| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 // doesn't carry into any processes that plugins might start. | 34 // doesn't carry into any processes that plugins might start. |
| 35 void TrimInterposeEnvironment(); | 35 void TrimInterposeEnvironment(); |
| 36 | 36 |
| 37 // Initializes the global Cocoa application object. | 37 // Initializes the global Cocoa application object. |
| 38 void InitializeChromeApplication(); | 38 void InitializeChromeApplication(); |
| 39 #elif defined(OS_LINUX) | 39 #elif defined(OS_LINUX) |
| 40 // Work around an unimplemented instruction in 64-bit Flash. | 40 // Work around an unimplemented instruction in 64-bit Flash. |
| 41 void WorkaroundFlashLAHF(); | 41 void WorkaroundFlashLAHF(); |
| 42 #endif | 42 #endif |
| 43 | 43 |
| 44 #if defined(OS_WIN) | |
| 45 // This function is provided so that the built-in flash can lock down the | |
| 46 // sandbox by calling DelayedLowerToken(0). | |
| 47 extern "C" DWORD __declspec(dllexport) __stdcall DelayedLowerToken(void* ts) { | |
| 48 // s_ts is only set the first time the function is called, which happens | |
| 49 // in PluginMain. | |
| 50 static sandbox::TargetServices* s_ts = | |
| 51 reinterpret_cast<sandbox::TargetServices*>(ts); | |
| 52 if (ts) | |
| 53 return 0; | |
| 54 s_ts->LowerToken(); | |
| 55 return 1; | |
| 56 }; | |
| 57 | |
| 58 // Returns true if the plugin to be loaded is the internal flash. | |
| 59 bool IsPluginBuiltInFlash(const CommandLine& cmd_line) { | |
| 60 FilePath path = cmd_line.GetSwitchValuePath(switches::kPluginPath); | |
| 61 return (path.BaseName() == FilePath(L"gcswf32.dll")); | |
| 62 } | |
| 63 | |
| 64 // Before we lock down the flash sandbox, we need to activate the IME machinery | |
| 65 // and attach it to this process. (Windows attaches an IME machinery to this | |
| 66 // process automatically while it creates its first top-level window.) After | |
| 67 // lock down it seems it is unable to start. Note that we leak the IME context | |
| 68 // on purpose. | |
| 69 HWND g_ime_window = NULL; | |
| 70 | |
| 71 int PreloadIMEForFlash() { | |
| 72 HIMC imc = ::ImmCreateContext(); | |
| 73 if (!imc) | |
| 74 return 0; | |
| 75 if (::ImmGetOpenStatus(imc)) | |
| 76 return 1; | |
| 77 if (!g_ime_window) { | |
| 78 g_ime_window = CreateWindowEx(WS_EX_TOOLWINDOW, L"EDIT", L"", WS_POPUP, | |
| 79 0, 0, 0, 0, NULL, NULL, GetModuleHandle(NULL), NULL); | |
| 80 SetWindowLongPtr(g_ime_window, GWL_EXSTYLE, WS_EX_NOACTIVATE); | |
| 81 } | |
| 82 return 2; | |
| 83 } | |
| 84 | |
| 85 void DestroyIMEForFlash() { | |
| 86 if (g_ime_window) { | |
| 87 DestroyWindow(g_ime_window); | |
| 88 g_ime_window = NULL; | |
| 89 } | |
| 90 } | |
| 91 | |
| 92 #endif | |
| 93 | |
| 94 // main() routine for running as the plugin process. | 44 // main() routine for running as the plugin process. |
| 95 int PluginMain(const content::MainFunctionParams& parameters) { | 45 int PluginMain(const content::MainFunctionParams& parameters) { |
| 96 // The main thread of the plugin services UI. | 46 // The main thread of the plugin services UI. |
| 97 #if defined(OS_MACOSX) | 47 #if defined(OS_MACOSX) |
| 98 #if !defined(__LP64__) | 48 #if !defined(__LP64__) |
| 99 TrimInterposeEnvironment(); | 49 TrimInterposeEnvironment(); |
| 100 #endif | 50 #endif |
| 101 InitializeChromeApplication(); | 51 InitializeChromeApplication(); |
| 102 #endif | 52 #endif |
| 103 MessageLoop main_message_loop(MessageLoop::TYPE_UI); | 53 MessageLoop main_message_loop(MessageLoop::TYPE_UI); |
| 104 base::PlatformThread::SetName("CrPluginMain"); | 54 base::PlatformThread::SetName("CrPluginMain"); |
| 105 | 55 |
| 106 base::SystemMonitor system_monitor; | 56 base::SystemMonitor system_monitor; |
| 107 HighResolutionTimerManager high_resolution_timer_manager; | 57 HighResolutionTimerManager high_resolution_timer_manager; |
| 108 | 58 |
| 109 const CommandLine& parsed_command_line = parameters.command_line; | 59 const CommandLine& parsed_command_line = parameters.command_line; |
| 110 | 60 |
| 111 #if defined(OS_LINUX) | 61 #if defined(OS_LINUX) |
| 112 | 62 |
| 113 #if defined(ARCH_CPU_64_BITS) | 63 #if defined(ARCH_CPU_64_BITS) |
| 114 WorkaroundFlashLAHF(); | 64 WorkaroundFlashLAHF(); |
| 115 #endif | 65 #endif |
| 116 | 66 |
| 117 #elif defined(OS_WIN) | 67 #elif defined(OS_WIN) |
| 118 sandbox::TargetServices* target_services = | 68 base::win::ScopedCOMInitializer com_initializer; |
| 119 parameters.sandbox_info->target_services; | 69 #endif |
| 120 | 70 |
| 121 base::win::ScopedCOMInitializer com_initializer; | |
| 122 | |
| 123 DVLOG(1) << "Started plugin with " | |
| 124 << parsed_command_line.GetCommandLineString(); | |
| 125 | |
| 126 HMODULE sandbox_test_module = NULL; | |
| 127 bool no_sandbox = parsed_command_line.HasSwitch(switches::kNoSandbox); | |
| 128 | |
| 129 if (target_services && !no_sandbox) { | |
| 130 // The command line might specify a test plugin to load. | |
| 131 if (parsed_command_line.HasSwitch(switches::kTestSandbox)) { | |
| 132 std::wstring test_plugin_name = | |
| 133 parsed_command_line.GetSwitchValueNative(switches::kTestSandbox); | |
| 134 sandbox_test_module = LoadLibrary(test_plugin_name.c_str()); | |
| 135 DCHECK(sandbox_test_module); | |
| 136 } | |
| 137 } | |
| 138 #endif | |
| 139 if (parsed_command_line.HasSwitch(switches::kPluginStartupDialog)) { | 71 if (parsed_command_line.HasSwitch(switches::kPluginStartupDialog)) { |
| 140 ChildProcess::WaitForDebugger("Plugin"); | 72 ChildProcess::WaitForDebugger("Plugin"); |
| 141 } | 73 } |
| 142 | 74 |
| 143 { | 75 { |
| 144 ChildProcess plugin_process; | 76 ChildProcess plugin_process; |
| 145 plugin_process.set_main_thread(new PluginThread()); | 77 plugin_process.set_main_thread(new PluginThread()); |
| 146 #if defined(OS_WIN) | |
| 147 if (!no_sandbox && target_services) { | |
| 148 // We are sandboxing the plugin. If it is a generic plug-in, we lock down | |
| 149 // the sandbox right away, but if it is the built-in flash we let flash | |
| 150 // start elevated and it will call DelayedLowerToken(0) when it's ready. | |
| 151 if (IsPluginBuiltInFlash(parsed_command_line)) { | |
| 152 DVLOG(1) << "Sandboxing flash"; | |
| 153 | |
| 154 if (!PreloadIMEForFlash()) | |
| 155 DVLOG(1) << "IME preload failed"; | |
| 156 DelayedLowerToken(target_services); | |
| 157 } else { | |
| 158 target_services->LowerToken(); | |
| 159 } | |
| 160 } | |
| 161 if (sandbox_test_module) { | |
| 162 RunPluginTests run_security_tests = | |
| 163 reinterpret_cast<RunPluginTests>(GetProcAddress(sandbox_test_module, | |
| 164 kPluginTestCall)); | |
| 165 DCHECK(run_security_tests); | |
| 166 if (run_security_tests) { | |
| 167 int test_count = 0; | |
| 168 DVLOG(1) << "Running plugin security tests"; | |
| 169 BOOL result = run_security_tests(&test_count); | |
| 170 DCHECK(result) << "Test number " << test_count << " has failed."; | |
| 171 // If we are in release mode, crash or debug the process. | |
| 172 if (!result) { | |
| 173 __debugbreak(); | |
| 174 _exit(1); | |
| 175 } | |
| 176 } | |
| 177 | |
| 178 FreeLibrary(sandbox_test_module); | |
| 179 } | |
| 180 #endif | |
| 181 | |
| 182 MessageLoop::current()->Run(); | 78 MessageLoop::current()->Run(); |
| 183 } | 79 } |
| 184 | 80 |
| 185 #if defined(OS_WIN) | |
| 186 DestroyIMEForFlash(); | |
| 187 #endif | |
| 188 | |
| 189 return 0; | 81 return 0; |
| 190 } | 82 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11049004:
Remove Legacy NPAPI Flash Sandbox support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/