diff options
Diffstat (limited to 'content')
| -rw-r--r-- | content/browser/ppapi_plugin_process_host.cc | 12 | ||||
| -rw-r--r-- | content/common/pepper_plugin_registry.cc | 12 | ||||
| -rw-r--r-- | content/public/common/pepper_plugin_info.cc | 3 | ||||
| -rw-r--r-- | content/public/common/pepper_plugin_info.h | 4 |
4 files changed, 21 insertions, 10 deletions
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc index eea898d..f123149 100644 --- a/content/browser/ppapi_plugin_process_host.cc +++ b/content/browser/ppapi_plugin_process_host.cc @@ -157,14 +157,18 @@ bool PpapiPluginProcessHost::Init(const content::PepperPluginInfo& info) { if (!plugin_launcher.empty()) cmd_line->PrependWrapper(plugin_launcher); - // On posix, having a plugin launcher means we need to use another process - // instead of just forking the zygote. + // On posix, never use the zygote for the broker. Also, only use the zygote if + // the plugin is sandboxed, and we are not using a plugin launcher - having a + // plugin launcher means we need to use another process instead of just + // forking the zygote. +#if defined(OS_POSIX) + bool use_zygote = !is_broker_ && plugin_launcher.empty() && info.is_sandboxed; +#endif // OS_POSIX Launch( #if defined(OS_WIN) FilePath(), #elif defined(OS_POSIX) - is_broker_ ? false // Never use the zygote for the broker. - : plugin_launcher.empty(), + use_zygote, base::environment_vector(), #endif cmd_line); diff --git a/content/common/pepper_plugin_registry.cc b/content/common/pepper_plugin_registry.cc index 2316ec8..be7529d 100644 --- a/content/common/pepper_plugin_registry.cc +++ b/content/common/pepper_plugin_registry.cc @@ -79,7 +79,9 @@ webkit::WebPluginInfo content::PepperPluginInfo::ToWebPluginInfo() const { webkit::WebPluginInfo info; info.type = is_out_of_process ? - webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS : + (is_sandboxed ? + webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS : + webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_UNSANDBOXED) : webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS; info.name = name.empty() ? @@ -97,9 +99,9 @@ bool MakePepperPluginInfo(const webkit::WebPluginInfo& webplugin_info, if (!webkit::IsPepperPlugin(webplugin_info)) return false; - pepper_info->is_out_of_process = - webplugin_info.type == - webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS; + pepper_info->is_out_of_process = webkit::IsOutOfProcessPlugin(webplugin_info); + pepper_info->is_sandboxed = webplugin_info.type != + webkit::WebPluginInfo::PLUGIN_TYPE_PEPPER_UNSANDBOXED; pepper_info->path = FilePath(webplugin_info.path); pepper_info->name = UTF16ToASCII(webplugin_info.name); @@ -131,7 +133,7 @@ void PepperPluginRegistry::PreloadModules() { std::vector<content::PepperPluginInfo> plugins; ComputeList(&plugins); for (size_t i = 0; i < plugins.size(); ++i) { - if (!plugins[i].is_internal) { + if (!plugins[i].is_internal && plugins[i].is_sandboxed) { std::string error; base::NativeLibrary library = base::LoadNativeLibrary(plugins[i].path, &error); diff --git a/content/public/common/pepper_plugin_info.cc b/content/public/common/pepper_plugin_info.cc index 82b6c61..54150da 100644 --- a/content/public/common/pepper_plugin_info.cc +++ b/content/public/common/pepper_plugin_info.cc @@ -8,7 +8,8 @@ namespace content { PepperPluginInfo::PepperPluginInfo() : is_internal(false), - is_out_of_process(false) { + is_out_of_process(false), + is_sandboxed(true) { } PepperPluginInfo::~PepperPluginInfo() { diff --git a/content/public/common/pepper_plugin_info.h b/content/public/common/pepper_plugin_info.h index 01c8c23..f17cb30 100644 --- a/content/public/common/pepper_plugin_info.h +++ b/content/public/common/pepper_plugin_info.h @@ -31,6 +31,10 @@ struct CONTENT_EXPORT PepperPluginInfo { // True when this plugin should be run out of process. Defaults to false. bool is_out_of_process; + // True when an out-of-process plugin should also be run within sandbox. + // Defaults to true. + bool is_sandboxed; + FilePath path; // Internal plugins have "internal-[name]" as path. std::string name; std::string description; |