diff options
20 files changed, 70 insertions, 8 deletions
diff --git a/chrome/app/policy/policy_templates.grd b/chrome/app/policy/policy_templates.grd index 39d0545..341c57d 100644 --- a/chrome/app/policy/policy_templates.grd +++ b/chrome/app/policy/policy_templates.grd @@ -726,6 +726,16 @@ templates and will be translated for each locale. --> <message name="IDS_POLICY_DEFAULTSEARCHPROVIDERENCODINGS_DESC" desc="Caption of the 'Encodings' text field in the 'Default Search Provider' policy settings page."> Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided. The default is UTF-8. </message> + <message name="IDS_POLICY_DISABLE3DAPIS_CAPTION" desc="Label of the Disable3DAPIs policy text field."> + Disable support for 3D graphics APIs + </message> + <message name="IDS_POLICY_DISABLE3DAPIS_DESC" desc="Caption of the Disable3DAPIs policy text field."> + Disable support for 3D graphics APIs. + + Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API. + + Disabling this setting potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs. + </message> <!-- Begin Chrome Frame messages --> <message name="IDS_POLICY_CHROMEFRAMERENDERERSETTINGS_CAPTION" desc="Caption of Chrome Frame renderer policy group"> diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json index 59a4e15..b11a61d 100644 --- a/chrome/app/policy/policy_templates.json +++ b/chrome/app/policy/policy_templates.json @@ -506,6 +506,16 @@ ] }, { + 'name': 'Disable3DAPIs', + 'type': 'main', + 'supported_on': ['chrome.*:9-'], + 'annotations': { + # It'll be difficult to support dynamically disabling access to these APIs. + 'features': {'dynamic_refresh': 0}, + 'example_value': False, + } + }, + { 'name': 'ContentSettings', 'type': 'group', 'policies': [ diff --git a/chrome/browser/policy/configuration_policy_pref_store.cc b/chrome/browser/policy/configuration_policy_pref_store.cc index 813eecc..3971980 100644 --- a/chrome/browser/policy/configuration_policy_pref_store.cc +++ b/chrome/browser/policy/configuration_policy_pref_store.cc @@ -190,6 +190,8 @@ const ConfigurationPolicyPrefStore::PolicyToPreferenceMapEntry prefs::kAuthNegotiateDelegateWhitelist }, { Value::TYPE_STRING, kPolicyGSSAPILibraryName, prefs::kGSSAPILibraryName }, + { Value::TYPE_BOOLEAN, kPolicyDisable3DAPIs, + prefs::kDisable3DAPIs }, #if defined(OS_CHROMEOS) { Value::TYPE_BOOLEAN, kPolicyChromeOsLockOnIdleSuspend, @@ -310,6 +312,8 @@ ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList() { key::kAuthNegotiateDelegateWhitelist }, { kPolicyGSSAPILibraryName, Value::TYPE_STRING, key::kGSSAPILibraryName }, + { kPolicyDisable3DAPIs, Value::TYPE_BOOLEAN, + key::kDisable3DAPIs }, #if defined(OS_CHROMEOS) { kPolicyChromeOsLockOnIdleSuspend, Value::TYPE_BOOLEAN, diff --git a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc index 80c69e4..43e1295 100644 --- a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc +++ b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc @@ -185,7 +185,9 @@ INSTANTIATE_TEST_CASE_P( TypeAndName(kPolicyDisableAuthNegotiateCnameLookup, prefs::kDisableAuthNegotiateCnameLookup), TypeAndName(kPolicyEnableAuthNegotiatePort, - prefs::kEnableAuthNegotiatePort))); + prefs::kEnableAuthNegotiatePort), + TypeAndName(kPolicyDisable3DAPIs, + prefs::kDisable3DAPIs))); #if defined(OS_CHROMEOS) INSTANTIATE_TEST_CASE_P( diff --git a/chrome/browser/policy/configuration_policy_store_interface.h b/chrome/browser/policy/configuration_policy_store_interface.h index 860f3a4..00ebf30 100644 --- a/chrome/browser/policy/configuration_policy_store_interface.h +++ b/chrome/browser/policy/configuration_policy_store_interface.h @@ -66,6 +66,7 @@ enum ConfigurationPolicyType { kPolicyAuthServerWhitelist, kPolicyAuthNegotiateDelegateWhitelist, kPolicyGSSAPILibraryName, + kPolicyDisable3DAPIs }; static const int kPolicyNoProxyServerMode = 0; diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc index 8fffb9c..ae70d97 100644 --- a/chrome/browser/prefs/command_line_pref_store.cc +++ b/chrome/browser/prefs/command_line_pref_store.cc @@ -31,6 +31,7 @@ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry prefs::kDisableAuthNegotiateCnameLookup, true }, { switches::kEnableAuthNegotiatePort, prefs::kEnableAuthNegotiatePort, true }, + { switches::kDisable3DAPIs, prefs::kDisable3DAPIs, true }, }; CommandLinePrefStore::CommandLinePrefStore(const CommandLine* command_line) diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc index 677bb94..d916bcc 100644 --- a/chrome/browser/renderer_host/browser_render_process_host.cc +++ b/chrome/browser/renderer_host/browser_render_process_host.cc @@ -596,6 +596,14 @@ void BrowserRenderProcessHost::AppendRendererCommandLine( if (!profile.empty()) command_line->AppendSwitchASCII(switches::kLoginProfile, profile); #endif + + PrefService* prefs = profile()->GetPrefs(); + // Currently this pref is only registered if applied via a policy. + if (prefs->HasPrefPath(prefs::kDisable3DAPIs) && + prefs->GetBoolean(prefs::kDisable3DAPIs)) { + // Turn this policy into a command line switch. + command_line->AppendSwitch(switches::kDisable3DAPIs); + } } void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( @@ -698,7 +706,8 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( switches::kDisableFileSystem, switches::kPpapiOutOfProcess, switches::kEnablePrintPreview, - switches::kEnableCrxlessWebApps + switches::kEnableCrxlessWebApps, + switches::kDisable3DAPIs }; renderer_cmd->CopySwitchesFrom(browser_cmd, kSwitchNames, arraysize(kSwitchNames)); diff --git a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc index 5e3c899..491e7f6 100644 --- a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc +++ b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc @@ -275,6 +275,7 @@ WebPreferences RenderViewHostDelegateHelper::GetWebkitPrefs( !command_line.HasSwitch(switches::kDisableDatabases); web_prefs.experimental_webgl_enabled = gpu_enabled() && + !command_line.HasSwitch(switches::kDisable3DAPIs) && !command_line.HasSwitch(switches::kDisableExperimentalWebGL); web_prefs.site_specific_quirks_enabled = !command_line.HasSwitch(switches::kDisableSiteSpecificQuirks); diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc index f3e8cbb7..8dc6886 100644 --- a/chrome/browser/ui/browser.cc +++ b/chrome/browser/ui/browser.cc @@ -2047,6 +2047,9 @@ void Browser::RegisterUserPrefs(PrefService* prefs) { prefs->RegisterBooleanPref(prefs::kDevToolsDisabled, false); prefs->RegisterRealPref(prefs::kDefaultZoomLevel, 0.0); prefs->RegisterIntegerPref(prefs::kMultipleProfilePrefMigration, 0); + // We need to register the type of this preference in order to query + // it even though it's only typically controlled via policy. + prefs->RegisterBooleanPref(prefs::kDisable3DAPIs, false); } // static diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 84236bb..7a64479 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -139,6 +139,12 @@ const char kDeviceManagementUrl[] = "device-management-url"; // Triggers a pletora of diagnostic modes. const char kDiagnostics[] = "diagnostics"; +// Disables client-visible 3D APIs, in particular WebGL and Pepper 3D. +// This is controlled by policy and is kept separate from the other +// enable/disable switches to avoid accidentally regressing the policy +// support for controlling access to these APIs. +const char kDisable3DAPIs[] = "disable-3d-apis"; + // Disables accelerated compositing. const char kDisableAcceleratedCompositing[] = "disable-accelerated-compositing"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 2a3f11d35..1ddf692 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -52,6 +52,7 @@ extern const char kCountry[]; extern const char kDebugPrint[]; extern const char kDeviceManagementUrl[]; extern const char kDiagnostics[]; +extern const char kDisable3DAPIs[]; extern const char kDisableAcceleratedCompositing[]; extern const char kDisableAltWinstation[]; extern const char kDisableApplicationCache[]; diff --git a/chrome/common/policy_constants.cc b/chrome/common/policy_constants.cc index 8fcad63..300b450 100644 --- a/chrome/common/policy_constants.cc +++ b/chrome/common/policy_constants.cc @@ -71,6 +71,7 @@ const char kEnableAuthNegotiatePort[] = "EnableAuthNegotiatePort"; const char kAuthServerWhitelist[] = "AuthServerWhitelist"; const char kAuthNegotiateDelegateWhitelist[] = "AuthNegotiateDelegateWhitelist"; const char kGSSAPILibraryName[] = "GSSAPILibraryName"; +const char kDisable3DAPIs[] = "Disable3DAPIs"; // Chrome Frame specific policy constants const char kChromeFrameRendererSettings[] = "ChromeFrameRendererSettings"; diff --git a/chrome/common/policy_constants.h b/chrome/common/policy_constants.h index 318e27c..a1e2a83 100644 --- a/chrome/common/policy_constants.h +++ b/chrome/common/policy_constants.h @@ -67,6 +67,7 @@ extern const char kEnableAuthNegotiatePort[]; extern const char kAuthServerWhitelist[]; extern const char kAuthNegotiateDelegateWhitelist[]; extern const char kGSSAPILibraryName[]; +extern const char kDisable3DAPIs[]; // Chrome Frame specific policy constants extern const char kChromeFrameRendererSettings[]; diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc index 11203d8..c4af1e1 100644 --- a/chrome/common/pref_names.cc +++ b/chrome/common/pref_names.cc @@ -631,6 +631,9 @@ const char kGeolocationDefaultContentSetting[] = // Dictionary that maps [frame, toplevel] to their Geolocation content setting. const char kGeolocationContentSettings[] = "geolocation.content_settings"; +// Preference to disable 3D APIs (WebGL, Pepper 3D). +const char kDisable3DAPIs[] = "disable_3d_apis"; + // *************** LOCAL STATE *************** // These are attached to the machine/installation diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h index 4dcaad5..6e4a47d 100644 --- a/chrome/common/pref_names.h +++ b/chrome/common/pref_names.h @@ -438,6 +438,8 @@ extern const char kGSSAPILibraryName[]; extern const char kKnownBackgroundPages[]; +extern const char kDisable3DAPIs[]; + } // namespace prefs #endif // CHROME_COMMON_PREF_NAMES_H_ diff --git a/chrome/common/sandbox_init_wrapper_mac.cc b/chrome/common/sandbox_init_wrapper_mac.cc index 540b6da..b9cfa50 100644 --- a/chrome/common/sandbox_init_wrapper_mac.cc +++ b/chrome/common/sandbox_init_wrapper_mac.cc @@ -24,7 +24,8 @@ bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line, // Browser process isn't sandboxed. return true; } else if (process_type == switches::kRendererProcess) { - if (!command_line.HasSwitch(switches::kDisableExperimentalWebGL) && + if (!command_line.HasSwitch(switches::kDisable3DAPIs) && + !command_line.HasSwitch(switches::kDisableExperimentalWebGL) && command_line.HasSwitch(switches::kInProcessWebGL)) { // TODO(kbr): this check seems to be necessary only on this // platform because the sandbox is initialized later. Remove diff --git a/chrome/common/sandbox_policy.cc b/chrome/common/sandbox_policy.cc index 2b932d0..2667cf9 100644 --- a/chrome/common/sandbox_policy.cc +++ b/chrome/common/sandbox_policy.cc @@ -546,7 +546,8 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line, in_sandbox = false; } #endif - if (!browser_command_line.HasSwitch(switches::kDisableExperimentalWebGL) && + if (!browser_command_line.HasSwitch(switches::kDisable3DAPIs) && + !browser_command_line.HasSwitch(switches::kDisableExperimentalWebGL) && browser_command_line.HasSwitch(switches::kInProcessWebGL)) { // In process WebGL won't work if the sandbox is enabled. in_sandbox = false; diff --git a/chrome/renderer/render_thread.cc b/chrome/renderer/render_thread.cc index a7f2495..901445a 100644 --- a/chrome/renderer/render_thread.cc +++ b/chrome/renderer/render_thread.cc @@ -952,6 +952,7 @@ void RenderThread::EnsureWebKitInitialized() { !command_line.HasSwitch(switches::kDisableGeolocation)); WebRuntimeFeatures::enableWebGL( + !command_line.HasSwitch(switches::kDisable3DAPIs) && !command_line.HasSwitch(switches::kDisableExperimentalWebGL)); WebRuntimeFeatures::enablePushState(true); diff --git a/chrome/worker/worker_thread.cc b/chrome/worker/worker_thread.cc index 1f5bccd..cafd482 100644 --- a/chrome/worker/worker_thread.cc +++ b/chrome/worker/worker_thread.cc @@ -60,6 +60,7 @@ WorkerThread::WorkerThread() { !command_line.HasSwitch(switches::kDisableFileSystem)); WebRuntimeFeatures::enableWebGL( + !command_line.HasSwitch(switches::kDisable3DAPIs) && !command_line.HasSwitch(switches::kDisableExperimentalWebGL)); } diff --git a/webkit/plugins/ppapi/plugin_module.cc b/webkit/plugins/ppapi/plugin_module.cc index 374ca7a..71b42f0 100644 --- a/webkit/plugins/ppapi/plugin_module.cc +++ b/webkit/plugins/ppapi/plugin_module.cc @@ -278,10 +278,13 @@ const void* GetInterface(const char* name) { return PluginInstance::GetZoomInterface(); #ifdef ENABLE_GPU - if (strcmp(name, PPB_GRAPHICS_3D_DEV_INTERFACE) == 0) - return PPB_Graphics3D_Impl::GetInterface(); - if (strcmp(name, PPB_OPENGLES_DEV_INTERFACE) == 0) - return PPB_Graphics3D_Impl::GetOpenGLESInterface(); + // This should really refer to switches::kDisable3DAPIs. + if (!CommandLine::ForCurrentProcess()->HasSwitch("disable-3d-apis")) { + if (strcmp(name, PPB_GRAPHICS_3D_DEV_INTERFACE) == 0) + return PPB_Graphics3D_Impl::GetInterface(); + if (strcmp(name, PPB_OPENGLES_DEV_INTERFACE) == 0) + return PPB_Graphics3D_Impl::GetOpenGLESInterface(); + } #endif // ENABLE_GPU // Only support the testing interface when the command line switch is |