Move sandbox_policy to content.
BUG=76697 Review URL: http://codereview.chromium.org/7084010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87183 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
jam@chromium.org
@ -169,11 +169,11 @@
|
||||
#include "chrome/browser/net/url_fixer_upper.h"
|
||||
#include "chrome/browser/rlz/rlz.h"
|
||||
#include "chrome/browser/ui/views/user_data_dir_dialog.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "chrome/installer/util/helper.h"
|
||||
#include "chrome/installer/util/install_util.h"
|
||||
#include "chrome/installer/util/shell_util.h"
|
||||
#include "content/browser/user_metrics.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#include "net/base/net_util.h"
|
||||
#include "net/base/sdch_manager.h"
|
||||
#include "printing/printed_document.h"
|
||||
|
||||
@ -5,9 +5,6 @@
|
||||
#include "chrome/browser/chrome_content_browser_client.h"
|
||||
|
||||
#include "base/command_line.h"
|
||||
#include "base/path_service.h"
|
||||
#include "base/string_number_conversions.h"
|
||||
#include "base/win/windows_version.h"
|
||||
#include "chrome/app/breakpad_mac.h"
|
||||
#include "chrome/browser/browser_process.h"
|
||||
#include "chrome/browser/character_encoding.h"
|
||||
@ -31,7 +28,6 @@
|
||||
#include "chrome/browser/spellcheck_message_filter.h"
|
||||
#include "chrome/browser/ui/webui/chrome_web_ui_factory.h"
|
||||
#include "chrome/common/child_process_logging.h"
|
||||
#include "chrome/common/chrome_paths.h"
|
||||
#include "chrome/common/chrome_switches.h"
|
||||
#include "chrome/common/extensions/extension_messages.h"
|
||||
#include "chrome/common/pref_names.h"
|
||||
@ -55,11 +51,6 @@
|
||||
#include "chrome/browser/crash_handler_host_linux.h"
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "sandbox/src/sandbox.h"
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
|
||||
void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) {
|
||||
@ -118,62 +109,6 @@ void InitRenderViewHostForExtensions(RenderViewHost* render_view_host) {
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(OS_WIN)
|
||||
// Launches the privileged flash broker, used when flash is sandboxed.
|
||||
// The broker is the same flash dll, except that it uses a different
|
||||
// entrypoint (BrokerMain) and it is hosted in windows' generic surrogate
|
||||
// process rundll32. After launching the broker we need to pass to
|
||||
// the flash plugin the process id of the broker via the command line
|
||||
// using --flash-broker=pid.
|
||||
// More info about rundll32 at http://support.microsoft.com/kb/164787.
|
||||
bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
|
||||
FilePath rundll;
|
||||
if (!PathService::Get(base::DIR_SYSTEM, &rundll))
|
||||
return false;
|
||||
rundll = rundll.AppendASCII("rundll32.exe");
|
||||
// Rundll32 cannot handle paths with spaces, so we use the short path.
|
||||
wchar_t short_path[MAX_PATH];
|
||||
if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
|
||||
short_path, arraysize(short_path)))
|
||||
return false;
|
||||
// Here is the kicker, if the user has disabled 8.3 (short path) support
|
||||
// on the volume GetShortPathNameW does not fail but simply returns the
|
||||
// input path. In this case if the path had any spaces then rundll32 will
|
||||
// incorrectly interpret its parameters. So we quote the path, even though
|
||||
// the kb/164787 says you should not.
|
||||
std::wstring cmd_final =
|
||||
base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome",
|
||||
rundll.value().c_str(),
|
||||
short_path);
|
||||
base::ProcessHandle process;
|
||||
if (!base::LaunchApp(cmd_final, false, true, &process))
|
||||
return false;
|
||||
|
||||
cmd_line->AppendSwitchASCII("flash-broker",
|
||||
base::Int64ToString(::GetProcessId(process)));
|
||||
|
||||
// The flash broker, unders some circumstances can linger beyond the lifetime
|
||||
// of the flash player, so we put it in a job object, when the browser
|
||||
// terminates the job object is destroyed (by the OS) and the flash broker
|
||||
// is terminated.
|
||||
HANDLE job = ::CreateJobObjectW(NULL, NULL);
|
||||
JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_limits = {0};
|
||||
job_limits.BasicLimitInformation.LimitFlags =
|
||||
JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;
|
||||
if (::SetInformationJobObject(job, JobObjectExtendedLimitInformation,
|
||||
&job_limits, sizeof(job_limits))) {
|
||||
::AssignProcessToJobObject(job, process);
|
||||
// Yes, we are leaking the object here. Read comment above.
|
||||
} else {
|
||||
::CloseHandle(job);
|
||||
return false;
|
||||
}
|
||||
|
||||
::CloseHandle(process);
|
||||
return true;
|
||||
}
|
||||
#endif // OS_WIN
|
||||
|
||||
}
|
||||
|
||||
namespace chrome {
|
||||
@ -388,52 +323,4 @@ int ChromeContentBrowserClient::GetCrashSignalFD(
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN)
|
||||
bool ChromeContentBrowserClient::SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy) {
|
||||
std::wstring plugin_dll = command_line->
|
||||
GetSwitchValueNative(switches::kPluginPath);
|
||||
|
||||
FilePath builtin_flash;
|
||||
if (!PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash))
|
||||
return false;
|
||||
|
||||
FilePath plugin_path(plugin_dll);
|
||||
if (plugin_path != builtin_flash)
|
||||
return false;
|
||||
|
||||
if (base::win::GetVersion() <= base::win::VERSION_XP ||
|
||||
CommandLine::ForCurrentProcess()->HasSwitch(
|
||||
switches::kDisableFlashSandbox)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Add the policy for the pipes.
|
||||
sandbox::ResultCode result = sandbox::SBOX_ALL_OK;
|
||||
result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
|
||||
sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
||||
L"\\\\.\\pipe\\chrome.*");
|
||||
if (result != sandbox::SBOX_ALL_OK) {
|
||||
NOTREACHED();
|
||||
return false;
|
||||
}
|
||||
|
||||
// Spawn the flash broker and apply sandbox policy.
|
||||
if (LoadFlashBroker(plugin_path, command_line)) {
|
||||
policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
||||
policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
|
||||
sandbox::USER_INTERACTIVE);
|
||||
policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
|
||||
} else {
|
||||
// Could not start the broker, use a very weak policy instead.
|
||||
DLOG(WARNING) << "Failed to start flash broker";
|
||||
policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
||||
policy->SetTokenLevel(
|
||||
sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
#endif
|
||||
|
||||
} // namespace chrome
|
||||
|
||||
@ -44,11 +44,6 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
|
||||
// Can return an optional fd for crash handling, otherwise returns -1.
|
||||
virtual int GetCrashSignalFD(const std::string& process_type);
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN)
|
||||
virtual bool SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy);
|
||||
#endif
|
||||
};
|
||||
|
||||
} // namespace chrome
|
||||
|
||||
@ -69,8 +69,6 @@
|
||||
'common/profiling.h',
|
||||
'common/ref_counted_util.h',
|
||||
'common/safe_browsing/safebrowsing_messages.h',
|
||||
'common/sandbox_policy.cc',
|
||||
'common/sandbox_policy.h',
|
||||
'common/switch_utils.cc',
|
||||
'common/switch_utils.h',
|
||||
'common/time_format.cc',
|
||||
@ -330,11 +328,6 @@
|
||||
'../third_party/GTM',
|
||||
],
|
||||
}],
|
||||
['OS!="win"', {
|
||||
'sources!': [
|
||||
'common/sandbox_policy.cc',
|
||||
],
|
||||
}],
|
||||
['remoting==1', {
|
||||
'dependencies': [
|
||||
'../remoting/remoting.gyp:remoting_client_plugin',
|
||||
|
||||
@ -631,6 +631,7 @@
|
||||
'../content/common/notification_details.cc',
|
||||
'../content/common/notification_service.cc',
|
||||
'../content/common/notification_source.cc',
|
||||
'../content/common/sandbox_policy.cc',
|
||||
'../content/common/sandbox_init_wrapper_win.cc',
|
||||
'../content/common/url_constants.cc',
|
||||
],
|
||||
|
||||
@ -7,8 +7,11 @@
|
||||
#include "base/command_line.h"
|
||||
#include "base/file_util.h"
|
||||
#include "base/path_service.h"
|
||||
#include "base/process_util.h"
|
||||
#include "base/string_number_conversions.h"
|
||||
#include "base/string_split.h"
|
||||
#include "base/string_util.h"
|
||||
#include "base/win/windows_version.h"
|
||||
#include "chrome/common/child_process_logging.h"
|
||||
#include "chrome/common/chrome_paths.h"
|
||||
#include "chrome/common/chrome_switches.h"
|
||||
@ -16,6 +19,11 @@
|
||||
#include "content/common/pepper_plugin_registry.h"
|
||||
#include "remoting/client/plugin/pepper_entrypoints.h"
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#include "sandbox/src/sandbox.h"
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
|
||||
const char* kPDFPluginName = "Chrome PDF Viewer";
|
||||
@ -178,6 +186,62 @@ void AddOutOfProcessFlash(std::vector<PepperPluginInfo>* plugins) {
|
||||
|
||||
#endif // !defined(NACL_WIN64)
|
||||
|
||||
#if defined(OS_WIN)
|
||||
// Launches the privileged flash broker, used when flash is sandboxed.
|
||||
// The broker is the same flash dll, except that it uses a different
|
||||
// entrypoint (BrokerMain) and it is hosted in windows' generic surrogate
|
||||
// process rundll32. After launching the broker we need to pass to
|
||||
// the flash plugin the process id of the broker via the command line
|
||||
// using --flash-broker=pid.
|
||||
// More info about rundll32 at http://support.microsoft.com/kb/164787.
|
||||
bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
|
||||
FilePath rundll;
|
||||
if (!PathService::Get(base::DIR_SYSTEM, &rundll))
|
||||
return false;
|
||||
rundll = rundll.AppendASCII("rundll32.exe");
|
||||
// Rundll32 cannot handle paths with spaces, so we use the short path.
|
||||
wchar_t short_path[MAX_PATH];
|
||||
if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
|
||||
short_path, arraysize(short_path)))
|
||||
return false;
|
||||
// Here is the kicker, if the user has disabled 8.3 (short path) support
|
||||
// on the volume GetShortPathNameW does not fail but simply returns the
|
||||
// input path. In this case if the path had any spaces then rundll32 will
|
||||
// incorrectly interpret its parameters. So we quote the path, even though
|
||||
// the kb/164787 says you should not.
|
||||
std::wstring cmd_final =
|
||||
base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome",
|
||||
rundll.value().c_str(),
|
||||
short_path);
|
||||
base::ProcessHandle process;
|
||||
if (!base::LaunchApp(cmd_final, false, true, &process))
|
||||
return false;
|
||||
|
||||
cmd_line->AppendSwitchASCII("flash-broker",
|
||||
base::Int64ToString(::GetProcessId(process)));
|
||||
|
||||
// The flash broker, unders some circumstances can linger beyond the lifetime
|
||||
// of the flash player, so we put it in a job object, when the browser
|
||||
// terminates the job object is destroyed (by the OS) and the flash broker
|
||||
// is terminated.
|
||||
HANDLE job = ::CreateJobObjectW(NULL, NULL);
|
||||
JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_limits = {0};
|
||||
job_limits.BasicLimitInformation.LimitFlags =
|
||||
JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;
|
||||
if (::SetInformationJobObject(job, JobObjectExtendedLimitInformation,
|
||||
&job_limits, sizeof(job_limits))) {
|
||||
::AssignProcessToJobObject(job, process);
|
||||
// Yes, we are leaking the object here. Read comment above.
|
||||
} else {
|
||||
::CloseHandle(job);
|
||||
return false;
|
||||
}
|
||||
|
||||
::CloseHandle(process);
|
||||
return true;
|
||||
}
|
||||
#endif // OS_WIN
|
||||
|
||||
} // namespace
|
||||
|
||||
namespace chrome {
|
||||
@ -227,4 +291,52 @@ bool ChromeContentClient::CanHandleWhileSwappedOut(
|
||||
return false;
|
||||
}
|
||||
|
||||
#if defined(OS_WIN)
|
||||
bool ChromeContentClient::SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy) {
|
||||
std::wstring plugin_dll = command_line->
|
||||
GetSwitchValueNative(switches::kPluginPath);
|
||||
|
||||
FilePath builtin_flash;
|
||||
if (!PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash))
|
||||
return false;
|
||||
|
||||
FilePath plugin_path(plugin_dll);
|
||||
if (plugin_path != builtin_flash)
|
||||
return false;
|
||||
|
||||
if (base::win::GetVersion() <= base::win::VERSION_XP ||
|
||||
CommandLine::ForCurrentProcess()->HasSwitch(
|
||||
switches::kDisableFlashSandbox)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Add the policy for the pipes.
|
||||
sandbox::ResultCode result = sandbox::SBOX_ALL_OK;
|
||||
result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
|
||||
sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
||||
L"\\\\.\\pipe\\chrome.*");
|
||||
if (result != sandbox::SBOX_ALL_OK) {
|
||||
NOTREACHED();
|
||||
return false;
|
||||
}
|
||||
|
||||
// Spawn the flash broker and apply sandbox policy.
|
||||
if (LoadFlashBroker(plugin_path, command_line)) {
|
||||
policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
||||
policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
|
||||
sandbox::USER_INTERACTIVE);
|
||||
policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
|
||||
} else {
|
||||
// Could not start the broker, use a very weak policy instead.
|
||||
DLOG(WARNING) << "Failed to start flash broker";
|
||||
policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
||||
policy->SetTokenLevel(
|
||||
sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
#endif
|
||||
|
||||
} // namespace chrome
|
||||
|
||||
@ -20,6 +20,10 @@ class ChromeContentClient : public content::ContentClient {
|
||||
virtual void AddPepperPlugins(std::vector<PepperPluginInfo>* plugins);
|
||||
virtual bool CanSendWhileSwappedOut(const IPC::Message* msg);
|
||||
virtual bool CanHandleWhileSwappedOut(const IPC::Message& msg);
|
||||
#if defined(OS_WIN)
|
||||
virtual bool SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy);
|
||||
#endif
|
||||
};
|
||||
|
||||
} // namespace chrome
|
||||
|
||||
@ -11,8 +11,8 @@
|
||||
#include "chrome/common/chrome_switches.h"
|
||||
#include "chrome/common/nacl_cmd_line.h"
|
||||
#include "chrome/common/nacl_messages.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/child_process.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#include "ipc/ipc_switches.h"
|
||||
|
||||
NaClBrokerThread::NaClBrokerThread()
|
||||
|
||||
@ -15,13 +15,13 @@
|
||||
#include "chrome/common/chrome_constants.h"
|
||||
#include "chrome/common/chrome_switches.h"
|
||||
#include "chrome/common/logging_chrome.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "chrome/nacl/nacl_launcher_thread.h"
|
||||
#include "chrome/nacl/nacl_main_platform_delegate.h"
|
||||
#include "content/common/child_process.h"
|
||||
#include "content/common/hi_res_timer_manager.h"
|
||||
#include "content/common/main_function_params.h"
|
||||
#include "content/common/result_codes.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "chrome/nacl/broker_thread.h"
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "base/file_path.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#endif // defined(OS_WIN)
|
||||
|
||||
ServiceChildProcessHost::ServiceChildProcessHost(ProcessType type)
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
#include "content/common/main_function_params.h"
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#elif defined(OS_MACOSX)
|
||||
#include "content/common/chrome_application_mac.h"
|
||||
#endif // defined(OS_WIN)
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#if defined(OS_WIN)
|
||||
#include "base/base_switches.h"
|
||||
#include "chrome/common/chrome_constants.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#include "sandbox/src/dep.h"
|
||||
#include "sandbox/src/sandbox_factory.h"
|
||||
#include "sandbox/src/sandbox_types.h"
|
||||
|
||||
@ -82,8 +82,6 @@ include_rules = [
|
||||
|
||||
"+chrome/common/net/url_fetcher.h",
|
||||
|
||||
"+chrome/common/sandbox_policy.h",
|
||||
|
||||
# ONLY USED BY TESTS
|
||||
"+chrome/browser/net/url_request_failed_dns_job.h",
|
||||
"+chrome/browser/net/url_request_mock_http_job.h",
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
#if defined(OS_WIN)
|
||||
#include "base/file_path.h"
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
#elif defined(OS_LINUX)
|
||||
#include "base/memory/singleton.h"
|
||||
#include "content/browser/zygote_host_linux.h"
|
||||
|
||||
@ -86,11 +86,4 @@ int ContentBrowserClient::GetCrashSignalFD(const std::string& process_type) {
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN)
|
||||
bool ContentBrowserClient::SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy) {
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
} // namespace content
|
||||
|
||||
@ -24,10 +24,6 @@ class CookieList;
|
||||
class CookieOptions;
|
||||
}
|
||||
|
||||
namespace sandbox {
|
||||
class TargetPolicy;
|
||||
}
|
||||
|
||||
namespace content {
|
||||
|
||||
class ResourceContext;
|
||||
@ -109,12 +105,6 @@ class ContentBrowserClient {
|
||||
// Can return an optional fd for crash handling, otherwise returns -1.
|
||||
virtual int GetCrashSignalFD(const std::string& process_type);
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN)
|
||||
// Allows the embedder to sandbox a plugin, and apply a custom policy.
|
||||
virtual bool SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy);
|
||||
#endif
|
||||
};
|
||||
|
||||
} // namespace content
|
||||
|
||||
@ -31,4 +31,11 @@ bool ContentClient::CanHandleWhileSwappedOut(const IPC::Message& msg) {
|
||||
return false;
|
||||
}
|
||||
|
||||
#if defined(OS_WIN)
|
||||
bool ContentClient::SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy) {
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
} // namespace content
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
#include "base/basictypes.h"
|
||||
#include "build/build_config.h"
|
||||
|
||||
class CommandLine;
|
||||
class GURL;
|
||||
struct GPUInfo;
|
||||
struct PepperPluginInfo;
|
||||
@ -19,6 +20,10 @@ namespace IPC {
|
||||
class Message;
|
||||
}
|
||||
|
||||
namespace sandbox {
|
||||
class TargetPolicy;
|
||||
}
|
||||
|
||||
namespace content {
|
||||
|
||||
class ContentBrowserClient;
|
||||
@ -61,6 +66,12 @@ class ContentClient {
|
||||
// behalf of a swapped out renderer.
|
||||
virtual bool CanHandleWhileSwappedOut(const IPC::Message& msg);
|
||||
|
||||
#if defined(OS_WIN)
|
||||
// Allows the embedder to sandbox a plugin, and apply a custom policy.
|
||||
virtual bool SandboxPlugin(CommandLine* command_line,
|
||||
sandbox::TargetPolicy* policy);
|
||||
#endif
|
||||
|
||||
private:
|
||||
// The embedder API for participating in browser logic.
|
||||
ContentBrowserClient* browser_;
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "chrome/common/sandbox_policy.h"
|
||||
#include "content/common/sandbox_policy.h"
|
||||
|
||||
#include <string>
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
#include "base/stringprintf.h"
|
||||
#include "base/string_util.h"
|
||||
#include "base/win/windows_version.h"
|
||||
#include "content/browser/content_browser_client.h"
|
||||
#include "content/common/content_client.h"
|
||||
#include "content/common/content_switches.h"
|
||||
#include "content/common/child_process_info.h"
|
||||
#include "content/common/debug_flags.h"
|
||||
@ -394,7 +394,7 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
|
||||
|
||||
if (type == ChildProcessInfo::PLUGIN_PROCESS &&
|
||||
!browser_command_line.HasSwitch(switches::kNoSandbox) &&
|
||||
content::GetContentClient()->browser()->SandboxPlugin(cmd_line, policy)) {
|
||||
content::GetContentClient()->SandboxPlugin(cmd_line, policy)) {
|
||||
in_sandbox = true;
|
||||
AddDllEvictionPolicy(policy);
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#ifndef CHROME_COMMON_SANDBOX_POLICY_H_
|
||||
#define CHROME_COMMON_SANDBOX_POLICY_H_
|
||||
#ifndef CONTENT_COMMON_SANDBOX_POLICY_H_
|
||||
#define CONTENT_COMMON_SANDBOX_POLICY_H_
|
||||
#pragma once
|
||||
|
||||
#include "base/process.h"
|
||||
@ -24,4 +24,4 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
|
||||
|
||||
} // namespace sandbox
|
||||
|
||||
#endif // CHROME_COMMON_SANDBOX_POLICY_H_
|
||||
#endif // CONTENT_COMMON_SANDBOX_POLICY_H_
|
||||
@ -204,6 +204,8 @@
|
||||
'common/sandbox_mac.h',
|
||||
'common/sandbox_mac.mm',
|
||||
'common/sandbox_methods_linux.h',
|
||||
'common/sandbox_policy.cc',
|
||||
'common/sandbox_policy.h',
|
||||
'common/section_util_win.cc',
|
||||
'common/section_util_win.h',
|
||||
'common/security_style.h',
|
||||
@ -259,6 +261,11 @@
|
||||
'../third_party/angle/src/build_angle.gyp:libEGL',
|
||||
'../third_party/angle/src/build_angle.gyp:libGLESv2',
|
||||
],
|
||||
}, { # OS!="win"
|
||||
'sources!': [
|
||||
'common/sandbox_policy.cc',
|
||||
'common/sandbox_policy.h',
|
||||
],
|
||||
}],
|
||||
['OS=="mac"', {
|
||||
'sources!': [
|
||||
|
||||
Reference in New Issue
Block a user