Index: content/common/sandbox_policy.cc |
=================================================================== |
--- content/common/sandbox_policy.cc (revision 129865) |
+++ content/common/sandbox_policy.cc (working copy) |
@@ -15,6 +15,7 @@ |
#include "base/process_util.h" |
#include "base/stringprintf.h" |
#include "base/string_util.h" |
+#include "base/win/scoped_handle.h" |
#include "base/win/windows_version.h" |
#include "content/common/debug_flags.h" |
#include "content/public/common/content_client.h" |
@@ -24,6 +25,7 @@ |
#include "ui/gfx/gl/gl_switches.h" |
static sandbox::BrokerServices* g_broker_services = NULL; |
+static sandbox::TargetServices* g_target_services = NULL; |
namespace { |
@@ -365,7 +367,17 @@ |
return true; |
} |
-void AddPolicyForRenderer(sandbox::TargetPolicy* policy) { |
+bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) { |
+ // Renderers need to copy sections for plugin DIBs. |
+ sandbox::ResultCode result; |
+ result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, |
+ sandbox::TargetPolicy::HANDLES_DUP_ANY, |
+ L"Section"); |
+ if (result != sandbox::SBOX_ALL_OK) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0); |
sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; |
@@ -386,6 +398,8 @@ |
} |
AddGenericDllEvictionPolicy(policy); |
+ |
+ return true; |
} |
// The Pepper process as locked-down as a renderer execpt that it can |
@@ -399,23 +413,63 @@ |
NOTREACHED(); |
return false; |
} |
- AddPolicyForRenderer(policy); |
- return true; |
+ return AddPolicyForRenderer(policy); |
} |
} // namespace |
namespace sandbox { |
-void InitBrokerServices(sandbox::BrokerServices* broker_services) { |
+bool InitBrokerServices(sandbox::BrokerServices* broker_services) { |
// TODO(abarth): DCHECK(CalledOnValidThread()); |
// See <http://b/1287166>. |
DCHECK(broker_services); |
DCHECK(!g_broker_services); |
- broker_services->Init(); |
+ sandbox::ResultCode result = broker_services->Init(); |
g_broker_services = broker_services; |
+ return SBOX_ALL_OK == result; |
} |
+bool InitTargetServices(sandbox::TargetServices* target_services) { |
+ DCHECK(target_services); |
+ DCHECK(!g_target_services); |
+ sandbox::ResultCode result = target_services->Init(); |
+ g_target_services = target_services; |
+ return SBOX_ALL_OK == result; |
+} |
+ |
+bool BrokerDuplicateHandle(HANDLE source_handle, |
+ DWORD target_process_id, |
+ HANDLE* target_handle, |
+ DWORD desired_access, |
+ DWORD options) { |
+ // Just use DuplicateHandle() if we aren't in the sandbox. |
+ if (!g_target_services) { |
+ base::win::ScopedHandle target_process(::OpenProcess(PROCESS_DUP_HANDLE, |
+ FALSE, |
+ target_process_id)); |
+ if (!target_process.IsValid()) |
+ return false; |
+ |
+ if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, |
+ target_process, target_handle, |
+ desired_access, FALSE, |
+ options)) { |
+ return false; |
+ } |
+ |
+ return true; |
+ } |
+ |
+ ResultCode result = g_target_services->DuplicateHandle(source_handle, |
+ target_process_id, |
+ target_handle, |
+ desired_access, |
+ options); |
+ return SBOX_ALL_OK == result; |
+} |
+ |
+ |
base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line, |
const FilePath& exposed_dir) { |
base::ProcessHandle process = 0; |
@@ -524,7 +578,8 @@ |
if (!AddPolicyForPepperPlugin(policy)) |
return 0; |
} else { |
- AddPolicyForRenderer(policy); |
+ if (!AddPolicyForRenderer(policy)) |
+ return 0; |
// TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. |
// Just have to figure out what needs to be warmed up first. |
if (type == content::PROCESS_TYPE_RENDERER || |