| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 602 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 613 } | 613 } |
| 614 | 614 |
| 615 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); | 615 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); |
| 616 | 616 |
| 617 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | | 617 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | |
| 618 sandbox::MITIGATION_BOTTOM_UP_ASLR | | 618 sandbox::MITIGATION_BOTTOM_UP_ASLR | |
| 619 sandbox::MITIGATION_DEP | | 619 sandbox::MITIGATION_DEP | |
| 620 sandbox::MITIGATION_DEP_NO_ATL_THUNK | | 620 sandbox::MITIGATION_DEP_NO_ATL_THUNK | |
| 621 sandbox::MITIGATION_SEHOP; | 621 sandbox::MITIGATION_SEHOP; |
| 622 | 622 |
| 623 if (base::win::GetVersion() >= base::win::VERSION_WIN8 && | 623 if (base::win::GetVersion() >= base::win::VERSION_WIN8 && |
| 624 type_str == switches::kRendererProcess && | 624 type_str == switches::kRendererProcess && |
| 625 browser_command_line.HasSwitch( | 625 switches::Win32kRendererLockdownEnabled()) { |
| 626 switches::kEnableWin32kRendererLockDown)) { | |
| 627 if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN, | 626 if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN, |
| 628 sandbox::TargetPolicy::FAKE_USER_GDI_INIT, | 627 sandbox::TargetPolicy::FAKE_USER_GDI_INIT, |
| 629 NULL) != sandbox::SBOX_ALL_OK) { | 628 NULL) != sandbox::SBOX_ALL_OK) { |
| 630 return base::Process(); | 629 return base::Process(); |
| 631 } | 630 } |
| 632 mitigations |= sandbox::MITIGATION_WIN32K_DISABLE; | 631 mitigations |= sandbox::MITIGATION_WIN32K_DISABLE; |
| 633 } | 632 } |
| 634 | 633 |
| 635 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) | 634 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) |
| 636 return base::Process(); | 635 return base::Process(); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 763 } | 762 } |
| 764 | 763 |
| 765 return false; | 764 return false; |
| 766 } | 765 } |
| 767 | 766 |
| 768 bool BrokerAddTargetPeer(HANDLE peer_process) { | 767 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 769 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 768 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 770 } | 769 } |
| 771 | 770 |
| 772 } // namespace content | 771 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 792873004:
Win32k lockdown: move to chrome://flags, add UMA, add finch (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master