diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-01 22:46:43 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-01 22:46:43 +0000 |
| commit | 039894cd628c1d56a4227d74828ac462f57d8f21 (patch) | |
| tree | e43427b7a123646bb72e4dcd632f5304771fa6d6 | |
| parent | 445eef7dde2a5cc9dfa6c43dabe54128b6e3da16 (diff) | |
| download | chromium_src-039894cd628c1d56a4227d74828ac462f57d8f21.zip chromium_src-039894cd628c1d56a4227d74828ac462f57d8f21.tar.gz chromium_src-039894cd628c1d56a4227d74828ac462f57d8f21.tar.bz2 | |
Merge 121286 - Tighten Flash sandbox to USER_LIMITED
Review URL: https://chromiumcodereview.appspot.com/9372013
TBR=jschuh@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9564033
git-svn-id: svn://svn.chromium.org/chrome/branches/1025/src@124508 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/common/chrome_content_client.cc | 2 | ||||
| -rw-r--r-- | content/plugin/plugin_main.cc | 9 |
2 files changed, 10 insertions, 1 deletions
diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc index 0f89d4d..08d7b8d 100644 --- a/chrome/common/chrome_content_client.cc +++ b/chrome/common/chrome_content_client.cc @@ -399,7 +399,7 @@ bool ChromeContentClient::SandboxPlugin(CommandLine* command_line, if (LoadFlashBroker(plugin_path, command_line)) { policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, - sandbox::USER_INTERACTIVE); + sandbox::USER_LIMITED); // Allow the Flash plugin to forward some messages back to Chrome. if (base::win::GetVersion() == base::win::VERSION_VISTA) { // Per-window message filters required on Win7 or later must be added to: diff --git a/content/plugin/plugin_main.cc b/content/plugin/plugin_main.cc index 8e8b1ea..59f3a7b 100644 --- a/content/plugin/plugin_main.cc +++ b/content/plugin/plugin_main.cc @@ -7,6 +7,9 @@ #if defined(OS_WIN) #include <objbase.h> #include <windows.h> +// Some directx includes can trigger deprecation warnings. +#pragma warning(disable:4995) +#include <dshow.h> #endif #include "base/command_line.h" @@ -21,6 +24,7 @@ #include "content/public/common/main_function_params.h" #if defined(OS_WIN) +#include "base/win/scoped_comptr.h" #include "content/common/injection_test_dll.h" #include "sandbox/src/sandbox.h" #elif defined(OS_POSIX) && !defined(OS_MACOSX) @@ -134,6 +138,11 @@ int PluginMain(const content::MainFunctionParams& parameters) { DVLOG(1) << "Sandboxing flash"; if (!PreloadIMEForFlash()) DVLOG(1) << "IME preload failed"; + + // Warm up the device enumerator for webcam and microphone. + base::win::ScopedComPtr<ICreateDevEnum> device_enumerator; + device_enumerator.CreateInstance(CLSID_SystemDeviceEnum); + DelayedLowerToken(target_services); } else { target_services->LowerToken(); |