Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 857123002: Disable Win32k renderer lockdown if DirectWrite is disabled. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix cloudprint Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ui/startup/bad_flags_prompt.cc ('K') | « cloud_print/service/service.gyp ('k') | content/public/common/content_switches.h » ('j') | content/public/common/content_switches.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 602 matching lines...) Expand 10 before | Expand all | Expand 10 after
613 } 613 }
614 614
615 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); 615 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
616 616
617 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | 617 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE |
618 sandbox::MITIGATION_BOTTOM_UP_ASLR | 618 sandbox::MITIGATION_BOTTOM_UP_ASLR |
619 sandbox::MITIGATION_DEP | 619 sandbox::MITIGATION_DEP |
620 sandbox::MITIGATION_DEP_NO_ATL_THUNK | 620 sandbox::MITIGATION_DEP_NO_ATL_THUNK |
621 sandbox::MITIGATION_SEHOP; 621 sandbox::MITIGATION_SEHOP;
622 622
623 if (base::win::GetVersion() >= base::win::VERSION_WIN8 && 623 if (type_str == switches::kRendererProcess &&
624 type_str == switches::kRendererProcess && 624 switches::IsWin32kRendererLockdownEnabled(false)) {
625 switches::IsWin32kRendererLockdownEnabled()) {
626 if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN, 625 if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
627 sandbox::TargetPolicy::FAKE_USER_GDI_INIT, 626 sandbox::TargetPolicy::FAKE_USER_GDI_INIT,
628 NULL) != sandbox::SBOX_ALL_OK) { 627 NULL) != sandbox::SBOX_ALL_OK) {
629 return base::Process(); 628 return base::Process();
630 } 629 }
631 mitigations |= sandbox::MITIGATION_WIN32K_DISABLE; 630 mitigations |= sandbox::MITIGATION_WIN32K_DISABLE;
632 } 631 }
633 632
634 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) 633 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
635 return base::Process(); 634 return base::Process();
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
762 } 761 }
763 762
764 return false; 763 return false;
765 } 764 }
766 765
767 bool BrokerAddTargetPeer(HANDLE peer_process) { 766 bool BrokerAddTargetPeer(HANDLE peer_process) {
768 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 767 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
769 } 768 }
770 769
771 } // namespace content 770 } // namespace content
OLDNEW
« chrome/browser/ui/startup/bad_flags_prompt.cc ('K') | « cloud_print/service/service.gyp ('k') | content/public/common/content_switches.h » ('j') | content/public/common/content_switches.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698