mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Update to Chromium revision 9ef2aa86 (#550428)
This commit is contained in:
@@ -1,18 +1,20 @@
|
||||
diff --git services/service_manager/sandbox/win/sandbox_win.cc services/service_manager/sandbox/win/sandbox_win.cc
|
||||
index 6c7356eacc42..4804ce497e1b 100644
|
||||
index 50430a8e2f8f..424af4cb70f6 100644
|
||||
--- services/service_manager/sandbox/win/sandbox_win.cc
|
||||
+++ services/service_manager/sandbox/win/sandbox_win.cc
|
||||
@@ -865,8 +865,11 @@ sandbox::ResultCode SandboxWin::StartSandboxedProcess(
|
||||
@@ -865,10 +865,13 @@ sandbox::ResultCode SandboxWin::StartSandboxedProcess(
|
||||
#endif
|
||||
|
||||
// Post-startup mitigations.
|
||||
- mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
|
||||
- sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
||||
+ mitigations = sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
||||
if (!cmd_line->HasSwitch(switches::kAllowThirdPartyModules))
|
||||
mitigations |= sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;
|
||||
+ if (!launcher_process_command_line.HasSwitch("win-rt-app")) {
|
||||
+ // Don't enable this mitigation in WinRT apps. See issue #2274.
|
||||
+ mitigations |= sandbox::MITIGATION_STRICT_HANDLE_CHECKS;
|
||||
+ }
|
||||
if (base::FeatureList::IsEnabled(
|
||||
service_manager::features::kWinSboxForceMsSigned) &&
|
||||
!cmd_line->HasSwitch(switches::kAllowThirdPartyModules)) {
|
||||
|
||||
result = policy->SetDelayedProcessMitigations(mitigations);
|
||||
if (result != sandbox::SBOX_ALL_OK)
|
||||
|
Reference in New Issue
Block a user