content/plugin/webplugin_proxy.cc - Issue 9838083: Add a sandbox API for broker handle duplication

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/plugin/webplugin_proxy.cc

Issue 9838083: Add a sandbox API for broker handle duplication (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/plugin/webplugin_proxy.cc

===================================================================

--- content/plugin/webplugin_proxy.cc (revision 128951)

+++ content/plugin/webplugin_proxy.cc (working copy)

@@ -35,6 +35,10 @@

#include "ui/base/x/x11_util_internal.h"

#endif

+#if defined(OS_WIN)

+#include "content/common/sandbox_policy.h"

+#endif

using WebKit::WebBindings;

using webkit::npapi::WebPluginResourceClient;

@@ -129,10 +133,9 @@

#if defined(OS_WIN)

void WebPluginProxy::SetWindowlessPumpEvent(HANDLE pump_messages_event) {

HANDLE pump_messages_event_for_renderer = NULL;

- DuplicateHandle(GetCurrentProcess(), pump_messages_event,

- channel_->renderer_handle(),

- &pump_messages_event_for_renderer,

- 0, FALSE, DUPLICATE_SAME_ACCESS);

+ sandbox::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),

+ &pump_messages_event_for_renderer,

+ 0, FALSE, DUPLICATE_SAME_ACCESS);

DCHECK(pump_messages_event_for_renderer != NULL);

Send(new PluginHostMsg_SetWindowlessPumpEvent(

route_id_, pump_messages_event_for_renderer));

@@ -470,25 +473,17 @@

const TransportDIB::Handle& dib_handle,

const gfx::Rect& window_rect,

scoped_ptr<skia::PlatformCanvas>* canvas_out) {

- // Create a canvas that will reference the shared bits. We have to handle

- // errors here since we're mapping a large amount of memory that may not fit

- // in our address space, or go wrong in some other way.

- HANDLE section;

- DuplicateHandle(channel_->renderer_handle(), dib_handle, GetCurrentProcess(),

- &section,

- STANDARD_RIGHTS_REQUIRED | FILE_MAP_READ | FILE_MAP_WRITE,

- FALSE, 0);

scoped_ptr<skia::PlatformCanvas> canvas(new skia::PlatformCanvas);

if (!canvas->initialize(

window_rect.width(),

window_rect.height(),

true,

- section)) {

+ dib_handle)) {

canvas_out->reset();

}

canvas_out->reset(canvas.release());

// The canvas does not own the section so we need to close it now.

- CloseHandle(section);

+ CloseHandle(dib_handle);

}

void WebPluginProxy::SetWindowlessBuffers(

« no previous file with comments | « content/plugin/plugin_channel.cc ('k') | content/renderer/webplugin_delegate_proxy.cc » ('j') | sandbox/src/handle_dispatcher.h » ('J')