Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 319573006: Add sandbox support for process memory limits (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ready for review Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/win/src/broker_services.h » ('j') | sandbox/win/src/broker_services.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after
487 return TRUE; 487 return TRUE;
488 } 488 }
489 #endif 489 #endif
490 490
491 } // namespace 491 } // namespace
492 492
493 void SetJobLevel(const CommandLine& cmd_line, 493 void SetJobLevel(const CommandLine& cmd_line,
494 sandbox::JobLevel job_level, 494 sandbox::JobLevel job_level,
495 uint32 ui_exceptions, 495 uint32 ui_exceptions,
496 sandbox::TargetPolicy* policy) { 496 sandbox::TargetPolicy* policy) {
497 if (ShouldSetJobLevel(cmd_line)) 497 if (ShouldSetJobLevel(cmd_line)) {
498 #ifdef _WIN64
499 policy->SetJobMemoryLimit(4ULL * 1024 * 1024 * 1024, true);
500 #endif
498 policy->SetJobLevel(job_level, ui_exceptions); 501 policy->SetJobLevel(job_level, ui_exceptions);
499 else 502 } else {
500 policy->SetJobLevel(sandbox::JOB_NONE, 0); 503 policy->SetJobLevel(sandbox::JOB_NONE, 0);
504 }
501 } 505 }
502 506
503 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. 507 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
504 // Just have to figure out what needs to be warmed up first. 508 // Just have to figure out what needs to be warmed up first.
505 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { 509 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
506 // TODO(cpu): Add back the BaseNamedObjects policy. 510 // TODO(cpu): Add back the BaseNamedObjects policy.
507 base::string16 object_path = PrependWindowsSessionPath( 511 base::string16 object_path = PrependWindowsSessionPath(
508 L"\\BaseNamedObjects\\windows_shell_global_counters"); 512 L"\\BaseNamedObjects\\windows_shell_global_counters");
509 policy->AddKernelObjectToClose(L"Section", object_path.data()); 513 policy->AddKernelObjectToClose(L"Section", object_path.data());
510 } 514 }
(...skipping 228 matching lines...) Expand 10 before | Expand all | Expand 10 after
739 } 743 }
740 744
741 return false; 745 return false;
742 } 746 }
743 747
744 bool BrokerAddTargetPeer(HANDLE peer_process) { 748 bool BrokerAddTargetPeer(HANDLE peer_process) {
745 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 749 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
746 } 750 }
747 751
748 } // namespace content 752 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/win/src/broker_services.h » ('j') | sandbox/win/src/broker_services.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698