1 files changed, 34 insertions, 25 deletions

diff --git a/chrome/common/sandbox_policy.cc b/chrome/common/sandbox_policy.cc
index 7436ad2..16049e8 100644
--- a/chrome/common/sandbox_policy.cc
+++ b/chrome/common/sandbox_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,7 +6,6 @@
 
 #include <string>
 
-#include "app/win/win_util.h"
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
 #include "base/debug/trace_event.h"
@@ -64,6 +63,7 @@ const wchar_t* const kTroublesomeDlls[] = {
   L"radhslib.dll",                // Radiant Naomi Internet Filter.
   L"radprlib.dll",                // Radiant Naomi Internet Filter.
   L"rlhook.dll",                  // Trustware Bufferzone.
+  L"rpchromebrowserrecordhelper.dll",  // RealPlayer.
   L"r3hook.dll",                  // Kaspersky Internet Security.
   L"sahook.dll",                  // McAfee Site Advisor.
   L"sbrige.dll",                  // Unknown.
@@ -325,8 +325,13 @@ bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
   if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
                                short_path, arraysize(short_path)))
     return false;
+  // Here is the kicker, if the user has disabled 8.3 (short path) support
+  // on the volume GetShortPathNameW does not fail but simply returns the
+  // input path. In this case if the path had any spaces then rundll32 will
+  // incorrectly interpret its parameters. So we quote the path, even though
+  // the kb/164787 says you should not.
   std::wstring cmd_final =
-      base::StringPrintf(L"%ls %ls,BrokerMain browser=chrome",
+      base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome",
                          rundll.value().c_str(),
                          short_path);
   base::ProcessHandle process;
@@ -358,31 +363,35 @@ bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
 }
 
 // Creates a sandbox for the built-in flash plugin running in a restricted
-// environment. This is a work in progress and for the time being do not
-// pay attention to the duplication between this function and the above
-// function. For more information see bug 50796.
+// environment. This policy is in continual flux as flash changes
+// capabilities. For more information see bug 50796.
 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) {
-  // TODO(cpu): Lock down the job level more.
   policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
+  // Vista and Win7 get a weaker token but have low integrity.
+  if (base::win::GetVersion() > base::win::VERSION_XP) {
+    policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
+                          sandbox::USER_INTERACTIVE);
+    policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
+  } else {
+    policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
+                          sandbox::USER_LIMITED);
 
-  sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
-
-  if (base::win::GetVersion() > base::win::VERSION_XP)
-    initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
-
-  policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED);
-  policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
+    if (!AddKeyAndSubkeys(L"HKEY_LOCAL_MACHINE\\SOFTWARE",
+                          sandbox::TargetPolicy::REG_ALLOW_READONLY,
+                          policy))
+      return false;
+    if (!AddKeyAndSubkeys(L"HKEY_LOCAL_MACHINE\\SYSTEM",
+                          sandbox::TargetPolicy::REG_ALLOW_READONLY,
+                          policy))
+      return false;
 
-  // TODO(cpu): Proxy registry access and remove these policies.
-  if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\ADOBE",
-                        sandbox::TargetPolicy::REG_ALLOW_ANY,
-                        policy))
-    return false;
+    if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE",
+                          sandbox::TargetPolicy::REG_ALLOW_READONLY,
+                          policy))
+      return false;
+  }
 
-  if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\MACROMEDIA",
-                        sandbox::TargetPolicy::REG_ALLOW_ANY,
-                        policy))
-    return false;
+  AddDllEvictionPolicy(policy);
   return true;
 }
 
@@ -602,14 +611,14 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
   if (!exposed_dir.empty()) {
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
-                             exposed_dir.ToWStringHack().c_str());
+                             exposed_dir.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return 0;
 
     FilePath exposed_files = exposed_dir.AppendASCII("*");
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
-                             exposed_files.ToWStringHack().c_str());
+                             exposed_files.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return 0;
   }