Google Git
Sign in
chromium / chromium / src / 956e0caebaa1d3207d98821a442dfa0507d00757^! / . / chrome / browser / chrome_content_browser_client.cc
commit956e0caebaa1d3207d98821a442dfa0507d00757[log] [tgz]
authorWill Harris <[email protected]>Fri Aug 23 20:47:39 2019
committerCommit Bot <[email protected]>Fri Aug 23 20:47:39 2019
treee41cbe5429b5b36acfb75fa01b5304d303366f4c
parent312f5f1cac30780118dcd00333d4004d66676dae [diff] [blame]
Add enterprise policy for renderer CIG.

Whether to enable/disable is checked on the launcher thread in
content. But the actual flag is only accessible on the main thread
from chrome, so the plumbing in render_process_host and
content_browser_client exists to wire these two together.

BUG=750886
TEST=set policy, check renderers start without CIG.

Change-Id: I2ea2286d9e244734abe15b9f8beb62b3f97ffd71
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1758589
Commit-Queue: Will Harris <[email protected]>
Reviewed-by: Lutz Justen <[email protected]>
Reviewed-by: Avi Drissman <[email protected]>
Reviewed-by: Owen Min <[email protected]>
Cr-Commit-Position: refs/heads/master@{#690060}

diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index bffe0971..f7109926 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc

@@ -3621,8 +3621,8 @@
   return base::string16();
 }
 
-bool ChromeContentBrowserClient::PreSpawnRenderer(
-    sandbox::TargetPolicy* policy) {
+bool ChromeContentBrowserClient::PreSpawnRenderer(sandbox::TargetPolicy* policy,
+                                                  RendererSpawnFlags flags) {
   // Allow the server side of a pipe restricted to the "chrome.nacl."
   // namespace so that it cannot impersonate other system or other chrome
   // service pipes. This is also done in nacl_broker_listener.cc.
@@ -3638,6 +3638,8 @@
 // ASAN has not yet fully initialized its instrumentation by the time the CIG
 // intercepts run.
 #if !defined(COMPONENT_BUILD) && !defined(ADDRESS_SANITIZER)
+  if ((flags & RendererSpawnFlags::RENDERER_CODE_INTEGRITY) == 0)
+    return true;
   if (!base::FeatureList::IsEnabled(kRendererCodeIntegrity))
     return true;
 
@@ -3674,6 +3676,16 @@
 
   return true;
 }
+
+bool ChromeContentBrowserClient::IsRendererCodeIntegrityEnabled() {
+  PrefService* local_state = g_browser_process->local_state();
+  if (local_state &&
+      local_state->HasPrefPath(prefs::kRendererCodeIntegrityEnabled) &&
+      !local_state->GetBoolean(prefs::kRendererCodeIntegrityEnabled))
+    return false;
+  return true;
+}
+
 #endif  // defined(OS_WIN)
 
 void ChromeContentBrowserClient::ExposeInterfacesToRenderer(