Chromium Code Reviews Chromium Code Reviews
Issue 792873004:
Win32k lockdown: move to chrome://flags, add UMA, add finch (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/public/common/content_switches.h" | 5 #include "content/public/common/content_switches.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/field_trial.h" | |
| 8 | 9 |
| 9 namespace switches { | 10 namespace switches { |
| 10 | 11 |
| 11 // The number of MSAA samples for canvas2D. Requires MSAA support by GPU to | 12 // The number of MSAA samples for canvas2D. Requires MSAA support by GPU to |
| 12 // have an effect. 0 disables MSAA. | 13 // have an effect. 0 disables MSAA. |
| 13 const char kAcceleratedCanvas2dMSAASampleCount[] = "canvas-msaa-sample-count"; | 14 const char kAcceleratedCanvas2dMSAASampleCount[] = "canvas-msaa-sample-count"; |
| 14 | 15 |
| 15 // By default, file:// URIs cannot read other file:// URIs. This is an | 16 // By default, file:// URIs cannot read other file:// URIs. This is an |
| 16 // override for developers who need the old behavior for testing. | 17 // override for developers who need the old behavior for testing. |
| 17 const char kAllowFileAccessFromFiles[] = "allow-file-access-from-files"; | 18 const char kAllowFileAccessFromFiles[] = "allow-file-access-from-files"; |
| (...skipping 956 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 974 "enable-threaded-event-handling-mac"; | 975 "enable-threaded-event-handling-mac"; |
| 975 #endif | 976 #endif |
| 976 | 977 |
| 977 #if defined(OS_WIN) | 978 #if defined(OS_WIN) |
| 978 // Device scale factor passed to certain processes like renderers, etc. | 979 // Device scale factor passed to certain processes like renderers, etc. |
| 979 const char kDeviceScaleFactor[] = "device-scale-factor"; | 980 const char kDeviceScaleFactor[] = "device-scale-factor"; |
| 980 | 981 |
| 981 // Disable the Legacy Window which corresponds to the size of the WebContents. | 982 // Disable the Legacy Window which corresponds to the size of the WebContents. |
| 982 const char kDisableLegacyIntermediateWindow[] = "disable-legacy-window"; | 983 const char kDisableLegacyIntermediateWindow[] = "disable-legacy-window"; |
| 983 | 984 |
| 984 // Enable the Win32K process mitigation policy for renderer processes which | 985 // Enables or disables the Win32K process mitigation policy for renderer |
| 985 // prevents them from invoking user32 and gdi32 system calls which enter | 986 // processes which prevents them from invoking user32 and gdi32 system calls |
| 986 // the kernel. This is only supported on Windows 8 and beyond. | 987 // which enter the kernel. This is only supported on Windows 8 and beyond. |
| 987 const char kEnableWin32kRendererLockDown[] | 988 const char kEnableWin32kRendererLockDown[] = |
| 988 = "enable_win32k_renderer_lockdown"; | 989 "enable-win32k-renderer-lockdown"; |
| 990 const char kDisableWin32kRendererLockDown[] = | |
| 991 "disable-win32k-renderer-lockdown"; | |
| 989 | 992 |
| 990 // DirectWrite FontCache is shared by browser to renderers using shared memory. | 993 // DirectWrite FontCache is shared by browser to renderers using shared memory. |
| 991 // This switch allows specifying suffix to shared memory section name to avoid | 994 // This switch allows specifying suffix to shared memory section name to avoid |
| 992 // clashes between different instances of Chrome. | 995 // clashes between different instances of Chrome. |
| 993 const char kFontCacheSharedMemSuffix[] = "font-cache-shared-mem-suffix"; | 996 const char kFontCacheSharedMemSuffix[] = "font-cache-shared-mem-suffix"; |
| 994 #endif | 997 #endif |
| 995 | 998 |
| 996 #if defined(ENABLE_PLUGINS) | 999 #if defined(ENABLE_PLUGINS) |
| 997 // Enables the plugin power saver feature. | 1000 // Enables the plugin power saver feature. |
| 998 const char kEnablePluginPowerSaver[] = "enable-plugin-power-saver"; | 1001 const char kEnablePluginPowerSaver[] = "enable-plugin-power-saver"; |
| 999 #endif | 1002 #endif |
| 1000 | 1003 |
| 1004 #if defined(OS_WIN) | |
| 1005 bool Win32kRendererLockdownEnabled() { | |
| 1006 const std::string group_name = | |
| 1007 base::FieldTrialList::FindFullName("Win32kLockdown"); | |
| 1008 if (CommandLine::ForCurrentProcess()->HasSwitch( | |
|
Alexei Svitkine (slow)
2014/12/10 22:42:28
Nit: Maybe put CommandLine::ForCurrentProcess() in
Will Harris
2014/12/11 18:35:58
Done.
| |
| 1009 kEnableWin32kRendererLockDown)) | |
| 1010 return true; | |
| 1011 | |
| 1012 if (CommandLine::ForCurrentProcess()->HasSwitch( | |
| 1013 kDisableWin32kRendererLockDown)) | |
| 1014 return false; | |
| 1015 | |
| 1016 // Default. | |
| 1017 return group_name == "Enabled"; | |
| 1018 } | |
| 1019 #endif | |
| 1020 | |
| 1001 // Don't dump stuff here, follow the same order as the header. | 1021 // Don't dump stuff here, follow the same order as the header. |
| 1002 | 1022 |
| 1003 } // namespace switches | 1023 } // namespace switches |
| OLD | NEW |
