Google Git
Sign in
chromium / chromium / src / 5cb6a47ab9373d5e833d448eb73617ecdd379d84
commit5cb6a47ab9373d5e833d448eb73617ecdd379d84[log] [tgz]
authorWill Harris <wfh@chromium.org>Sat Feb 25 01:56:14 2023
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Sat Feb 25 01:56:14 2023
treed12395422cbb143c83ed13c69f241a68aa1a96ad
parentd5083ae61b2b4e5db108e22aaec322c2b7cc72bf [diff]
Refactor logic determining untrusted mojo invitation flag.

Renderer processes use the MOJO_SEND_INVITATION_FLAG_UNTRUSTED_PROCESS
flag on their mojo invitation to ensure security constraints related to
Windows handles are respected by mojo.

Before this CL, this flag was being set in the renderer process host
code unconditionally, on all platforms.

This CL moves the decision on whether or not to set this flag to the
SandboxedProcessLauncherDelegate implementation specific to the
sandboxed process.

This allows more flexibility going forward about applying this
mitigation to more sandboxed process types.

This CL makes no functional changes as the same flag is just being
set in a different place, and still only for renderers, but now just
on Windows.

This CL also contains some cleanups for header files to specify
which interface is being implemented by which class, as well as
passing a const ref base::CommandLine to the Windows sandboxed
process launcher delegate to make it clear that it does not
modify the command line in the constructor.

BUG=1419544

Change-Id: I1df21dc0663a6cf541ab85fb08e66484b8155e96
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4291989
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1109927}
7 files changed
tree: d12395422cbb143c83ed13c69f241a68aa1a96ad
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. weblayer/
  51. .clang-format
  52. .clang-tidy
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .mailmap
  59. .rustfmt.toml
  60. .vpython3
  61. .yapfignore
  62. ATL_OWNERS
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. LICENSE
  70. LICENSE.chromium_os
  71. OWNERS
  72. PRESUBMIT.py
  73. PRESUBMIT_test.py
  74. PRESUBMIT_test_mocks.py
  75. README.md
  76. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.