// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/renderer/renderer_main_platform_delegate.h" #include "base/command_line.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/strings/string16.h" #include "base/win/win_util.h" #include "content/public/common/content_switches.h" #include "content/public/common/injection_test_win.h" #include "content/public/renderer/render_thread.h" #include "content/renderer/render_thread_impl.h" #include "sandbox/win/src/sandbox.h" #include "skia/ext/vector_platform_device_emf_win.h" #include "third_party/icu/source/i18n/unicode/timezone.h" #include "third_party/skia/include/ports/SkTypeface_win.h" #ifdef ENABLE_VTUNE_JIT_INTERFACE #include "v8/src/third_party/vtune/v8-vtune.h" #endif namespace content { namespace { // Windows-only skia sandbox support void SkiaPreCacheFont(const LOGFONT& logfont) { RenderThread* render_thread = RenderThread::Get(); if (render_thread) { render_thread->PreCacheFont(logfont); } } void SkiaPreCacheFontCharacters(const LOGFONT& logfont, const wchar_t* text, unsigned int text_length) { RenderThreadImpl* render_thread_impl = RenderThreadImpl::current(); if (render_thread_impl) { render_thread_impl->PreCacheFontCharacters(logfont, string16(text, text_length)); } } void InitExitInterceptions() { // If code subsequently tries to exit using exit(), _exit(), abort(), or // ExitProcess(), force a crash (since otherwise these would be silent // terminations and fly under the radar). base::win::SetShouldCrashOnProcessDetach(true); base::win::SetAbortBehaviorForCrashReporting(); } #if !defined(NDEBUG) LRESULT CALLBACK WindowsHookCBT(int code, WPARAM w_param, LPARAM l_param) { CHECK_NE(code, HCBT_CREATEWND) << "Should not be creating windows in the renderer!"; return CallNextHookEx(NULL, code, w_param, l_param); } #endif // !NDEBUG } // namespace RendererMainPlatformDelegate::RendererMainPlatformDelegate( const MainFunctionParams& parameters) : parameters_(parameters), sandbox_test_module_(NULL) { } RendererMainPlatformDelegate::~RendererMainPlatformDelegate() { } void RendererMainPlatformDelegate::PlatformInitialize() { #if !defined(NDEBUG) // Install a check that we're not creating windows in the renderer. See // http://crbug.com/230122 for background. TODO(scottmg): Ideally this would // check all threads in the renderer, but it currently only checks the main // thread. PCHECK( SetWindowsHookEx(WH_CBT, WindowsHookCBT, NULL, ::GetCurrentThreadId())); #endif // !NDEBUG InitExitInterceptions(); const CommandLine& command_line = parameters_.command_line; #ifdef ENABLE_VTUNE_JIT_INTERFACE if (command_line.HasSwitch(switches::kEnableVtune)) vTune::InitializeVtuneForV8(); #endif // Be mindful of what resources you acquire here. They can be used by // malicious code if the renderer gets compromised. bool no_sandbox = command_line.HasSwitch(switches::kNoSandbox); if (!no_sandbox) { // ICU DateFormat class (used in base/time_format.cc) needs to get the // Olson timezone ID by accessing the registry keys under // HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones. // After TimeZone::createDefault is called once here, the timezone ID is // cached and there's no more need to access the registry. If the sandbox // is disabled, we don't have to make this dummy call. scoped_ptr zone(icu::TimeZone::createDefault()); SkTypeface_SetEnsureLOGFONTAccessibleProc(SkiaPreCacheFont); skia::SetSkiaEnsureTypefaceCharactersAccessible( SkiaPreCacheFontCharacters); } } void RendererMainPlatformDelegate::PlatformUninitialize() { // At this point we are shutting down in a normal code path, so undo our // hack to crash on exit. base::win::SetShouldCrashOnProcessDetach(false); } bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { const CommandLine& command_line = parameters_.command_line; DVLOG(1) << "Started renderer with " << command_line.GetCommandLineString(); sandbox::TargetServices* target_services = parameters_.sandbox_info->target_services; if (target_services && !no_sandbox) { std::wstring test_dll_name = command_line.GetSwitchValueNative(switches::kTestSandbox); if (!test_dll_name.empty()) { sandbox_test_module_ = LoadLibrary(test_dll_name.c_str()); DCHECK(sandbox_test_module_); if (!sandbox_test_module_) { return false; } } } return true; } bool RendererMainPlatformDelegate::EnableSandbox() { sandbox::TargetServices* target_services = parameters_.sandbox_info->target_services; if (target_services) { // Cause advapi32 to load before the sandbox is turned on. unsigned int dummy_rand; rand_s(&dummy_rand); // Warm up language subsystems before the sandbox is turned on. ::GetUserDefaultLangID(); ::GetUserDefaultLCID(); target_services->LowerToken(); return true; } return false; } void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { if (sandbox_test_module_) { RunRendererTests run_security_tests = reinterpret_cast(GetProcAddress(sandbox_test_module_, kRenderTestCall)); DCHECK(run_security_tests); if (run_security_tests) { int test_count = 0; DVLOG(1) << "Running renderer security tests"; BOOL result = run_security_tests(&test_count); CHECK(result) << "Test number " << test_count << " has failed."; } } } } // namespace content