| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 | 332 |
| 333 base::FilePath debug_message(long_path_buf); | 333 base::FilePath debug_message(long_path_buf); |
| 334 debug_message = debug_message.AppendASCII("debug_message.exe"); | 334 debug_message = debug_message.AppendASCII("debug_message.exe"); |
| 335 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, | 335 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS, |
| 336 sandbox::TargetPolicy::PROCESS_MIN_EXEC, | 336 sandbox::TargetPolicy::PROCESS_MIN_EXEC, |
| 337 debug_message.value().c_str()); | 337 debug_message.value().c_str()); |
| 338 if (result != sandbox::SBOX_ALL_OK) | 338 if (result != sandbox::SBOX_ALL_OK) |
| 339 return false; | 339 return false; |
| 340 #endif // NDEBUG | 340 #endif // NDEBUG |
| 341 | 341 |
| 342 // Add the policy for read-only PDB file access for AddressSanitizer. |
| 343 #if defined(ADDRESS_SANITIZER) |
| 344 base::FilePath exe; |
| 345 if (!PathService::Get(base::FILE_EXE, &exe)) |
| 346 return false; |
| 347 base::FilePath pdb_path = exe.DirName().Append(L"*.pdb"); |
| 348 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
| 349 sandbox::TargetPolicy::FILES_ALLOW_READONLY, |
| 350 pdb_path.value().c_str()); |
| 351 if (result != sandbox::SBOX_ALL_OK) |
| 352 return false; |
| 353 #endif |
| 354 |
| 342 AddGenericDllEvictionPolicy(policy); | 355 AddGenericDllEvictionPolicy(policy); |
| 343 return true; | 356 return true; |
| 344 } | 357 } |
| 345 | 358 |
| 346 bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) { | 359 bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) { |
| 347 sandbox::ResultCode result; | 360 sandbox::ResultCode result; |
| 348 // Renderers need to share events with plugins. | 361 // Renderers need to share events with plugins. |
| 349 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, | 362 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
| 350 sandbox::TargetPolicy::HANDLES_DUP_ANY, | 363 sandbox::TargetPolicy::HANDLES_DUP_ANY, |
| 351 L"Event"); | 364 L"Event"); |
| (...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 764 } | 777 } |
| 765 | 778 |
| 766 return false; | 779 return false; |
| 767 } | 780 } |
| 768 | 781 |
| 769 bool BrokerAddTargetPeer(HANDLE peer_process) { | 782 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 770 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 783 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 771 } | 784 } |
| 772 | 785 |
| 773 } // namespace content | 786 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 868253011:
Make chrome.exe built with ASan/Win work with sandbox enabled (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master