Improve the browser sandbox: checks at each restart whether the network...

License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html

---

 chrome/browser/net/system_network_context_manager.cc      | 2 +-

 .../common/features_cc/Improve-the-browser-sandbox.inc    | 2 ++

 .../content_features_cc/Improve-the-browser-sandbox.inc   | 1 +

 sandbox/policy/features.cc                                | 8 ++++++++

 3 files changed, 11 insertions(+)

 4 files changed, 12 insertions(+), 1 deletion(-)

 create mode 100644 cromite_flags/content/common/features_cc/Improve-the-browser-sandbox.inc

 create mode 100644 cromite_flags/content/public/common/content_features_cc/Improve-the-browser-sandbox.inc

diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc

--- a/chrome/browser/net/system_network_context_manager.cc

+++ b/chrome/browser/net/system_network_context_manager.cc

@@ -358,7 +358,7 @@ namespace features {

 // this feature is disabled any failed launches in the current browser session

 // will still result in sandbox being disabled for the lifetime of the running

 // browser.

-BASE_FEATURE(kPersistFailedLaunchState, base::FEATURE_ENABLED_BY_DEFAULT);

+BASE_FEATURE(kPersistFailedLaunchState, base::FEATURE_DISABLED_BY_DEFAULT);

 }  // namespace features

 class SystemNetworkContextManager::NetworkProcessLaunchWatcher

diff --git a/cromite_flags/content/common/features_cc/Improve-the-browser-sandbox.inc b/cromite_flags/content/common/features_cc/Improve-the-browser-sandbox.inc

new file mode 100644

--- /dev/null