Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(361)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 2672003002: Remove the --allow-no-sandbox-job flag in favor of automatic recognition. (Closed)
Patch Set: Reshuffle. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 6dee6e96a96299cd3aa01a46772f727c46ec6bf4..7f2742acf1bfd4fa9c77a71b0f152000ada862e7 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -251,9 +251,6 @@ base::string16 PrependWindowsSessionPath(const base::char16* object) {
// Checks if the sandbox should be let to run without a job object assigned.
jwd 2017/03/02 19:58:14 So, this comment implies to me that a return of tr
pastarmovj 2017/03/02 20:21:21 I clarified the return value of the function.
bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
- if (!cmd_line.HasSwitch(switches::kAllowNoSandboxJob))
- return true;
-
// Windows 8 allows nested jobs so we don't need to check if we are in other
// job.
if (base::win::GetVersion() >= base::win::VERSION_WIN8)
@@ -277,6 +274,25 @@ bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
if (job_info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_BREAKAWAY_OK)
return true;
+ // Lastly in place of the flag which was supposed to be used only for running
+ // Chrome in remote sessions we do this check explicitly here.
+ // According to MS this flag can be false for a remote session only on Windows
+ // Server 2012 and newer so if we do the check last we should be on the safe
+ // side. See: https://msdn.microsoft.com/en-us/library/aa380798.aspx.
+ if (!::GetSystemMetrics(SM_REMOTESESSION)) {
+ // Measure how often we would have decided to apply the sandbox but the
+ // user actually wanted to avoid it.
+ // TODO(pastarmovj): Remove this check and the flag altogether once we are
+ // convinced that the automatic logic is good enough.
+ bool set_job = !cmd_line.HasSwitch(switches::kAllowNoSandboxJob);
+ UMA_HISTOGRAM_BOOLEAN("Process.Sandbox.JobAvoidedCorrectly", set_job);
+ return set_job;
+ }
+
+ // Allow running without the sandbox in this case. This slightly reduces the
+ // ability of the sandbox to protect its children from spawning new processes
+ // or preventing them from shutting down Windows or accessing the clipboard.
+ UMA_HISTOGRAM_BOOLEAN("Process.Sandbox.JobAvoidedCorrectly", true);
return false;
}
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698