Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(225)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 282133007: Allow the MITIGATION_WIN32K_DISABLE process mitigation to be set in the renderer sandbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Code review comments Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/public/common/content_switches.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 7c3048aadbb477209d5a63b44b2f845bc33378ae..9e56fed6cbe0be48602574f7fab9278a92c49af1 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -602,6 +602,13 @@ base::ProcessHandle StartSandboxedProcess(
sandbox::MITIGATION_DEP_NO_ATL_THUNK |
sandbox::MITIGATION_SEHOP;
+ if (base::win::GetVersion() >= base::win::VERSION_WIN8 &&
+ type_str == switches::kRendererProcess &&
+ browser_command_line.HasSwitch(
+ switches::kEnableWin32kRendererLockDown)) {
+ mitigations |= sandbox::MITIGATION_WIN32K_DISABLE;
+ }
+
if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
return 0;
« no previous file with comments | « no previous file | content/public/common/content_switches.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698