| Index: chrome/common/chrome_content_client.cc
|
| ===================================================================
|
| --- chrome/common/chrome_content_client.cc (revision 160170)
|
| +++ chrome/common/chrome_content_client.cc (working copy)
|
| @@ -310,60 +310,6 @@
|
| #endif // FLAPPER_AVAILABLE
|
| }
|
|
|
| -#if defined(OS_WIN)
|
| -// Launches the privileged flash broker, used when flash is sandboxed.
|
| -// The broker is the same flash dll, except that it uses a different
|
| -// entrypoint (BrokerMain) and it is hosted in windows' generic surrogate
|
| -// process rundll32. After launching the broker we need to pass to
|
| -// the flash plugin the process id of the broker via the command line
|
| -// using --flash-broker=pid.
|
| -// More info about rundll32 at http://support.microsoft.com/kb/164787.
|
| -bool LoadFlashBroker(const FilePath& plugin_path, CommandLine* cmd_line) {
|
| - FilePath rundll;
|
| - if (!PathService::Get(base::DIR_SYSTEM, &rundll))
|
| - return false;
|
| - rundll = rundll.AppendASCII("rundll32.exe");
|
| - // Rundll32 cannot handle paths with spaces, so we use the short path.
|
| - wchar_t short_path[MAX_PATH];
|
| - if (0 == ::GetShortPathNameW(plugin_path.value().c_str(),
|
| - short_path, arraysize(short_path)))
|
| - return false;
|
| - // Here is the kicker, if the user has disabled 8.3 (short path) support
|
| - // on the volume GetShortPathNameW does not fail but simply returns the
|
| - // input path. In this case if the path had any spaces then rundll32 will
|
| - // incorrectly interpret its parameters. So we quote the path, even though
|
| - // the kb/164787 says you should not.
|
| - std::wstring cmd_final =
|
| - base::StringPrintf(L"%ls \"%ls\",BrokerMain browser=chrome",
|
| - rundll.value().c_str(),
|
| - short_path);
|
| - base::ProcessHandle process;
|
| - base::LaunchOptions options;
|
| - options.start_hidden = true;
|
| - if (!base::LaunchProcess(cmd_final, options, &process))
|
| - return false;
|
| -
|
| - cmd_line->AppendSwitchASCII("flash-broker",
|
| - base::Int64ToString(::GetProcessId(process)));
|
| -
|
| - // The flash broker, unders some circumstances can linger beyond the lifetime
|
| - // of the flash player, so we put it in a job object, when the browser
|
| - // terminates the job object is destroyed (by the OS) and the flash broker
|
| - // is terminated.
|
| - HANDLE job = ::CreateJobObjectW(NULL, NULL);
|
| - if (base::SetJobObjectAsKillOnJobClose(job)) {
|
| - ::AssignProcessToJobObject(job, process);
|
| - // Yes, we are leaking the object here. Read comment above.
|
| - } else {
|
| - ::CloseHandle(job);
|
| - return false;
|
| - }
|
| -
|
| - ::CloseHandle(process);
|
| - return true;
|
| -}
|
| -#endif // OS_WIN
|
| -
|
| } // namespace
|
|
|
| namespace chrome {
|
| @@ -464,70 +410,6 @@
|
| return ResourceBundle::GetSharedInstance().GetNativeImageNamed(resource_id);
|
| }
|
|
|
| -#if defined(OS_WIN)
|
| -bool ChromeContentClient::SandboxPlugin(CommandLine* command_line,
|
| - sandbox::TargetPolicy* policy) {
|
| - std::wstring plugin_dll = command_line->
|
| - GetSwitchValueNative(switches::kPluginPath);
|
| -
|
| - FilePath builtin_flash;
|
| - if (!PathService::Get(chrome::FILE_FLASH_PLUGIN_EXISTING, &builtin_flash))
|
| - return false;
|
| -
|
| - FilePath plugin_path(plugin_dll);
|
| - if (plugin_path.BaseName() != builtin_flash.BaseName())
|
| - return false;
|
| -
|
| - if (base::win::GetVersion() <= base::win::VERSION_XP ||
|
| - CommandLine::ForCurrentProcess()->HasSwitch(
|
| - switches::kDisableFlashSandbox)) {
|
| - return false;
|
| - }
|
| -
|
| - // Add policy for the plugin proxy window pump event
|
| - // used by WebPluginDelegateProxy::HandleInputEvent().
|
| - if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
|
| - sandbox::TargetPolicy::HANDLES_DUP_ANY,
|
| - L"Event") != sandbox::SBOX_ALL_OK) {
|
| - NOTREACHED();
|
| - return false;
|
| - }
|
| -
|
| - // Add the policy for the pipes.
|
| - if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
|
| - sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
|
| - L"\\\\.\\pipe\\chrome.*") != sandbox::SBOX_ALL_OK) {
|
| - NOTREACHED();
|
| - return false;
|
| - }
|
| -
|
| - // Spawn the flash broker and apply sandbox policy.
|
| - if (LoadFlashBroker(plugin_path, command_line)) {
|
| - // UI job restrictions break windowless Flash, so just pick up single
|
| - // process limit for now.
|
| - policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
| - policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
|
| - sandbox::USER_INTERACTIVE);
|
| - // Allow the Flash plugin to forward some messages back to Chrome.
|
| - if (base::win::GetVersion() == base::win::VERSION_VISTA) {
|
| - // Per-window message filters required on Win7 or later must be added to:
|
| - // render_widget_host_view_win.cc RenderWidgetHostViewWin::ReparentWindow
|
| - ::ChangeWindowMessageFilter(WM_MOUSEWHEEL, MSGFLT_ADD);
|
| - ::ChangeWindowMessageFilter(WM_APPCOMMAND, MSGFLT_ADD);
|
| - }
|
| - policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
|
| - } else {
|
| - // Could not start the broker, use a very weak policy instead.
|
| - DLOG(WARNING) << "Failed to start flash broker";
|
| - policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
|
| - policy->SetTokenLevel(
|
| - sandbox::USER_UNPROTECTED, sandbox::USER_UNPROTECTED);
|
| - }
|
| -
|
| - return true;
|
| -}
|
| -#endif
|
| -
|
| #if defined(OS_MACOSX) && !defined(OS_IOS)
|
| bool ChromeContentClient::GetSandboxProfileForSandboxType(
|
| int sandbox_type,
|
|
|
Chromium Code Reviews
Issue 11049004:
Remove Legacy NPAPI Flash Sandbox support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/