content/renderer/webplugin_delegate_proxy.cc - Issue 9838083: Add a sandbox API for broker handle duplication

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/renderer/webplugin_delegate_proxy.cc

Issue 9838083: Add a sandbox API for broker handle duplication (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/renderer/webplugin_delegate_proxy.cc

===================================================================

--- content/renderer/webplugin_delegate_proxy.cc (revision 128951)

+++ content/renderer/webplugin_delegate_proxy.cc (working copy)

@@ -59,6 +59,10 @@

#include "base/mac/mac_util.h"

#endif

+#if defined(OS_WIN)

+#include "content/common/sandbox_policy.h"

+#endif

using WebKit::WebBindings;

using WebKit::WebCursorInfo;

using WebKit::WebDragData;

@@ -483,7 +487,8 @@

static void CopyTransportDIBHandleForMessage(

const TransportDIB::Handle& handle_in,

- TransportDIB::Handle* handle_out) {

+ TransportDIB::Handle* handle_out,

+ base::ProcessId peer_pid) {

#if defined(OS_MACOSX)

// On Mac, TransportDIB::Handle is typedef'ed to FileDescriptor, and

// FileDescriptor message fields needs to remain valid until the message is

@@ -493,6 +498,13 @@

return;

}

handle_out->auto_close = true;

+#elif defined(OS_WIN)

+ // On Windows we need to duplicate the handle for the plugin process.

+ *handle_out = NULL;

+ sandbox::BrokerDuplicateHandle(handle_in, peer_pid, handle_out,

+ STANDARD_RIGHTS_REQUIRED | FILE_MAP_READ |

+ FILE_MAP_WRITE, FALSE, 0);

+ DCHECK(*handle_out != NULL);

#else

// Don't need to do anything special for other platforms.

*handle_out = handle_in;

@@ -519,15 +531,18 @@

{

if (transport_stores_[0].dib.get())

CopyTransportDIBHandleForMessage(transport_stores_[0].dib->handle(),

- &param.windowless_buffer0);

+ &param.windowless_buffer0,

+ channel_host_->peer_pid());

if (transport_stores_[1].dib.get())

CopyTransportDIBHandleForMessage(transport_stores_[1].dib->handle(),

- &param.windowless_buffer1);

+ &param.windowless_buffer1,

+ channel_host_->peer_pid());

if (background_store_.dib.get())

CopyTransportDIBHandleForMessage(background_store_.dib->handle(),

- &param.background_buffer);

+ &param.background_buffer,

+ channel_host_->peer_pid());

}

IPC::Message* msg;

« no previous file with comments | « content/plugin/webplugin_proxy.cc ('k') | sandbox/sandbox.gyp » ('j') | sandbox/src/handle_dispatcher.h » ('J')