Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1100)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 282133007: Allow the MITIGATION_WIN32K_DISABLE process mitigation to be set in the renderer sandbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/public/common/content_switches.h » ('j') | content/public/common/content_switches.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 7c3048aadbb477209d5a63b44b2f845bc33378ae..202c82170c4b31d96f99a176e79105ee9b4ebe11 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -602,6 +602,12 @@ base::ProcessHandle StartSandboxedProcess(
sandbox::MITIGATION_DEP_NO_ATL_THUNK |
sandbox::MITIGATION_SEHOP;
+ if (base::win::GetVersion() >= base::win::VERSION_WIN8 &&
+ type_str == switches::kRendererProcess &&
+ cmd_line->HasSwitch(switches::kEnableGDIUser32RendererLockDown)) {
+ mitigations |= sandbox::MITIGATION_WIN32K_DISABLE;
+ }
+
if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
return 0;
« no previous file with comments | « no previous file | content/public/common/content_switches.h » ('j') | content/public/common/content_switches.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698