diff options
| author | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-02 22:59:55 +0000 |
|---|---|---|
| committer | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-02 22:59:55 +0000 |
| commit | edd2f227a16ca579fb34a8da3da0b8fad67b0a1b (patch) | |
| tree | d2b9ce25fe984a85edae6254ac97f016f2b95c19 | |
| parent | 0ee9da3a1737d047dfbbd33d5d1b1f7ef5d4097d (diff) | |
| download | chromium_src-edd2f227a16ca579fb34a8da3da0b8fad67b0a1b.zip chromium_src-edd2f227a16ca579fb34a8da3da0b8fad67b0a1b.tar.gz chromium_src-edd2f227a16ca579fb34a8da3da0b8fad67b0a1b.tar.bz2 | |
Start of a more restricitve sandbox policy for flash on windows
- This only works with --safe-plugins and the built-in-flash
- Removing all file IO
BUG=50796
TEST= use --safe-plugins and observe flash still works (for most sites)
Review URL: http://codereview.chromium.org/3043039
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54626 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/common/sandbox_policy.cc | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/chrome/common/sandbox_policy.cc b/chrome/common/sandbox_policy.cc index ef76fe6..bef0478 100644 --- a/chrome/common/sandbox_policy.cc +++ b/chrome/common/sandbox_policy.cc @@ -300,6 +300,42 @@ bool ApplyPolicyForUntrustedPlugin(sandbox::TargetPolicy* policy) { return true; } +// Creates a sandbox for the built-in flash plugin running in a restricted +// environment. This is a work in progress and for the time being do not +// pay attention to the duplication between this function and the above +// function. For more information see bug 50796. +bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) { + // TODO(cpu): Lock down the job level more. + policy->SetJobLevel(sandbox::JOB_INTERACTIVE, 0); + + sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; + if (win_util::GetWinVersion() > win_util::WINVERSION_XP) + initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; + policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED); + + policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); + + // TODO(cpu): Proxy registry access and remove this policies. + if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\ADOBE", + sandbox::TargetPolicy::REG_ALLOW_ANY, + policy)) + return false; + + if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\MACROMEDIA", + sandbox::TargetPolicy::REG_ALLOW_ANY, + policy)) + return false; + + if (win_util::GetWinVersion() >= win_util::WINVERSION_VISTA) { + if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\AppDataLow", + sandbox::TargetPolicy::REG_ALLOW_ANY, + policy)) + return false; + } + + return true; +} + // Adds the custom policy rules for a given plugin. |trusted_plugins| contains // the comma separate list of plugin dll names that should not be sandboxed. bool AddPolicyForPlugin(const CommandLine* cmd_line, @@ -318,6 +354,14 @@ bool AddPolicyForPlugin(const CommandLine* cmd_line, return false; } + // The built-in flash gets a custom, more restricted sandbox. + FilePath builtin_flash; + if (PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash)) { + FilePath plugin_path(plugin_dll); + if (plugin_path == builtin_flash) + return ApplyPolicyForBuiltInFlashPlugin(policy); + } + PluginPolicyCategory policy_category = GetPolicyCategoryForPlugin(plugin_dll, trusted_plugins); |