42 lines
1.7 KiB
Diff
42 lines
1.7 KiB
Diff
From: uazo <uazo@users.noreply.github.com>
|
|
Date: Fri, 17 Feb 2023 16:23:20 +0000
|
|
Subject: WIN Enable Network Service Sandbox and CIG
|
|
|
|
License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
|
|
---
|
|
chrome/browser/chrome_content_browser_client.cc | 2 +-
|
|
sandbox/policy/features.cc | 6 +++++-
|
|
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
|
|
--- a/chrome/browser/chrome_content_browser_client.cc
|
|
+++ b/chrome/browser/chrome_content_browser_client.cc
|
|
@@ -774,7 +774,7 @@ const char kDEPRECATED_AllowlistedExtensionID[] = "whitelisted-extension-id";
|
|
// https://blogs.windows.com/blog/tag/code-integrity-guard/.
|
|
BASE_FEATURE(kNetworkServiceCodeIntegrity,
|
|
"NetworkServiceCodeIntegrity",
|
|
- base::FEATURE_DISABLED_BY_DEFAULT);
|
|
+ base::FEATURE_ENABLED_BY_DEFAULT);
|
|
|
|
#endif // BUILDFLAG(IS_WIN) && !defined(COMPONENT_BUILD) &&
|
|
// !defined(ADDRESS_SANITIZER)
|
|
diff --git a/sandbox/policy/features.cc b/sandbox/policy/features.cc
|
|
--- a/sandbox/policy/features.cc
|
|
+++ b/sandbox/policy/features.cc
|
|
@@ -18,8 +18,12 @@ namespace sandbox::policy::features {
|
|
// Enables network service sandbox.
|
|
// (Only causes an effect when feature kNetworkServiceInProcess is disabled.)
|
|
BASE_FEATURE(kNetworkServiceSandbox,
|
|
- "NetworkServiceSandbox",
|
|
+ "NetworkServiceSandbox", // enabled only in windows
|
|
+#if BUILDFLAG(IS_WIN)
|
|
+ base::FEATURE_ENABLED_BY_DEFAULT);
|
|
+#else
|
|
base::FEATURE_DISABLED_BY_DEFAULT);
|
|
+#endif
|
|
|
|
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
// Enables a fine-grained seccomp-BPF syscall filter for the network service.
|
|
--
|
|
2.25.1
|