diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-17 17:11:04 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-17 17:11:04 +0000 |
| commit | 3cb88671f151e573d9a52d24f767040b9410d15b (patch) | |
| tree | fe0420a32adcbe39703de34117cb143998caee13 /content | |
| parent | aca33f4f73b5be0f1df7230946ab207376236785 (diff) | |
| download | chromium_src-3cb88671f151e573d9a52d24f767040b9410d15b.zip chromium_src-3cb88671f151e573d9a52d24f767040b9410d15b.tar.gz chromium_src-3cb88671f151e573d9a52d24f767040b9410d15b.tar.bz2 | |
Allow the MITIGATION_WIN32K_DISABLE process mitigation to be set in the renderer sandbox.
This is controllable by a command line switch "enable_gdi_user32_renderer_lockdown" at the moment.
Defaults to not being set.
BUG=365160
Review URL: https://codereview.chromium.org/282133007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@271235 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/common/sandbox_win.cc | 7 | ||||
| -rw-r--r-- | content/public/common/content_switches.cc | 6 | ||||
| -rw-r--r-- | content/public/common/content_switches.h | 3 |
3 files changed, 16 insertions, 0 deletions
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc index 7c3048a..463ce6c 100644 --- a/content/common/sandbox_win.cc +++ b/content/common/sandbox_win.cc @@ -602,6 +602,13 @@ base::ProcessHandle StartSandboxedProcess( sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_SEHOP; + if (base::win::GetVersion() >= base::win::VERSION_WIN8 && + type_str == switches::kRendererProcess && + browser_command_line.HasSwitch( + switches::kEnableWin32kRendererLockDown)) { + mitigations |= sandbox::MITIGATION_WIN32K_DISABLE; + } + if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) return 0; diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc index a847406..c4a8a37 100644 --- a/content/public/common/content_switches.cc +++ b/content/public/common/content_switches.cc @@ -430,6 +430,12 @@ const char kEnableDirectWrite[] = "enable-direct-write"; // Use high resolution timers for TimeTicks. const char kEnableHighResolutionTime[] = "enable-high-resolution-time"; + +// Enable the Win32K process mitigation policy for renderer processes which +// prevents them from invoking user32 and gdi32 system calls which enter +// the kernel. This is only supported on Windows 8 and beyond. +const char kEnableWin32kRendererLockDown[] + = "enable_win32k_renderer_lockdown"; #endif // Paint content on the compositor thread instead of the main thread. diff --git a/content/public/common/content_switches.h b/content/public/common/content_switches.h index 820ce973..9cb306c 100644 --- a/content/public/common/content_switches.h +++ b/content/public/common/content_switches.h @@ -126,6 +126,9 @@ CONTENT_EXPORT extern const char kEnableHighDpiCompositingForFixedPosition[]; #if defined(OS_WIN) CONTENT_EXPORT extern const char kDisableLegacyIntermediateWindow[]; CONTENT_EXPORT extern const char kEnableDirectWrite[]; +// This switch will be removed when we enable the win32K lockdown process +// mitigation. +CONTENT_EXPORT extern const char kEnableWin32kRendererLockDown[]; CONTENT_EXPORT extern const char kEnableHighResolutionTime[]; #endif CONTENT_EXPORT extern const char kEnableImplSidePainting[]; |