Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1115)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/common/content_switches.cc

Issue 792873004: Win32k lockdown: move to chrome://flags, add UMA, add finch (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add flags to LoginCustomFlags Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/public/common/content_switches.h ('K') | « content/public/common/content_switches.h ('k') | content/renderer/pepper/content_renderer_pepper_host_factory.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/common/content_switches.cc
diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
index 8e57a29a1420079fef74060612fea3023f6154c0..a22ec3e2ac2d6988c3134e46934a391173382dbd 100644
--- a/content/public/common/content_switches.cc
+++ b/content/public/common/content_switches.cc
@@ -5,6 +5,7 @@
#include "content/public/common/content_switches.h"
#include "base/command_line.h"
+#include "base/metrics/field_trial.h"
namespace switches {
@@ -981,11 +982,13 @@ const char kDeviceScaleFactor[] = "device-scale-factor";
// Disable the Legacy Window which corresponds to the size of the WebContents.
const char kDisableLegacyIntermediateWindow[] = "disable-legacy-window";
-// Enable the Win32K process mitigation policy for renderer processes which
-// prevents them from invoking user32 and gdi32 system calls which enter
-// the kernel. This is only supported on Windows 8 and beyond.
-const char kEnableWin32kRendererLockDown[]
- = "enable_win32k_renderer_lockdown";
+// Enables or disables the Win32K process mitigation policy for renderer
+// processes which prevents them from invoking user32 and gdi32 system calls
+// which enter the kernel. This is only supported on Windows 8 and beyond.
+const char kEnableWin32kRendererLockDown[] =
+ "enable-win32k-renderer-lockdown";
+const char kDisableWin32kRendererLockDown[] =
+ "disable-win32k-renderer-lockdown";
// DirectWrite FontCache is shared by browser to renderers using shared memory.
// This switch allows specifying suffix to shared memory section name to avoid
@@ -998,6 +1001,23 @@ const char kFontCacheSharedMemSuffix[] = "font-cache-shared-mem-suffix";
const char kEnablePluginPowerSaver[] = "enable-plugin-power-saver";
#endif
+#if defined(OS_WIN)
+bool Win32kRendererLockdownEnabled() {
+ const std::string group_name =
+ base::FieldTrialList::FindFullName("Win32kLockdown");
+ if (CommandLine::ForCurrentProcess()->HasSwitch(
Alexei Svitkine (slow) 2014/12/10 22:42:28 Nit: Maybe put CommandLine::ForCurrentProcess() in
Will Harris 2014/12/11 18:35:58 Done.
+ kEnableWin32kRendererLockDown))
+ return true;
+
+ if (CommandLine::ForCurrentProcess()->HasSwitch(
+ kDisableWin32kRendererLockDown))
+ return false;
+
+ // Default.
+ return group_name == "Enabled";
+}
+#endif
+
// Don't dump stuff here, follow the same order as the header.
} // namespace switches
« content/public/common/content_switches.h ('K') | « content/public/common/content_switches.h ('k') | content/renderer/pepper/content_renderer_pepper_host_factory.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698