Remove Legacy NPAPI Flash Sandbox support

content/common/sandbox_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_policy.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 94 matching lines @@
   L"ssldivx.dll",                 // DivX.
   L"syncor11.dll",                // SynthCore Midi interface.
   L"systools.dll",                // Panda Antivirus.
   L"tfwah.dll",                   // Threatfire (PC tools).
   L"wblind.dll",                  // Stardock Object desktop.
   L"wbhelp.dll",                  // Stardock Object desktop.
   L"winstylerthemehelper.dll"     // Tuneup utilities 2006.
 };
 
 // The DLLs listed here are known (or under strong suspicion) of causing crashes
-// when they are loaded in the plugin process.
-const wchar_t* const kTroublesomePluginDlls[] = {
-  L"rpmainbrowserrecordplugin.dll",      // RealPlayer.
-  L"rpchromebrowserrecordhelper.dll",    // RealPlayer.
-  L"rpchrome10browserrecordhelper.dll",  // RealPlayer.
-  L"ycwebcamerasource.ax"                // Cyberlink Camera helper.
-  L"CLRGL.ax"                            // Cyberlink Camera helper.
-};
-
-// The DLLs listed here are known (or under strong suspicion) of causing crashes
 // when they are loaded in the GPU process.
 const wchar_t* const kTroublesomeGpuDlls[] = {
   L"cmsetac.dll",                 // Unknown (suspected malware).
 };
 
 // Adds the policy rules for the path and path\ with the semantic |access|.
 // If |children| is set to true, we need to add the wildcard rules to also
 // apply the rule to the subfiles and subfolders.
 bool AddDirectory(int path, const wchar_t* sub_dir, bool children,
                   sandbox::TargetPolicy::Semantics access,
@@ skipping 100 matching lines @@
 }
 
 // Adds policy rules for unloaded the known dlls that cause chrome to crash.
 // Eviction of injected DLLs is done by the sandbox so that the injected module
 // does not get a chance to execute any code.
 void AddGenericDllEvictionPolicy(sandbox::TargetPolicy* policy) {
   for (int ix = 0; ix != arraysize(kTroublesomeDlls); ++ix)
     BlacklistAddOneDll(kTroublesomeDlls[ix], true, policy);
 }
 
-// Same as AddGenericDllEvictionPolicy but specifically for plugins. In this
-// case we add the blacklisted dlls even if they are not loaded in this process.
-void AddPluginDllEvictionPolicy(sandbox::TargetPolicy* policy) {
-  for (int ix = 0; ix != arraysize(kTroublesomePluginDlls); ++ix)
-    BlacklistAddOneDll(kTroublesomePluginDlls[ix], false, policy);
-}
-
 // Same as AddGenericDllEvictionPolicy but specifically for the GPU process.
 // In this we add the blacklisted dlls even if they are not loaded in this
 // process.
 void AddGpuDllEvictionPolicy(sandbox::TargetPolicy* policy) {
   for (int ix = 0; ix != arraysize(kTroublesomeGpuDlls); ++ix)
     BlacklistAddOneDll(kTroublesomeGpuDlls[ix], false, policy);
 }
 
 // Returns the object path prepended with the current logon session.
 string16 PrependWindowsSessionPath(const char16* object) {
@@ skipping 485 matching lines @@
   }
 
   bool child_needs_help =
       DebugFlags::ProcessDebugFlags(cmd_line, type, in_sandbox);
 
   // Prefetch hints on windows:
   // Using a different prefetch profile per process type will allow Windows
   // to create separate pretetch settings for browser, renderer etc.
   cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", type));
 
-  sandbox::ResultCode result;
-  base::win::ScopedProcessInformation target;
-  sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
-
-#if !defined(NACL_WIN64)  // We don't need this code on win nacl64.
-  if (type == content::PROCESS_TYPE_PLUGIN &&
-      !browser_command_line.HasSwitch(switches::kNoSandbox) &&
-      content::GetContentClient()->SandboxPlugin(cmd_line, policy)) {
-    in_sandbox = true;
-  }
-#endif
-
   if (!in_sandbox) {
-    policy->Release();
     base::ProcessHandle process = 0;
     base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process);
     g_broker_services->AddTargetPeer(process);
     return process;
   }
 
+  base::win::ScopedProcessInformation target;
+  sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
+
   // TODO(jschuh): Make NaCl work with DEP and SEHOP. crbug.com/147752
   sandbox::MitigationFlags mitigations = MITIGATION_HEAP_TERMINATE |
                                          MITIGATION_BOTTOM_UP_ASLR |
                                          MITIGATION_HIGH_ENTROPY_ASLR;
 #if !defined(NACL_WIN64)
   mitigations |= MITIGATION_DEP |
                  MITIGATION_DEP_NO_ATL_THUNK |
                  MITIGATION_SEHOP;
 #if defined(NDEBUG)
   mitigations |= MITIGATION_RELOCATE_IMAGE |
@@ skipping 10 matching lines @@
 #if defined(NACL_WIN64)
   mitigations |= MITIGATION_DEP |
                  MITIGATION_DEP_NO_ATL_THUNK;
 #endif
 
   if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
   SetJobLevel(*cmd_line, JOB_LOCKDOWN, 0, policy);
 
-  if (type == content::PROCESS_TYPE_PLUGIN) {
-    AddGenericDllEvictionPolicy(policy);
-    AddPluginDllEvictionPolicy(policy);
-  } else if (type == content::PROCESS_TYPE_GPU) {
+  if (type == content::PROCESS_TYPE_GPU) {
     if (!AddPolicyForGPU(cmd_line, policy))
       return 0;
   } else {
     if (!AddPolicyForRenderer(policy))
       return 0;
     // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
     // Just have to figure out what needs to be warmed up first.
     if (type == content::PROCESS_TYPE_RENDERER ||
         type == content::PROCESS_TYPE_WORKER) {
       AddBaseHandleClosePolicy(policy);
     }
 
     // Pepper uses the renderer's policy, whith some tweaks.
     if (cmd_line->HasSwitch(switches::kGuestRenderer) ||
         type == content::PROCESS_TYPE_PPAPI_PLUGIN) {
       if (!AddPolicyForPepperPlugin(policy))
         return 0;
     }
 
 
     if (type_str != switches::kRendererProcess) {
       // Hack for Google Desktop crash. Trick GD into not injecting its DLL into
       // this subprocess. See
       // http://code.google.com/p/chromium/issues/detail?id=25580
       cmd_line->AppendSwitchASCII("ignored", " --type=renderer ");
     }
   }
 
+  sandbox::ResultCode result;
   if (!exposed_dir.empty()) {
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
                              exposed_dir.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return 0;
 
     FilePath exposed_files = exposed_dir.AppendASCII("*");
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
@@ skipping 94 matching lines @@
   return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
 }
 
 base::ProcessHandle StartProcessWithAccess(
     CommandLine* cmd_line,
     const FilePath& exposed_dir) {
   return sandbox::StartProcessWithAccess(cmd_line, exposed_dir);
 }
 
 }  // namespace content