mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-02-03 12:37:36 +01:00
cd27cbc802
Known issues: - Surface synchronization is now enabled for OSR, see issue #2447. - Jumbo build is broken, fixed in https://crrev.com/868717ce.
21 lines
987 B
Diff
21 lines
987 B
Diff
diff --git services/service_manager/sandbox/win/sandbox_win.cc services/service_manager/sandbox/win/sandbox_win.cc
|
|
index 6c72f29ee7ce..9b0114b2cfdc 100644
|
|
--- services/service_manager/sandbox/win/sandbox_win.cc
|
|
+++ services/service_manager/sandbox/win/sandbox_win.cc
|
|
@@ -865,10 +865,13 @@ sandbox::ResultCode SandboxWin::StartSandboxedProcess(
|
|
#endif
|
|
|
|
// Post-startup mitigations.
|
|
- mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
|
|
- sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
|
+ mitigations = sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
|
if (!cmd_line->HasSwitch(switches::kAllowThirdPartyModules))
|
|
mitigations |= sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;
|
|
+ if (!launcher_process_command_line.HasSwitch("win-rt-app")) {
|
|
+ // Don't enable this mitigation in WinRT apps. See issue #2274.
|
|
+ mitigations |= sandbox::MITIGATION_STRICT_HANDLE_CHECKS;
|
|
+ }
|
|
|
|
result = policy->SetDelayedProcessMitigations(mitigations);
|
|
if (result != sandbox::SBOX_ALL_OK)
|