diff options
| author | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-20 00:30:18 +0000 |
|---|---|---|
| committer | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-20 00:30:18 +0000 |
| commit | 34f4868ad60ff1f8aa0374aee947cec4960d4670 (patch) | |
| tree | 3ed90336e8c85d9548a2e479c47477192d54dd1b /content/browser/ppapi_plugin_process_host.cc | |
| parent | 13ee68abf3ddb40c7a9eaa54ef6afbc21cdc37ff (diff) | |
| download | chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.zip chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.tar.gz chromium_src-34f4868ad60ff1f8aa0374aee947cec4960d4670.tar.bz2 | |
Refactor sandbox_policy.cc so that it doesn't contain the sandbox policies for all processes. Instead have whoever creates a sandboxed process set this data. This allows us to clean a few NaCl related changes in content:
-remove NaCl sandbox rules from content
-remove the hack for ifdef'ing out the GPU policy since it didn't link for nacl64.exe
-remove the 1GB memory reservation for the NaCl loader process out of content
Other cleanup:
-renamed sandbox_policy.* to sandbox_win.* to match the other platform-specific sandbox files
-moved BrokerGetFileHandleForProcess to internal content files since it's not called from outside
-remove AddGpuDllEvictionPolicy since it was redundant (the one dll it removed was already listed in the generic list)
There's still more cleanup to be done in the sandbox code (i.e. remove chrome frame switch, nacl process type switch etc). I will do that in future changes.
BUG=191682
Review URL: https://codereview.chromium.org/12805004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@189175 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/ppapi_plugin_process_host.cc')
| -rw-r--r-- | content/browser/ppapi_plugin_process_host.cc | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc index a4dd416..236477a 100644 --- a/content/browser/ppapi_plugin_process_host.cc +++ b/content/browser/ppapi_plugin_process_host.cc @@ -26,8 +26,35 @@ #include "ui/base/ui_base_switches.h" #include "webkit/plugins/plugin_switches.h" +#if defined(OS_WIN) +#include "content/common/sandbox_win.h" +#include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "sandbox/win/src/sandbox_policy.h" +#endif + namespace content { +#if defined(OS_WIN) +// NOTE: changes to this class need to be reviewed by the security team. +class PpapiPluginSandboxedProcessLauncherDelegate + : public content::SandboxedProcessLauncherDelegate { + public: + PpapiPluginSandboxedProcessLauncherDelegate() {} + virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} + + virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, + bool* success) { + // The Pepper process as locked-down as a renderer execpt that it can + // create the server side of chrome pipes. + sandbox::ResultCode result; + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, + sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, + L"\\\\.\\pipe\\chrome.*"); + *success = (result == sandbox::SBOX_ALL_OK); + } +}; +#endif // OS_WIN + class PpapiPluginProcessHost::PluginNetworkObserver : public net::NetworkChangeNotifier::IPAddressObserver, public net::NetworkChangeNotifier::ConnectionTypeObserver { @@ -284,7 +311,7 @@ bool PpapiPluginProcessHost::Init(const PepperPluginInfo& info) { #endif // OS_POSIX process_->Launch( #if defined(OS_WIN) - base::FilePath(), + is_broker_ ? NULL : new PpapiPluginSandboxedProcessLauncherDelegate, #elif defined(OS_POSIX) use_zygote, base::EnvironmentVector(), |