Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(309)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_policy.cc

Issue 12207106: Ignore DEP and SEHOP flags on Win64 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/win/src/process_mitigations.cc » ('j') | sandbox/win/src/process_mitigations.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_policy.h" 5 #include "content/common/sandbox_policy.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/debug/debugger.h" 10 #include "base/debug/debugger.h"
(...skipping 728 matching lines...) Expand 10 before | Expand all | Expand 10 after
739 if (!in_sandbox) { 739 if (!in_sandbox) {
740 base::ProcessHandle process = 0; 740 base::ProcessHandle process = 0;
741 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); 741 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process);
742 g_broker_services->AddTargetPeer(process); 742 g_broker_services->AddTargetPeer(process);
743 return process; 743 return process;
744 } 744 }
745 745
746 base::win::ScopedProcessInformation target; 746 base::win::ScopedProcessInformation target;
747 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); 747 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
748 748
749 // TODO(jschuh): Make Win64 work with DEP and SEHOP. crbug.com/147752
cpu_(ooo_6.6-7.5) 2013/02/11 19:05:09 in the CL you have bug 158133
jschuh 2013/02/11 21:26:49 Okay... you caught me. I don't know how to read.
750 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | 749 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE |
751 sandbox::MITIGATION_BOTTOM_UP_ASLR; 750 sandbox::MITIGATION_BOTTOM_UP_ASLR |
752 #if !defined(_WIN64) 751 sandbox::MITIGATION_DEP |
753 // TODO(jschuh,bsy): Make Win64 work with HIGH_ENTROPY_ASLR. crbug.com/158133 752 sandbox::MITIGATION_DEP_NO_ATL_THUNK |
754 mitigations |= sandbox::MITIGATION_DEP | 753 sandbox::MITIGATION_SEHOP;
755 sandbox::MITIGATION_DEP_NO_ATL_THUNK |
756 sandbox::MITIGATION_SEHOP |
757 sandbox::MITIGATION_HIGH_ENTROPY_ASLR;
758 #if defined(NDEBUG)
759 mitigations |= sandbox::MITIGATION_RELOCATE_IMAGE |
760 sandbox::MITIGATION_RELOCATE_IMAGE_REQUIRED;
761 #endif
762 #endif
763 754
764 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) 755 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
765 return 0; 756 return 0;
766 757
767 mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS | 758 mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
768 sandbox::MITIGATION_DLL_SEARCH_ORDER; 759 sandbox::MITIGATION_DLL_SEARCH_ORDER;
769 #if defined(_WIN64)
770 mitigations |= sandbox::MITIGATION_DEP |
771 sandbox::MITIGATION_DEP_NO_ATL_THUNK;
772 #endif
773 760
774 if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) 761 if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
775 return 0; 762 return 0;
776 763
777 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); 764 SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy);
778 765
779 if (type == PROCESS_TYPE_GPU) { 766 if (type == PROCESS_TYPE_GPU) {
780 if (!AddPolicyForGPU(cmd_line, policy)) 767 if (!AddPolicyForGPU(cmd_line, policy))
781 return 0; 768 return 0;
782 } else { 769 } else {
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
907 } 894 }
908 895
909 return false; 896 return false;
910 } 897 }
911 898
912 bool BrokerAddTargetPeer(HANDLE peer_process) { 899 bool BrokerAddTargetPeer(HANDLE peer_process) {
913 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 900 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
914 } 901 }
915 902
916 } // namespace content 903 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/win/src/process_mitigations.cc » ('j') | sandbox/win/src/process_mitigations.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698