Allow the MITIGATION_WIN32K_DISABLE process mitigation to be set in the renderer sandbox.

This is controllable by a command line switch "enable_gdi_user32_renderer_lockdown" at the moment.
Defaults to not being set.

BUG=365160

Review URL: https://codereview.chromium.org/282133007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@271235 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 1 insertions, 4 deletions

diff --git a/sandbox/win/src/process_mitigations.cc b/sandbox/win/src/process_mitigations.cc
index 0775b2d..5e242f3a 100644
--- a/sandbox/win/src/process_mitigations.cc
+++ b/sandbox/win/src/process_mitigations.cc
@@ -308,7 +308,6 @@ bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) {
                      MITIGATION_RELOCATE_IMAGE_REQUIRED |
                      MITIGATION_BOTTOM_UP_ASLR |
                      MITIGATION_STRICT_HANDLE_CHECKS |
-                     MITIGATION_WIN32K_DISABLE |
                      MITIGATION_EXTENSION_DLL_DISABLE |
                      MITIGATION_DLL_SEARCH_ORDER));
 }
@@ -316,7 +315,6 @@ bool CanSetProcessMitigationsPostStartup(MitigationFlags flags) {
 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) {
   // These mitigations cannot be enabled prior to startup.
   return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS |
-                    MITIGATION_WIN32K_DISABLE |
                     MITIGATION_DLL_SEARCH_ORDER));
 }
 
diff --git a/sandbox/win/src/process_mitigations_test.cc b/sandbox/win/src/process_mitigations_test.cc
index e6f3fc2..19e55ba 100644
--- a/sandbox/win/src/process_mitigations_test.cc
+++ b/sandbox/win/src/process_mitigations_test.cc
@@ -129,8 +129,7 @@ TEST(ProcessMitigationsTest, CheckWin8) {
 
   EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK);
 
-  mitigations |= MITIGATION_STRICT_HANDLE_CHECKS |
-                 MITIGATION_WIN32K_DISABLE;
+  mitigations |= MITIGATION_STRICT_HANDLE_CHECKS;
 
   EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK);