Prevent cmsetac.dll from loading in GPU process.

content/common/sandbox_policy.cc

Index: content/common/sandbox_policy.cc
===================================================================
--- content/common/sandbox_policy.cc	(revision 150857)
+++ content/common/sandbox_policy.cc	(working copy)
@@ -120,6 +120,12 @@
   L"CLRGL.ax"                            // Cyberlink Camera helper.
 };
 
+// The DLLs listed here are known (or under strong suspicion) of causing crashes
+// when they are loaded in the GPU process.
+const wchar_t* const kTroublesomeGpuDlls[] = {
+  L"cmsetac.dll",                 // Unknown (suspected malware).
+};
+
 // Adds the policy rules for the path and path\ with the semantic |access|.
 // If |children| is set to true, we need to add the wildcard rules to also
 // apply the rule to the subfiles and subfolders.
@@ -242,6 +248,14 @@
     BlacklistAddOneDll(kTroublesomePluginDlls[ix], false, policy);
 }
 
+// Same as AddGenericDllEvictionPolicy but specifically for the GPU process.
+// In this we add the blacklisted dlls even if they are not loaded in this
+// process.
+void AddGpuDllEvictionPolicy(sandbox::TargetPolicy* policy) {
+  for (int ix = 0; ix != arraysize(kTroublesomeGpuDlls); ++ix)
+    BlacklistAddOneDll(kTroublesomeGpuDlls[ix], false, policy);
+}
+
 // Returns the object path prepended with the current logon session.
 string16 PrependWindowsSessionPath(const char16* object) {
   // Cache this because it can't change after process creation.
@@ -405,6 +419,7 @@
 #endif
 
   AddGenericDllEvictionPolicy(policy);
+  AddGpuDllEvictionPolicy(policy);
 #endif
   return true;
 }