From 03848fe2a5c8fdfba86c936bb611e99ebb86d7de Mon Sep 17 00:00:00 2001
From: "scottmg@chromium.org"
 <scottmg@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 8 Nov 2013 05:52:18 +0000
Subject: lower Angle/DX path to LIMITED and don't drop to UNTRUSTED

Causes very slow page flips on some hardware otherwise.

TBR=piman@chromium.org
R=jschuh@chromium.org
BUG=314171

Review URL: https://codereview.chromium.org/60733012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@233785 0039d316-1c4b-4281-b951-d872f2087c98
---
 content/browser/gpu/gpu_process_host.cc | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

(limited to 'content/browser/gpu/gpu_process_host.cc')

diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc
index 8b3cd3a..9ddd540 100644
--- a/content/browser/gpu/gpu_process_host.cc
+++ b/content/browser/gpu/gpu_process_host.cc
@@ -200,21 +200,8 @@ class GpuSandboxedProcessLauncherDelegate
         SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
         policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
       } else {
-        if (cmd_line_->GetSwitchValueASCII(switches::kUseGL) ==
-                gfx::kGLImplementationSwiftShaderName ||
-            cmd_line_->HasSwitch(switches::kReduceGpuSandbox)) {
-          // Swiftshader path.
-          policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
-                                sandbox::USER_LIMITED);
-        } else {
-          // Angle + DirectX path.
-          policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
-                                sandbox::USER_RESTRICTED);
-          // This is a trick to keep the GPU out of low-integrity processes. It
-          // starts at low-integrity for UIPI to work, then drops below
-          // low-integrity after warm-up.
-          policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
-        }
+        policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
+                              sandbox::USER_LIMITED);
 
         // UI restrictions break when we access Windows from outside our job.
         // However, we don't want a proxy window in this process because it can
@@ -249,13 +236,6 @@ class GpuSandboxedProcessLauncherDelegate
       return;
     }
 
-    result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
-                             sandbox::TargetPolicy::EVENTS_ALLOW_ANY,
-                             L"Dwm*");
-    if (result != sandbox::SBOX_ALL_OK) {
-      *success = false;
-      return;
-    }
     // Block this DLL even if it is not loaded by the browser process.
     policy->AddDllToUnload(L"cmsetac.dll");
 
-- 
cgit v1.1