diff options
| author | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-20 00:30:18 +0000 |
|---|---|---|
| committer | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-20 00:30:18 +0000 |
| commit | 34f4868ad60ff1f8aa0374aee947cec4960d4670 (patch) | |
| tree | 3ed90336e8c85d9548a2e479c47477192d54dd1b /chrome/browser/chrome_content_browser_client.cc | |
| parent | 13ee68abf3ddb40c7a9eaa54ef6afbc21cdc37ff (diff) | |
| download | chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.zip chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.tar.gz chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.tar.bz2 | |
Refactor sandbox_policy.cc so that it doesn't contain the sandbox policies for all processes. Instead have whoever creates a sandboxed process set this data. This allows us to clean a few NaCl related changes in content:
-remove NaCl sandbox rules from content
-remove the hack for ifdef'ing out the GPU policy since it didn't link for nacl64.exe
-remove the 1GB memory reservation for the NaCl loader process out of content
Other cleanup:
-renamed sandbox_policy.* to sandbox_win.* to match the other platform-specific sandbox files
-moved BrokerGetFileHandleForProcess to internal content files since it's not called from outside
-remove AddGpuDllEvictionPolicy since it was redundant (the one dll it removed was already listed in the generic list)
There's still more cleanup to be done in the sandbox code (i.e. remove chrome frame switch, nacl process type switch etc). I will do that in future changes.
BUG=191682
Review URL: https://codereview.chromium.org/12805004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@189175 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/chrome_content_browser_client.cc')
| -rw-r--r-- | chrome/browser/chrome_content_browser_client.cc | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc index 0b5e807..df48bbc 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc @@ -125,6 +125,7 @@ #if defined(OS_WIN) #include "chrome/browser/chrome_browser_main_win.h" +#include "sandbox/win/src/sandbox_policy.h" #elif defined(OS_MACOSX) #include "chrome/browser/chrome_browser_main_mac.h" #include "chrome/browser/spellchecker/spellcheck_message_filter_mac.h" @@ -2093,6 +2094,33 @@ void ChromeContentBrowserClient::GetAdditionalMappedFilesForChildProcess( const wchar_t* ChromeContentBrowserClient::GetResourceDllName() { return chrome::kBrowserResourcesDll; } + +void ChromeContentBrowserClient::PreSpawnRenderer( + sandbox::TargetPolicy* policy, + bool* success) { + // This code is duplicated in nacl_exe_win_64.cc. + // Allow the server side of a pipe restricted to the "chrome.nacl." + // namespace so that it cannot impersonate other system or other chrome + // service pipes. + sandbox::ResultCode result = policy->AddRule( + sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, + sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, + L"\\\\.\\pipe\\chrome.nacl.*"); + if (result != sandbox::SBOX_ALL_OK) { + *success = false; + return; + } + + // Renderers need to send named pipe handles and shared memory + // segment handles to NaCl loader processes. + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, + sandbox::TargetPolicy::HANDLES_DUP_ANY, + L"File"); + if (result != sandbox::SBOX_ALL_OK) { + *success = false; + return; + } +} #endif #if defined(USE_NSS) |