Chromium Code Reviews Chromium Code Reviews
Issue 868253011:
Make chrome.exe built with ASan/Win work with sandbox enabled (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 332 | 332 |
| 333 base::FilePath debug_message(long_path_buf); | 333 base::FilePath debug_message(long_path_buf); |
| 334 debug_message = debug_message.AppendASCII("debug_message.exe"); | 334 debug_message = debug_message.AppendASCII("debug_message.exe"); |
| 335 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, | 335 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, |
| 336 sandbox::TargetPolicy::PROCESS_MIN_EXEC, | 336 sandbox::TargetPolicy::PROCESS_MIN_EXEC, |
| 337 debug_message.value().c_str()); | 337 debug_message.value().c_str()); |
| 338 if (result != sandbox::SBOX_ALL_OK) | 338 if (result != sandbox::SBOX_ALL_OK) |
| 339 return false; | 339 return false; |
| 340 #endif // NDEBUG | 340 #endif // NDEBUG |
| 341 | 341 |
| 342 // Add the policy for read-only PDB file access for AddressSanitizer. | |
| 343 #if defined(ADDRESS_SANITIZER) | |
| 344 wchar_t main_module_path[MAX_PATH]; | |
|
cpu_(ooo_6.6-7.5)
2015/01/30 20:28:24
use base::FILE_EXE or base::FILE_MODULE
Timur Iskhodzhanov
2015/02/02 15:38:58
Done, thanks!
Also fixed a similar code in the ASa
| |
| 345 DWORD ret = ::GetModuleFileName(NULL, main_module_path, MAX_PATH); | |
| 346 if (0 == ret || ret >= MAX_PATH) | |
| 347 return false; | |
| 348 base::FilePath pdb_path = | |
| 349 base::FilePath(main_module_path).DirName().Append(L"*.pdb"); | |
| 350 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | |
| 351 sandbox::TargetPolicy::FILES_ALLOW_READONLY, | |
| 352 pdb_path.value().c_str()); | |
| 353 if (result != sandbox::SBOX_ALL_OK) | |
| 354 return false; | |
| 355 #endif | |
| 356 | |
| 342 AddGenericDllEvictionPolicy(policy); | 357 AddGenericDllEvictionPolicy(policy); |
| 343 return true; | 358 return true; |
| 344 } | 359 } |
| 345 | 360 |
| 346 bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) { | 361 bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) { |
| 347 sandbox::ResultCode result; | 362 sandbox::ResultCode result; |
| 348 // Renderers need to share events with plugins. | 363 // Renderers need to share events with plugins. |
| 349 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | 364 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
| 350 sandbox::TargetPolicy::HANDLES_DUP_ANY, | 365 sandbox::TargetPolicy::HANDLES_DUP_ANY, |
| 351 L"Event"); | 366 L"Event"); |
| (...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 764 } | 779 } |
| 765 | 780 |
| 766 return false; | 781 return false; |
| 767 } | 782 } |
| 768 | 783 |
| 769 bool BrokerAddTargetPeer(HANDLE peer_process) { | 784 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 770 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 785 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 771 } | 786 } |
| 772 | 787 |
| 773 } // namespace content | 788 } // namespace content |
| OLD | NEW |
