Google Git
Sign in
chromium / chromium / src / a2f1d70451dda8e3936e8f873b83ae9e8cf0438f
commita2f1d70451dda8e3936e8f873b83ae9e8cf0438f[log] [tgz]
authorAlex Gough <ajgo@chromium.org>Sat Dec 28 02:50:22 2024
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Sat Dec 28 02:50:22 2024
tree88052f2646047466f1235f44233b675e1a3c4430
parent134ef9afcaff9644ce859d61752d3ef51b924eb6 [diff]
Allow threads to be passed to children in content_shell.exe

Before this CL, if CsrssLockdown was enabled, content_shell.exe
would CHECK() when it attempted to transfer a thread handle
to a child. This is because thread handles have granted access
of 0x1fffff.

This CHECK() only happens on content_shell and not in chrome.exe
as the handle checker is installed in chrome.dll. content_shell.exe
is a monolithic executable so all calls to ::DuplicateHandle() in
content_shell.exe get checked, while before the sandbox IPC call
was not, as it is in the chrome.exe module, not chrome.dll.

Bug: 40408399
Change-Id: I4dade90529c5e02f3145addacfe453e3e52d5a25
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6126016
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1400625}
1 file changed
tree: 88052f2646047466f1235f44233b675e1a3c4430
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. crypto/
  16. dbus/
  17. device/
  18. docs/
  19. extensions/
  20. fuchsia_web/
  21. gin/
  22. google_apis/
  23. gpu/
  24. headless/
  25. infra/
  26. ios/
  27. ipc/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. native_client
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.