Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(57)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_policy.cc

Issue 10389210: Add a sandbox policy for duplicating handles into the broker. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/src/handle_dispatcher.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_policy.h" 5 #include "content/common/sandbox_policy.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/debug/debugger.h" 10 #include "base/debug/debugger.h"
(...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after
382 if (result != sandbox::SBOX_ALL_OK) 382 if (result != sandbox::SBOX_ALL_OK)
383 return false; 383 return false;
384 384
385 // GPU needs to copy sections to renderers. 385 // GPU needs to copy sections to renderers.
386 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, 386 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
387 sandbox::TargetPolicy::HANDLES_DUP_ANY, 387 sandbox::TargetPolicy::HANDLES_DUP_ANY,
388 L"Section"); 388 L"Section");
389 if (result != sandbox::SBOX_ALL_OK) 389 if (result != sandbox::SBOX_ALL_OK)
390 return false; 390 return false;
391 391
392 #ifdef USE_AURA
393 // GPU also needs to add sections to the browser for aura
394 // TODO(jschuh): refactor the GPU channel to remove this. crbug.com/128786
395 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
396 sandbox::TargetPolicy::HANDLES_DUP_BROKER,
397 L"Section");
398 if (result != sandbox::SBOX_ALL_OK)
399 return false;
400 #endif
401
392 AddGenericDllEvictionPolicy(policy); 402 AddGenericDllEvictionPolicy(policy);
393 #endif 403 #endif
394 return true; 404 return true;
395 } 405 }
396 406
397 bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) { 407 bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
398 // Renderers need to copy sections for plugin DIBs and GPU. 408 // Renderers need to copy sections for plugin DIBs and GPU.
399 sandbox::ResultCode result; 409 sandbox::ResultCode result;
400 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, 410 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
401 sandbox::TargetPolicy::HANDLES_DUP_ANY, 411 sandbox::TargetPolicy::HANDLES_DUP_ANY,
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
823 } 833 }
824 834
825 return false; 835 return false;
826 } 836 }
827 837
828 bool BrokerAddTargetPeer(HANDLE peer_process) { 838 bool BrokerAddTargetPeer(HANDLE peer_process) {
829 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 839 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
830 } 840 }
831 841
832 } // namespace content 842 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/src/handle_dispatcher.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698