| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_policy.h" | 5 #include "content/common/sandbox_policy.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/debug/debugger.h" | 10 #include "base/debug/debugger.h" |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 return true; | 317 return true; |
| 318 } | 318 } |
| 319 | 319 |
| 320 // For the GPU process we gotten as far as USER_LIMITED. The next level | 320 // For the GPU process we gotten as far as USER_LIMITED. The next level |
| 321 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL | 321 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL |
| 322 // backend. Note that the GPU process is connected to the interactive | 322 // backend. Note that the GPU process is connected to the interactive |
| 323 // desktop. | 323 // desktop. |
| 324 // TODO(cpu): Lock down the sandbox more if possible. | 324 // TODO(cpu): Lock down the sandbox more if possible. |
| 325 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) { | 325 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) { |
| 326 #if !defined(NACL_WIN64) // We don't need this code on win nacl64. | 326 #if !defined(NACL_WIN64) // We don't need this code on win nacl64. |
| 327 if (base::win::GetVersion() > base::win::VERSION_SERVER_2003) { | 327 if (base::win::GetVersion() > base::win::VERSION_XP) { |
| 328 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == | 328 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == |
| 329 gfx::kGLImplementationDesktopName) { | 329 gfx::kGLImplementationDesktopName) { |
| 330 // Open GL path. | 330 // Open GL path. |
| 331 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | 331 policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, |
| 332 sandbox::USER_LIMITED); | 332 sandbox::USER_LIMITED); |
| 333 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); | 333 policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0); |
| 334 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | 334 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 335 } else { | 335 } else { |
| 336 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == | 336 if (cmd_line->GetSwitchValueASCII(switches::kUseGL) == |
| 337 gfx::kGLImplementationSwiftShaderName || | 337 gfx::kGLImplementationSwiftShaderName || |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 702 } | 702 } |
| 703 | 703 |
| 704 return false; | 704 return false; |
| 705 } | 705 } |
| 706 | 706 |
| 707 bool BrokerAddTargetPeer(HANDLE peer_process) { | 707 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 708 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 708 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 709 } | 709 } |
| 710 | 710 |
| 711 } // namespace content | 711 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9956183:
Revert 131655 - Windows: Reduce GPU process sandbox to XP level on Windows Server 2003. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/