content/common/sandbox_win.cc - Issue 301353004: Remove flag --disable-winsta

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/common/sandbox_win.cc

Issue 301353004: Remove flag --disable-winsta (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/sandbox_win.h"	5 #include "content/common/sandbox_win.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/base_switches.h"	9 #include "base/base_switches.h"

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 340 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
351 if (base::win::GetVersion() > base::win::VERSION_XP) {	351 if (base::win::GetVersion() > base::win::VERSION_XP) {

352 // On 2003/Vista the initial token has to be restricted if the main	352 // On 2003/Vista the initial token has to be restricted if the main

353 // token is restricted.	353 // token is restricted.

354 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;	354 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;

355 }	355 }

356	356

357 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);	357 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);

358 // Prevents the renderers from manipulating low-integrity processes.	358 // Prevents the renderers from manipulating low-integrity processes.

359 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);	359 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);

360	360

361 bool use_winsta = !CommandLine::ForCurrentProcess()->HasSwitch(	361 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(true)) {

362 switches::kDisableAltWinstation);

363

364 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(use_winsta)) {

365 DLOG(WARNING) << "Failed to apply desktop security to the renderer";	362 DLOG(WARNING) << "Failed to apply desktop security to the renderer";

366 }	363 }

367	364

368 return true;	365 return true;

369 }	366 }

370	367

371 // Updates the command line arguments with debug-related flags. If debug flags	368 // Updates the command line arguments with debug-related flags. If debug flags

372 // have been used with this process, they will be filtered and added to	369 // have been used with this process, they will be filtered and added to

373 // command_line as needed.	370 // command_line as needed.

374 void ProcessDebugFlags(CommandLine* command_line) {	371 void ProcessDebugFlags(CommandLine* command_line) {

(...skipping 366 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
741 }	738 }

742	739

743 return false;	740 return false;

744 }	741 }

745	742

746 bool BrokerAddTargetPeer(HANDLE peer_process) {	743 bool BrokerAddTargetPeer(HANDLE peer_process) {

747 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;	744 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;

748 }	745 }

749	746

750 } // namespace content	747 } // namespace content

OLD	NEW

« no previous file with comments | « content/common/sandbox_init_win.cc ('k') | content/public/common/content_switches.h » ('j') | no next file with comments »