the flag altogether once we are
+ // convinced that the automatic logic is good enough.
+ return !cmd_line.HasSwitch(switches::kAllowNoSandboxJob);
+ }
+
+ // Allow running without the sandbox in this case. This slightly reduces the
+ // ability of the sandbox to protect its children from spawning new processes
+ // or preventing them from shutting down Windows or accessing the clipboard.
return false;
}
@@ -570,7 +581,9 @@ sandbox::ResultCode SetJobLevel(const base::CommandLine& cmd_line,
sandbox::JobLevel job_level,
uint32_t ui_exceptions,
sandbox::TargetPolicy* policy) {
- if (!ShouldSetJobLevel(cmd_line))
+ const bool should_set_job = ShouldSetJobLevel(cmd_line);
+ UMA_HISTOGRAM_BOOLEAN("Process.Sandbox.ShouldSetJobNone", should_set_job);
Will Harris 2017/02/16 23:48:17 I feel like I'm being a terrible reviewer here and
+ if (!should_set_job)
return policy->SetJobLevel(sandbox::JOB_NONE, 0);
#ifdef _WIN64
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698