diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-28 18:07:44 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-28 18:07:44 +0000 |
| commit | 418c3cb40cbbf9d2e1336353f9ec5ce6f4cbb7a1 (patch) | |
| tree | c0bd6e7e59801b480856da505d0835417e1fe574 | |
| parent | 01cf589c36d50698579d255e09ae219d263263b4 (diff) | |
| download | chromium_src-418c3cb40cbbf9d2e1336353f9ec5ce6f4cbb7a1.zip chromium_src-418c3cb40cbbf9d2e1336353f9ec5ce6f4cbb7a1.tar.gz chromium_src-418c3cb40cbbf9d2e1336353f9ec5ce6f4cbb7a1.tar.bz2 | |
Turn on UIPI for the GPU sandbox.
GPU sandbox will start with UIPI by default. I had to move some switch values under ui/gfx/gl in order to avoid dependency hell.
BUG=90750
Review URL: http://codereview.chromium.org/7517012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94500 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/chrome_dll.gypi | 1 | ||||
| -rw-r--r-- | content/common/sandbox_policy.cc | 9 | ||||
| -rw-r--r-- | ui/gfx/gl/gl_implementation.cc | 6 | ||||
| -rw-r--r-- | ui/gfx/gl/gl_implementation.h | 7 | ||||
| -rw-r--r-- | ui/gfx/gl/gl_switches.cc | 9 | ||||
| -rw-r--r-- | ui/gfx/gl/gl_switches.h | 10 |
6 files changed, 28 insertions, 14 deletions
diff --git a/chrome/chrome_dll.gypi b/chrome/chrome_dll.gypi index 6ad675d..acf0cfd 100644 --- a/chrome/chrome_dll.gypi +++ b/chrome/chrome_dll.gypi @@ -694,6 +694,7 @@ '../content/common/sandbox_policy.cc', '../content/common/sandbox_init_wrapper_win.cc', '../content/common/url_constants.cc', + '../ui/gfx/gl/gl_switches.cc', ], 'msvs_settings': { 'VCLinkerTool': { diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc index 3776b0d..1863af5f 100644 --- a/content/common/sandbox_policy.cc +++ b/content/common/sandbox_policy.cc @@ -21,6 +21,7 @@ #include "content/common/child_process_info.h" #include "content/common/debug_flags.h" #include "sandbox/src/sandbox.h" +#include "ui/gfx/gl/gl_switches.h" static sandbox::BrokerServices* g_broker_services = NULL; @@ -279,13 +280,17 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) { // desktop. // TODO(cpu): Lock down the sandbox more if possible. // TODO(apatrick): Use D3D9Ex to render windowless. -bool AddPolicyForGPU(CommandLine*, sandbox::TargetPolicy* policy) { +bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) { policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); if (base::win::GetVersion() > base::win::VERSION_XP) { policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, sandbox::USER_LIMITED); - policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); + if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == + gfx::kGLImplementationDesktopName) + policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); + else + policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); } else { policy->SetTokenLevel(sandbox::USER_UNPROTECTED, sandbox::USER_LIMITED); diff --git a/ui/gfx/gl/gl_implementation.cc b/ui/gfx/gl/gl_implementation.cc index 1856b75..21788c0 100644 --- a/ui/gfx/gl/gl_implementation.cc +++ b/ui/gfx/gl/gl_implementation.cc @@ -10,15 +10,9 @@ #include "base/at_exit.h" #include "base/command_line.h" #include "base/logging.h" -#include "ui/gfx/gl/gl_switches.h" namespace gfx { -const char kGLImplementationDesktopName[] = "desktop"; -const char kGLImplementationOSMesaName[] = "osmesa"; -const char kGLImplementationEGLName[] = "egl"; -const char kGLImplementationMockName[] = "mock"; - namespace { const struct { diff --git a/ui/gfx/gl/gl_implementation.h b/ui/gfx/gl/gl_implementation.h index f357b31..c3e3ca4 100644 --- a/ui/gfx/gl/gl_implementation.h +++ b/ui/gfx/gl/gl_implementation.h @@ -10,6 +10,7 @@ #include "base/native_library.h" #include "build/build_config.h" +#include "ui/gfx/gl/gl_switches.h" namespace gfx { @@ -22,12 +23,6 @@ enum GLImplementation { kGLImplementationMockGL }; -// The GL implementation names that can be passed to --use-gl. -extern const char kGLImplementationDesktopName[]; -extern const char kGLImplementationOSMesaName[]; -extern const char kGLImplementationEGLName[]; -extern const char kGLImplementationMockName[]; - #if defined(OS_WIN) typedef void* (WINAPI *GLGetProcAddressProc)(const char* name); #else diff --git a/ui/gfx/gl/gl_switches.cc b/ui/gfx/gl/gl_switches.cc index 3fad5f3..b7aa18c 100644 --- a/ui/gfx/gl/gl_switches.cc +++ b/ui/gfx/gl/gl_switches.cc @@ -4,6 +4,15 @@ #include "ui/gfx/gl/gl_switches.h" +namespace gfx { + +const char kGLImplementationDesktopName[] = "desktop"; +const char kGLImplementationOSMesaName[] = "osmesa"; +const char kGLImplementationEGLName[] = "egl"; +const char kGLImplementationMockName[] = "mock"; + +} // namespace gfx + namespace switches { // Stop the GPU from synchronizing on the vsync before presenting. diff --git a/ui/gfx/gl/gl_switches.h b/ui/gfx/gl/gl_switches.h index 7cbf5ca..62f826e 100644 --- a/ui/gfx/gl/gl_switches.h +++ b/ui/gfx/gl/gl_switches.h @@ -8,6 +8,16 @@ #define UI_GFX_GL_GL_SWITCHES_H_ #pragma once +namespace gfx { + +// The GL implementation names that can be passed to --use-gl. +extern const char kGLImplementationDesktopName[]; +extern const char kGLImplementationOSMesaName[]; +extern const char kGLImplementationEGLName[]; +extern const char kGLImplementationMockName[]; + +} // namespace gfx + namespace switches { extern const char kDisableGpuVsync[]; |