diff options
| author | gregoryd@google.com <gregoryd@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-07 22:02:13 +0000 |
|---|---|---|
| committer | gregoryd@google.com <gregoryd@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-07 22:02:13 +0000 |
| commit | 13869c3163a6ad68cfd00be2b04a5e39b38a0f1c (patch) | |
| tree | 386213e98eec0edfe42b615c0e7699b17bbdd6bd | |
| parent | fdc6bf56a8fcd45d7fea9f7fb6aa3a1b4239de61 (diff) | |
| download | chromium_src-13869c3163a6ad68cfd00be2b04a5e39b38a0f1c.zip chromium_src-13869c3163a6ad68cfd00be2b04a5e39b38a0f1c.tar.gz chromium_src-13869c3163a6ad68cfd00be2b04a5e39b38a0f1c.tar.bz2 | |
Allow creation of chrome.nacl.* pipes on all Windows systems.
It used to work without changing the policy on older 32-bit systems (XP, Vista) but was blocked on Windows 7, so we need to add it to the policy.
Review URL: http://codereview.chromium.org/2472005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49098 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/common/sandbox_policy.cc | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/chrome/common/sandbox_policy.cc b/chrome/common/sandbox_policy.cc index 66a9161..6a4a98f 100644 --- a/chrome/common/sandbox_policy.cc +++ b/chrome/common/sandbox_policy.cc @@ -176,20 +176,6 @@ void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { } } -bool Is64BitWindows() -{ -#if defined(_WIN64) - return true; // 64-bit programs run only on Win64 -#elif defined(_WIN32) - // 32-bit programs run on both 32-bit and 64-bit Windows - // so must sniff. - BOOL f64 = FALSE; - return IsWow64Process(GetCurrentProcess(), &f64) && f64; -#else - return false; // no other code can run on 64-bit Windows -#endif -} - // Adds the generic policy rules to a sandbox TargetPolicy. bool AddGenericPolicy(sandbox::TargetPolicy* policy) { sandbox::ResultCode result; @@ -201,13 +187,11 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) { if (result != sandbox::SBOX_ALL_OK) return false; - if (Is64BitWindows()) { - result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, - sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, - L"\\\\.\\pipe\\chrome.nacl.*"); - if (result != sandbox::SBOX_ALL_OK) - return false; - } + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, + sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, + L"\\\\.\\pipe\\chrome.nacl.*"); + if (result != sandbox::SBOX_ALL_OK) + return false; // Add the policy for debug message only in debug #ifndef NDEBUG @@ -455,8 +439,6 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line, sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); bool on_sandbox_desktop = false; - // TODO(gregoryd): try locked-down policy for sel_ldr after we fix IMC. - // TODO(gregoryd): do we need a new desktop for sel_ldr? if (type == ChildProcessInfo::PLUGIN_PROCESS) { if (!AddPolicyForPlugin(cmd_line, policy)) return 0; |