Change Win32k PPAPI lockdown to use finch params for mime type.

BUG=523278 Review URL: https://codereview.chromium.org/1609133002 Cr-Commit-Position: refs/heads/master@{#371651}

Change Win32k PPAPI lockdown to use finch params for mime type.
BUG=523278 Review URL: https://codereview.chromium.org/1609133002 Cr-Commit-Position: refs/heads/master@{#371651}
c91e967e · wfh · Commit bot · bf6983ea · c91e967e · c91e967e
Commit c91e967e authored Jan 26, 2016 by wfh Committed by Commit bot Jan 27, 2016
7 changed files
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -165,6 +165,7 @@
 #include "ui/resources/grit/ui_resources.h"
 #if defined(OS_WIN)
+#include "base/strings/string_tokenizer.h"
 #include "base/win/windows_version.h"
 #include "chrome/browser/chrome_browser_main_win.h"
 #include "sandbox/win/src/sandbox_policy.h"
@@ -2640,7 +2641,55 @@ bool ChromeContentBrowserClient::PreSpawnRenderer(
                           L"File");
  return result == sandbox::SBOX_ALL_OK;
 }
-#endif
+bool ChromeContentBrowserClient::IsWin32kLockdownEnabledForMimeType(
+    const std::string& mime_type) const {
+  // First, check if any variation parameters have enabled or disabled this
+  // mime type either specifically or globally.
+  std::map<std::string, std::string> mime_params;
+  if (variations::GetVariationParams("EnableWin32kLockDownMimeTypes",
+                                     &mime_params)) {
+    bool enabled = false;
+    for (const auto& param : mime_params) {
+      if (param.first == mime_type || param.first == "*") {
+        // Disabled entries take precedence over Enabled entries.
+        if (base::StartsWith(param.second, "Disabled",
+                             base::CompareCase::INSENSITIVE_ASCII)) {
+          return false;
+        }
+        if (base::StartsWith(param.second, "Enabled",
+                             base::CompareCase::INSENSITIVE_ASCII)) {
+          enabled = true;
+        }
+      }
+    }
+    return enabled;
+  }
+  // Second, check the command line to see if this mime type is enabled
+  // either specifically or globally.
+  const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
+  if (!cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes))
+    return false;
+  std::string mime_types =
+      cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes);
+  // Consider the value * to enable all mime types for lockdown.
+  if (mime_types == "*")
+    return true;
+  base::StringTokenizer tokenizer(mime_types, ",");
+  tokenizer.set_quote_chars("\"");
+  while (tokenizer.GetNext()) {
+    if (tokenizer.token() == mime_type)
+      return true;
+  }
+  return false;
+}
+#endif  // defined(OS_WIN)
 void ChromeContentBrowserClient::RegisterFrameMojoShellServices(
    content::ServiceRegistry* registry,

--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -279,6 +279,8 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
  bool PreSpawnRenderer(sandbox::TargetPolicy* policy) override;
  base::string16 GetAppContainerSidForSandboxType(
      int sandbox_type) const override;
+  bool IsWin32kLockdownEnabledForMimeType(
+      const std::string& mime_type) const override;
 #endif
  void RegisterFrameMojoShellServices(
      content::ServiceRegistry* registry,

--- a/content/browser/ppapi_plugin_process_host.cc
+++ b/content/browser/ppapi_plugin_process_host.cc
@@ -89,18 +89,23 @@ class PpapiPluginSandboxedProcessLauncherDelegate
    if (result != sandbox::SBOX_ALL_OK)
      return false;
+    content::ContentBrowserClient* browser_client =
+        GetContentClient()->browser();
 #if !defined(NACL_WIN64)
-    for (const auto& mime_type : info_.mime_types) {
+    if (IsWin32kRendererLockdownEnabled()) {
-      if (IsWin32kLockdownEnabledForMimeType(mime_type.mime_type)) {
+      for (const auto& mime_type : info_.mime_types) {
-        if (!AddWin32kLockdownPolicy(policy))
+        if (browser_client->IsWin32kLockdownEnabledForMimeType(
-          return false;
+                mime_type.mime_type)) {
-        break;
+          if (!AddWin32kLockdownPolicy(policy))
+            return false;
+          break;
+        }
      }
    }
 #endif
    const base::string16& sid =
-        GetContentClient()->browser()->GetAppContainerSidForSandboxType(
+        browser_client->GetAppContainerSidForSandboxType(GetSandboxType());
-            GetSandboxType());
    if (!sid.empty())
      AddAppContainerPolicy(policy, sid.c_str());

--- a/content/common/content_switches_internal.cc
+++ b/content/common/content_switches_internal.cc
@@ -12,7 +12,6 @@
 #include "content/public/common/content_switches.h"
 #if defined(OS_WIN)
-#include "base/strings/string_tokenizer.h"
 #include "base/win/windows_version.h"
 #include "ui/gfx/win/direct_write.h"
 #endif
@@ -64,32 +63,6 @@ bool IsWin32kRendererLockdownEnabled() {
  return true;
 }
-bool IsWin32kLockdownEnabledForMimeType(const std::string& mime_type) {
-  // Consider PPAPI lockdown a superset of renderer lockdown.
-  if (!IsWin32kRendererLockdownEnabled())
-    return false;
-  const base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
-  std::string mime_types =
-      base::FieldTrialList::FindFullName("EnableWin32kLockDownMimeTypes");
-  if (cmd_line->HasSwitch(switches::kEnableWin32kLockDownMimeTypes)) {
-    mime_types =
-        cmd_line->GetSwitchValueASCII(switches::kEnableWin32kLockDownMimeTypes);
-  }
-  // Consider the value * to enable all mime types for lockdown.
-  if (mime_types == "*")
-    return true;
-  base::StringTokenizer tokenizer(mime_types, ",");
-  tokenizer.set_quote_chars("\"");
-  while (tokenizer.GetNext()) {
-    if (tokenizer.token() == mime_type)
-      return true;
-  }
-  return false;
-}
 #endif
 V8CacheOptions GetV8CacheOptions() {

--- a/content/common/content_switches_internal.h
+++ b/content/common/content_switches_internal.h
@@ -17,8 +17,6 @@ void DisableWin32kRendererLockdown();
 // Returns whether Win32k Renderer lockdown is enabled or not.
 bool IsWin32kRendererLockdownEnabled();
-// Returns whether Win32k PPAPI lockdown is enabled for a specific mime type.
-bool IsWin32kLockdownEnabledForMimeType(const std::string& mime_type);
 #endif
 V8CacheOptions GetV8CacheOptions();

--- a/content/public/browser/content_browser_client.cc
+++ b/content/public/browser/content_browser_client.cc
@@ -411,6 +411,13 @@ base::string16 ContentBrowserClient::GetAppContainerSidForSandboxType(
      L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
      L"924012148-129201922");
 }
+bool ContentBrowserClient::IsWin32kLockdownEnabledForMimeType(
+    const std::string& mime_type) const {
+  // TODO(wfh): Enable this by default once Win32k lockdown for PPAPI processes
+  // is enabled by default in Chrome. See crbug.com/523278.
+  return false;
+}
 #endif
 #if defined(VIDEO_HOLE)

--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -751,6 +751,11 @@ class CONTENT_EXPORT ContentBrowserClient {
  // an AppContainer.
  virtual base::string16 GetAppContainerSidForSandboxType(
      int sandbox_type) const;
+  // Returns whether the Win32k lockdown process mitigation should be applied to
+  // a process hosting a plugin with the specified |mime_type|.
+  virtual bool IsWin32kLockdownEnabledForMimeType(
+      const std::string& mime_type) const;
 #endif
 #if defined(VIDEO_HOLE)