Make sure only the main browser process and service processes are allowed to create the profile directory.

This patch lets Chrome start with profile located on a network share on
Windows Vista and newer.

BUG=120388
TEST=Start Chrome with --user-data-dir pointing to a network share location and try to navigate to a web page. This should not lead to a hang of the renderer. NaCl and NPAPI plugins should run fine too.

Review URL: https://chromiumcodereview.appspot.com/10390003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136020 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 46 insertions, 3 deletions

diff --git a/chrome/app/chrome_main_delegate.cc b/chrome/app/chrome_main_delegate.cc
index f1d4fde..063c156 100644
--- a/chrome/app/chrome_main_delegate.cc
+++ b/chrome/app/chrome_main_delegate.cc
@@ -567,8 +567,12 @@ void ChromeMainDelegate::PreSandboxStartup() {
 #if defined(OS_MACOSX) || defined(OS_WIN)
   CheckUserDataDirPolicy(&user_data_dir);
 #endif
-  if (!user_data_dir.empty())
-    CHECK(PathService::Override(chrome::DIR_USER_DATA, user_data_dir));
+  if (!user_data_dir.empty()) {
+    CHECK(PathService::OverrideAndCreateIfNeeded(
+        chrome::DIR_USER_DATA,
+        user_data_dir,
+        chrome::ProcessNeedsProfileDir(process_type)));
+  }
 
   startup_timer_.reset(new base::StatsScope<base::StatsCounterTimer>
                        (content::Counters::chrome_main()));
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp
index 521dbbd..52cd0bb 100644
--- a/chrome/chrome.gyp
+++ b/chrome/chrome.gyp
@@ -1057,6 +1057,10 @@
             'tools/crash_service/crash_service.cc',
             'tools/crash_service/crash_service.h',
             'tools/crash_service/main.cc',
+            '../content/public/common/content_switches.cc',
+          ],
+          'defines': [
+            'COMPILE_CONTENT_STATICALLY',
           ],
           'msvs_settings': {
             'VCLinkerTool': {
diff --git a/chrome/common/chrome_paths_internal.h b/chrome/common/chrome_paths_internal.h
index d4a1151..0e60ce1 100644
--- a/chrome/common/chrome_paths_internal.h
+++ b/chrome/common/chrome_paths_internal.h
@@ -6,6 +6,8 @@
 #define CHROME_COMMON_CHROME_PATHS_INTERNAL_H_
 #pragma once
 
+#include <string>
+
 #include "build/build_config.h"
 
 #if defined(OS_MACOSX)
@@ -85,6 +87,9 @@ NSBundle* OuterAppBundle();
 
 #endif  // OS_MACOSX
 
+// Checks if the |process_type| has the rights to access the profile.
+bool ProcessNeedsProfileDir(const std::string& process_type);
+
 }  // namespace chrome
 
 #endif  // CHROME_COMMON_CHROME_PATHS_INTERNAL_H_
diff --git a/chrome/common/chrome_paths_linux.cc b/chrome/common/chrome_paths_linux.cc
index acfebc1..b8987cf 100644
--- a/chrome/common/chrome_paths_linux.cc
+++ b/chrome/common/chrome_paths_linux.cc
@@ -103,4 +103,11 @@ bool GetUserDesktop(FilePath* result) {
   return true;
 }
 
+bool ProcessNeedsProfileDir(const std::string& process_type) {
+  // For now we have no reason to forbid this on Linux as we don't
+  // have the roaming profile troubles there. Moreover the Linux breakpad needs
+  // profile dir access in all process if enabled on Linux.
+  return true;
+}
+
 }  // namespace chrome
diff --git a/chrome/common/chrome_paths_mac.mm b/chrome/common/chrome_paths_mac.mm
index f3783e0..284b3dd 100644
--- a/chrome/common/chrome_paths_mac.mm
+++ b/chrome/common/chrome_paths_mac.mm
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -199,4 +199,10 @@ NSBundle* OuterAppBundle() {
   return bundle;
 }
 
+bool ProcessNeedsProfileDir(const std::string& process_type) {
+  // For now we have no reason to forbid this on other MacOS as we don't
+  // have the roaming profile troubles there.
+  return true;
+}
+
 }  // namespace chrome
diff --git a/chrome/common/chrome_paths_win.cc b/chrome/common/chrome_paths_win.cc
index 5eefb78..6f5f9fd 100644
--- a/chrome/common/chrome_paths_win.cc
+++ b/chrome/common/chrome_paths_win.cc
@@ -16,6 +16,7 @@
 #include "base/win/scoped_co_mem.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/installer/util/browser_distribution.h"
+#include "content/public/common/content_switches.h"
 
 namespace chrome {
 
@@ -97,4 +98,19 @@ bool GetUserDesktop(FilePath* result) {
   return true;
 }
 
+bool ProcessNeedsProfileDir(const std::string& process_type) {
+  // On windows we don't want subprocesses other than the browser process and
+  // service processes to be able to use the profile directory because if it
+  // lies on a network share the sandbox will prevent us from accessing it.
+  // TODO(pastarmovj): For now gpu and plugin broker processes are whitelisted
+  // too because they do use the profile dir in some way but this must be
+  // investigated and fixed if possible.
+  return process_type.empty() ||
+         process_type == switches::kServiceProcess ||
+         process_type == switches::kGpuProcess ||
+         process_type == switches::kNaClBrokerProcess ||
+         process_type == switches::kNaClLoaderProcess ||
+         process_type == switches::kPpapiBrokerProcess;
+}
+
 }  // namespace chrome
diff --git a/chrome/common_constants.gypi b/chrome/common_constants.gypi
index 48ff259a..4762e1e 100644
--- a/chrome/common_constants.gypi
+++ b/chrome/common_constants.gypi
@@ -86,6 +86,7 @@
           ],
           'defines': [
             '<@(nacl_win64_defines)',
+            'COMPILE_CONTENT_STATICALLY',
           ],
           'configurations': {
             'Common_Base': {