0

Revert "Strengthen MITIGATION_DLL_SEARCH_ORDER on non-component builds."

This reverts commit 58443848de
(just the policy setting on browser process).

Reason for revert: breaks some third party CAPI providers.
BUG=880835

Original change's description:
> Strengthen MITIGATION_DLL_SEARCH_ORDER on non-component builds.
>
> Also, add this mitigation to the browser process.
>
> BUG=870463
>
> Change-Id: I1e749a4ede0b41cca69f60262fd878c57ed35564
> Reviewed-on: https://chromium-review.googlesource.com/1162581
> Reviewed-by: Penny MacNeil <pennymac@chromium.org>
> Commit-Queue: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#581067}

TBR=pennymac@chromium.org,wfh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: 870463
Change-Id: I2ae97b0955cc5d1196ab002e02285da05b3a4d35
Reviewed-on: https://chromium-review.googlesource.com/c/1292370
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#601318}
This commit is contained in:
Will Harris
2018-10-19 22:23:17 +00:00
committed by Commit Bot
parent 435295fad6
commit 432f4e5b65

@ -17,8 +17,7 @@ void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) {
// Ensure the proper mitigations are enforced for the browser process.
sandbox::ApplyProcessMitigationsToCurrentProcess(
sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY |
sandbox::MITIGATION_DLL_SEARCH_ORDER);
sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY);
// Note: these mitigations are "post-startup". Some mitigations that need
// to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done
// so in Chrome_ELF.