diff options
| author | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-30 20:40:45 +0000 |
|---|---|---|
| committer | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-30 20:40:45 +0000 |
| commit | e29b96a75e3d7209226f77c47310a7773c31a116 (patch) | |
| tree | 1c96c3ab2a2c0bdb1d9b97bdceb154de12d40d6a /chrome/plugin | |
| parent | c45a61ca508f3beba4a9f23dd6468b6f488820d7 (diff) | |
| download | chromium_src-e29b96a75e3d7209226f77c47310a7773c31a116.zip chromium_src-e29b96a75e3d7209226f77c47310a7773c31a116.tar.gz chromium_src-e29b96a75e3d7209226f77c47310a7773c31a116.tar.bz2 | |
Sandboxing built-in flash
This is the last change needed to have an experimental sandboxed flash for windows
- Adds an export so flash can lower the token
- Thightents the policy a bit
- Sets a separate flash data directory.
BUG=50796
TES=see bug
Review URL: http://codereview.chromium.org/3245006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57899 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/plugin')
| -rw-r--r-- | chrome/plugin/plugin_main.cc | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/chrome/plugin/plugin_main.cc b/chrome/plugin/plugin_main.cc index 8313b68..3267fa0 100644 --- a/chrome/plugin/plugin_main.cc +++ b/chrome/plugin/plugin_main.cc @@ -47,6 +47,27 @@ void InitializeChromeApplication(); void WorkaroundFlashLAHF(); #endif +#if defined(OS_WIN) +// This function is provided so that the built-in flash can lock down the +// sandbox by calling DelayedLowerToken(0). +extern "C" DWORD __declspec(dllexport) __stdcall DelayedLowerToken(void* ts) { + // s_ts is only set the first time the function is called, which happens + // in PluginMain. + static sandbox::TargetServices* s_ts = + reinterpret_cast<sandbox::TargetServices*>(ts); + if (ts) + return 0; + s_ts->LowerToken(); + return 1; +}; + +// Returns true if the plugin to be loaded is the internal flash. +bool IsPluginBuiltInFlash(const CommandLine& cmd_line) { + FilePath path = cmd_line.GetSwitchValuePath(switches::kPluginPath); + return (path.BaseName() == FilePath(L"gcswf32.dll")); +} +#endif + // main() routine for running as the plugin process. int PluginMain(const MainFunctionParams& parameters) { #if defined(USE_LINUX_BREAKPAD) @@ -108,9 +129,17 @@ int PluginMain(const MainFunctionParams& parameters) { ChildProcess plugin_process; plugin_process.set_main_thread(new PluginThread()); #if defined(OS_WIN) - if (!no_sandbox && target_services) - target_services->LowerToken(); - + if (!no_sandbox && target_services) { + // We are sandboxing the plugin. If it is a generic plug-in, we lock down + // the sandbox right away, but if it is the built-in flash we let flash + // start elevated and it will call DelayedLowerToken(0) when it's ready. + if (IsPluginBuiltInFlash(parsed_command_line)) { + DLOG(INFO) << "Sandboxing flash"; + DelayedLowerToken(target_services); + } else { + target_services->LowerToken(); + } + } if (sandbox_test_module) { RunRendererTests run_security_tests = reinterpret_cast<RunPluginTests>(GetProcAddress(sandbox_test_module, |