Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(615)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 2672003002: Remove the --allow-no-sandbox-job flag in favor of automatic recognition. (Closed)
Patch Set: add todo. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 6dee6e96a96299cd3aa01a46772f727c46ec6bf4..781a715465dffb43f811af329530ae0fddd2347e 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -251,9 +251,6 @@ base::string16 PrependWindowsSessionPath(const base::char16* object) {
// Checks if the sandbox should be let to run without a job object assigned.
bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
Will Harris 2017/02/13 18:28:55 so behavior before was that if --allow-no-sandbox-
- if (!cmd_line.HasSwitch(switches::kAllowNoSandboxJob))
- return true;
-
// Windows 8 allows nested jobs so we don't need to check if we are in other
// job.
if (base::win::GetVersion() >= base::win::VERSION_WIN8)
@@ -277,6 +274,27 @@ bool ShouldSetJobLevel(const base::CommandLine& cmd_line) {
if (job_info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_BREAKAWAY_OK)
return true;
+ // Lastly in place of the flag which was supposed to be used only for running
+ // Chrome in remote sessions we do this check explicitly here.
+ // According to MS this flag can be false for a remote session only on Windows
+ // Server 2012 and newer so if we do the check last we should be on the safe
+ // side. See: https://msdn.microsoft.com/en-us/library/aa380798.aspx.
+ if (!::GetSystemMetrics(SM_REMOTESESSION)) {
+ // Measure how often we would have decided to apply the sandbox but the
+ // user actually wanted to avoid it.
+ // TODO(pastarmovj): Remove this check and the flag altogher once we are
Will Harris 2017/02/10 18:45:35 nit: typo
pastarmovj 2017/02/14 12:10:33 Done.
+ // convinced that the automatic logic is good enough.
+ if (cmd_line.HasSwitch(switches::kAllowNoSandboxJob)) {
+ UMA_HISTOGRAM_BOOLEAN("Process.Sandbox.JobAvoidedCorrectly", false);
Will Harris 2017/02/10 18:45:35 I'd prefer to record this histogram all the time a
pastarmovj 2017/02/13 12:26:41 As the histogram is worded now it is collected eve
Will Harris 2017/02/13 18:28:55 normally best practice for histograms is to always
pastarmovj 2017/02/14 12:10:33 Agree. Moved that to the calling function.
+ return false;
+ }
+ return true;
+ }
+
+ // Allow running without the sandbox in this case. This slightly reduces the
+ // ability of the sandbox to protect its children from spawning new processes
+ // or preventing them from shutting down Windows or accessing the clipboard.
+ UMA_HISTOGRAM_BOOLEAN("Process.Sandbox.JobAvoidedCorrectly", true);
return false;
}
« no previous file with comments | « no previous file | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698