Make pepper use the renderer sandbox setup path

This is specificaly to prevent crashing on Desktop's injected injected DLL. More generally, however, we want pepper to always apply the renderer's general sandbox restrictions. BUG=118225 Review URL: http://codereview.chromium.org/10012019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131244 0039d316-1c4b-4281-b951-d872f2087c98
author: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-07 02:59:26 +0000
committer: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-07 02:59:26 +0000
commit: b572ed45ad620f93f372b81019c3d5275f85b7a4 (patch)
tree: 45408d97d5724c91c971e89485d00e8399a0e56a /content/common/sandbox_policy.cc
parent: 244033ab81d89cf10987fdd966efbd6346ab28f2 (diff)
download: chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.zip
chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.tar.gz
chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.tar.bz2
1 files changed, 7 insertions, 8 deletions
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc
index c01c891..7f2d9ca 100644
--- a/content/common/sandbox_policy.cc
+++ b/content/common/sandbox_policy.cc
@@ -420,11 +420,7 @@ bool AddPolicyForPepperPlugin(sandbox::TargetPolicy* policy) {
   result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
                            sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
                            L"\\\\.\\pipe\\chrome.*");
-  if (result != sandbox::SBOX_ALL_OK) {
-    NOTREACHED();
-    return false;
-  }
-  return AddPolicyForRenderer(policy);
+  return result == sandbox::SBOX_ALL_OK;
 }
 
 }  // namespace
@@ -585,9 +581,6 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
   } else if (type == content::PROCESS_TYPE_GPU) {
     if (!AddPolicyForGPU(cmd_line, policy))
       return 0;
-  } else if (type == content::PROCESS_TYPE_PPAPI_PLUGIN) {
-    if (!AddPolicyForPepperPlugin(policy))
-      return 0;
   } else {
     if (!AddPolicyForRenderer(policy))
       return 0;
@@ -596,8 +589,14 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
     if (type == content::PROCESS_TYPE_RENDERER ||
         type == content::PROCESS_TYPE_WORKER) {
       AddBaseHandleClosePolicy(policy);
+
+    // Pepper uses the renderer's policy, whith some tweaks.
+    } else if (type == content::PROCESS_TYPE_PPAPI_PLUGIN) {
+      if (!AddPolicyForPepperPlugin(policy))
+        return 0;
     }
 
+
     if (type_str != switches::kRendererProcess) {
       // Hack for Google Desktop crash. Trick GD into not injecting its DLL into
       // this subprocess. See
author	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-07 02:59:26 +0000
committer	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-07 02:59:26 +0000
commit	b572ed45ad620f93f372b81019c3d5275f85b7a4 (patch)
tree	45408d97d5724c91c971e89485d00e8399a0e56a /content/common/sandbox_policy.cc
parent	244033ab81d89cf10987fdd966efbd6346ab28f2 (diff)
download	chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.zip chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.tar.gz chromium_src-b572ed45ad620f93f372b81019c3d5275f85b7a4.tar.bz2