| Index: content/browser/gpu/gpu_process_host.cc
|
| diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc
|
| index f0f2743d3cd474ee87ab7de6df5c578c06f2a6d1..9f0291d7bbba76045692cd603211d93d3f152ea5 100644
|
| --- a/content/browser/gpu/gpu_process_host.cc
|
| +++ b/content/browser/gpu/gpu_process_host.cc
|
| @@ -241,7 +241,7 @@ class GpuSandboxedProcessLauncherDelegate
|
| // Open GL path.
|
| policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
|
| sandbox::USER_LIMITED);
|
| - SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
|
| + SetJobLevel(sandbox::JOB_UNPROTECTED, 0, policy);
|
| policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
|
| } else {
|
| policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
|
| @@ -253,18 +253,17 @@ class GpuSandboxedProcessLauncherDelegate
|
| // turn blocks on the browser UI thread. So, instead we forgo a window
|
| // message pump entirely and just add job restrictions to prevent child
|
| // processes.
|
| - SetJobLevel(cmd_line_,
|
| - sandbox::JOB_LIMITED_USER,
|
| + SetJobLevel(sandbox::JOB_LIMITED_USER,
|
| JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS |
|
| - JOB_OBJECT_UILIMIT_DESKTOP |
|
| - JOB_OBJECT_UILIMIT_EXITWINDOWS |
|
| - JOB_OBJECT_UILIMIT_DISPLAYSETTINGS,
|
| + JOB_OBJECT_UILIMIT_DESKTOP |
|
| + JOB_OBJECT_UILIMIT_EXITWINDOWS |
|
| + JOB_OBJECT_UILIMIT_DISPLAYSETTINGS,
|
| policy);
|
|
|
| policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
|
| }
|
| } else {
|
| - SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
|
| + SetJobLevel(sandbox::JOB_UNPROTECTED, 0, policy);
|
| policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
|
| sandbox::USER_LIMITED);
|
| }
|
|
|
Chromium Code Reviews
Issue 2672003002:
Remove the --allow-no-sandbox-job flag in favor of automatic recognition. (Closed)
