Add a sandbox API for broker handle duplication

content/plugin/webplugin_proxy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/plugin/webplugin_proxy.h"
 
 #include "build/build_config.h"
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
@@ skipping 17 matching lines @@
 #if defined(OS_MACOSX)
 #include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "content/plugin/webplugin_accelerated_surface_proxy_mac.h"
 #endif
 
 #if defined(USE_X11)
 #include "ui/base/x/x11_util_internal.h"
 #endif
 
+#if defined(OS_WIN)
+#include "content/common/sandbox_policy.h"
+#endif
+
 using WebKit::WebBindings;
 
 using webkit::npapi::WebPluginResourceClient;
 #if defined(OS_MACOSX)
 using webkit::npapi::WebPluginAcceleratedSurface;
 #endif
 
 WebPluginProxy::WebPluginProxy(
     PluginChannel* channel,
     int route_id,
@@ skipping 74 matching lines @@
 #elif defined(USE_X11)
   // Nothing to do.
 #else
   NOTIMPLEMENTED();
 #endif
 }
 
 #if defined(OS_WIN)
 void WebPluginProxy::SetWindowlessPumpEvent(HANDLE pump_messages_event) {
   HANDLE pump_messages_event_for_renderer = NULL;
-  DuplicateHandle(GetCurrentProcess(), pump_messages_event,
-                  channel_->renderer_handle(),
-                  &pump_messages_event_for_renderer,
-                  0, FALSE, DUPLICATE_SAME_ACCESS);
+  sandbox::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),
+                                 &pump_messages_event_for_renderer,
+                                 0, FALSE, DUPLICATE_SAME_ACCESS);
   DCHECK(pump_messages_event_for_renderer != NULL);
   Send(new PluginHostMsg_SetWindowlessPumpEvent(
       route_id_, pump_messages_event_for_renderer));
 }
 
 void WebPluginProxy::ReparentPluginWindow(HWND window, HWND parent) {
   PluginThread::current()->Send(
       new PluginProcessHostMsg_ReparentPluginWindow(window, parent));
 }
 
@@ skipping 317 matching lines @@
     InvalidateRect(damaged_rect_);
   }
 }
 
 #if defined(OS_WIN)
 
 void WebPluginProxy::CreateCanvasFromHandle(
     const TransportDIB::Handle& dib_handle,
     const gfx::Rect& window_rect,
     scoped_ptr<skia::PlatformCanvas>* canvas_out) {
-  // Create a canvas that will reference the shared bits. We have to handle
-  // errors here since we're mapping a large amount of memory that may not fit
-  // in our address space, or go wrong in some other way.
-  HANDLE section;
-  DuplicateHandle(channel_->renderer_handle(), dib_handle, GetCurrentProcess(),
-                  &section,
-                  STANDARD_RIGHTS_REQUIRED | FILE_MAP_READ | FILE_MAP_WRITE,
-                  FALSE, 0);
   scoped_ptr<skia::PlatformCanvas> canvas(new skia::PlatformCanvas);
   if (!canvas->initialize(
           window_rect.width(),
           window_rect.height(),
           true,
-          section)) {
+          dib_handle)) {
     canvas_out->reset();
   }
   canvas_out->reset(canvas.release());
   // The canvas does not own the section so we need to close it now.
-  CloseHandle(section);
+  CloseHandle(dib_handle);
 }
 
 void WebPluginProxy::SetWindowlessBuffers(
     const TransportDIB::Handle& windowless_buffer0,
     const TransportDIB::Handle& windowless_buffer1,
     const TransportDIB::Handle& background_buffer,
     const gfx::Rect& window_rect) {
   CreateCanvasFromHandle(windowless_buffer0,
                          window_rect,
                          &windowless_canvases_[0]);
@@ skipping 273 matching lines @@
   // Retrieve the IME status from a plug-in and send it to a renderer process
   // when the plug-in has updated it.
   int input_type;
   gfx::Rect caret_rect;
   if (!delegate_->GetIMEStatus(&input_type, &caret_rect))
     return;
 
   Send(new PluginHostMsg_NotifyIMEStatus(route_id_, input_type, caret_rect));
 }
 #endif