Move //services/service_manager/sandbox to //sandbox/policy.
Originally the sandbox policies lived in //content, but with
servicification this would create unwanted dependencies between
//services and //content. Instead, create a new //sandbox/policy
library to hold the sandbox integration code. This library can depend
on the low-level //sandbox routines, but not nice versa.
Tbr: ajgo@chromium.org (mechanical change rule)
Bug: 1097376
Change-Id: I1ca9ac0015a625197f2d3aae104e8f7aa78dcfd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2272609
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#786385}
diff --git a/WATCHLISTS b/WATCHLISTS
index 3e36508..620a1b6f 100644
--- a/WATCHLISTS
+++ b/WATCHLISTS
@@ -1200,7 +1200,7 @@
},
'linux_sandboxing': {
'filepath': 'sandbox/linux/'\
- '|services/service_manager/sandbox/linux/',
+ '|sandbox/policy/linux/',
},
'linux_seccomp_bpf': {
'filepath': 'content/common/sandbox.*linux.cc',
diff --git a/apps/DEPS b/apps/DEPS
index 2ba6a95..fcf5545 100644
--- a/apps/DEPS
+++ b/apps/DEPS
@@ -29,6 +29,6 @@
# See http://crbug.com/162530 for details.
"+chrome/browser/extensions/api/file_system/file_system_api.h",
# To access sandbox includes.
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
}
diff --git a/apps/load_and_launch_browsertest.cc b/apps/load_and_launch_browsertest.cc
index ea52193..70f4af5 100644
--- a/apps/load_and_launch_browsertest.cc
+++ b/apps/load_and_launch_browsertest.cc
@@ -25,7 +25,7 @@
#include "content/public/test/test_launcher.h"
#include "extensions/browser/extension_registry.h"
#include "extensions/test/extension_test_message_listener.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
using extensions::PlatformAppBrowserTest;
@@ -34,7 +34,8 @@
namespace {
const char* kSwitchesToCopy[] = {
- service_manager::switches::kNoSandbox, switches::kUserDataDir,
+ sandbox::policy::switches::kNoSandbox,
+ switches::kUserDataDir,
};
constexpr char kTestExtensionId[] = "behllobkkfkfnphdnhnkndlbkcpglgmj";
diff --git a/chrome/BUILD.gn b/chrome/BUILD.gn
index c34a052..15fdc64 100644
--- a/chrome/BUILD.gn
+++ b/chrome/BUILD.gn
@@ -170,7 +170,7 @@
"//content/public/common:static_switches",
"//crypto",
"//sandbox",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
"//third_party/breakpad:breakpad_handler",
"//third_party/breakpad:breakpad_sender",
"//third_party/crashpad/crashpad/util",
diff --git a/chrome/DEPS b/chrome/DEPS
index c578e00c..c016a24f 100644
--- a/chrome/DEPS
+++ b/chrome/DEPS
@@ -5,6 +5,7 @@
"+pdf/buildflags.h",
"+pdf/pdf_features.h",
"+printing",
+ "+sandbox/policy",
"+sql",
# Browser, renderer, common and tests access V8 for various purposes.
"-v8",
diff --git a/chrome/app/main_dll_loader_win.cc b/chrome/app/main_dll_loader_win.cc
index 17558d9..10446fc 100644
--- a/chrome/app/main_dll_loader_win.cc
+++ b/chrome/app/main_dll_loader_win.cc
@@ -42,8 +42,8 @@
#include "chrome/installer/util/util_constants.h"
#include "content/public/app/sandbox_helper_win.h"
#include "content/public/common/content_switches.h"
+#include "sandbox/policy/sandbox_type.h"
#include "sandbox/win/src/sandbox.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
namespace {
// The entry point signature of chrome.dll.
@@ -138,8 +138,8 @@
// IsUnsandboxedSandboxType() can't be used here because its result can be
// gated behind a feature flag, which are not yet initialized.
const bool is_sandboxed =
- service_manager::SandboxTypeFromCommandLine(cmd_line) !=
- service_manager::SandboxType::kNoSandbox;
+ sandbox::policy::SandboxTypeFromCommandLine(cmd_line) !=
+ sandbox::policy::SandboxType::kNoSandbox;
if (is_browser || is_sandboxed) {
// For child processes that are running as --no-sandbox, don't initialize
// the sandbox info, otherwise they'll be treated as brokers (as if they
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index 6c2ee98..59c8d09 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -158,13 +158,13 @@
#include "pdf/buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/switches.h"
#include "services/device/public/cpp/device_features.h"
#include "services/device/public/cpp/serial/serial_switches.h"
#include "services/media_session/public/cpp/features.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/network_switches.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/blink/public/common/experiments/memory_ablation_experiment.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/forcedark/forcedark_switches.h"
diff --git a/chrome/browser/android/chrome_entry_point_for_test.cc b/chrome/browser/android/chrome_entry_point_for_test.cc
index a6cd004..6eec02f 100644
--- a/chrome/browser/android/chrome_entry_point_for_test.cc
+++ b/chrome/browser/android/chrome_entry_point_for_test.cc
@@ -14,7 +14,7 @@
#include "chrome/utility/chrome_content_utility_client.h"
#include "content/public/common/content_switches.h"
#include "content/public/test/network_service_test_helper.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
namespace {
@@ -31,8 +31,8 @@
if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kUtilityProcess &&
command_line->GetSwitchValueASCII(
- service_manager::switches::kServiceSandboxType) ==
- service_manager::switches::kNetworkSandbox) {
+ sandbox::policy::switches::kServiceSandboxType) ==
+ sandbox::policy::switches::kNetworkSandbox) {
ChromeContentUtilityClient::SetNetworkBinderCreationCallback(base::BindOnce(
[](content::NetworkServiceTestHelper* helper,
service_manager::BinderRegistry* registry) {
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index ba93af8..880da7a8 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -331,6 +331,8 @@
#include "ppapi/buildflags/buildflags.h"
#include "ppapi/host/ppapi_host.h"
#include "printing/buildflags/buildflags.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "services/metrics/public/cpp/ukm_builders.h"
#include "services/metrics/public/cpp/ukm_recorder.h"
#include "services/network/public/cpp/features.h"
@@ -338,8 +340,6 @@
#include "services/network/public/cpp/network_switches.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "services/strings/grit/services_strings.h"
#include "storage/browser/file_system/external_mount_points.h"
#include "third_party/blink/public/common/associated_interfaces/associated_interface_registry.h"
@@ -471,7 +471,7 @@
#if defined(OS_WIN) || defined(OS_MACOSX) || \
(defined(OS_LINUX) && !defined(OS_CHROMEOS))
#include "chrome/browser/browser_switcher/browser_switcher_navigation_throttle.h"
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
#endif
#if defined(OS_LINUX)
@@ -2420,7 +2420,7 @@
#if defined(OS_LINUX)
// Processes may only query perf_event_open with the BPF sandbox disabled.
if (browser_command_line.HasSwitch(switches::kEnableThreadInstructionCount) &&
- command_line->HasSwitch(service_manager::switches::kNoSandbox)) {
+ command_line->HasSwitch(sandbox::policy::switches::kNoSandbox)) {
command_line->AppendSwitch(switches::kEnableThreadInstructionCount);
}
#endif
@@ -3728,32 +3728,32 @@
#if defined(OS_WIN)
base::string16 ChromeContentBrowserClient::GetAppContainerSidForSandboxType(
- service_manager::SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
// TODO(wfh): Add support for more process types here. crbug.com/499523
switch (sandbox_type) {
- case service_manager::SandboxType::kRenderer:
+ case sandbox::policy::SandboxType::kRenderer:
return base::string16(install_static::GetSandboxSidPrefix()) +
L"129201922";
- case service_manager::SandboxType::kUtility:
+ case sandbox::policy::SandboxType::kUtility:
return base::string16();
- case service_manager::SandboxType::kGpu:
+ case sandbox::policy::SandboxType::kGpu:
return base::string16();
- case service_manager::SandboxType::kPpapi:
+ case sandbox::policy::SandboxType::kPpapi:
return base::string16(install_static::GetSandboxSidPrefix()) +
L"129201925";
- case service_manager::SandboxType::kNoSandbox:
- case service_manager::SandboxType::kNoSandboxAndElevatedPrivileges:
- case service_manager::SandboxType::kXrCompositing:
- case service_manager::SandboxType::kNetwork:
- case service_manager::SandboxType::kCdm:
- case service_manager::SandboxType::kPrintCompositor:
- case service_manager::SandboxType::kAudio:
- case service_manager::SandboxType::kSpeechRecognition:
- case service_manager::SandboxType::kProxyResolver:
- case service_manager::SandboxType::kPdfConversion:
- case service_manager::SandboxType::kSharingService:
- case service_manager::SandboxType::kVideoCapture:
- case service_manager::SandboxType::kIconReader:
+ case sandbox::policy::SandboxType::kNoSandbox:
+ case sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges:
+ case sandbox::policy::SandboxType::kXrCompositing:
+ case sandbox::policy::SandboxType::kNetwork:
+ case sandbox::policy::SandboxType::kCdm:
+ case sandbox::policy::SandboxType::kPrintCompositor:
+ case sandbox::policy::SandboxType::kAudio:
+ case sandbox::policy::SandboxType::kSpeechRecognition:
+ case sandbox::policy::SandboxType::kProxyResolver:
+ case sandbox::policy::SandboxType::kPdfConversion:
+ case sandbox::policy::SandboxType::kSharingService:
+ case sandbox::policy::SandboxType::kVideoCapture:
+ case sandbox::policy::SandboxType::kIconReader:
// Should never reach here.
CHECK(0);
return base::string16();
@@ -3822,7 +3822,7 @@
}
return base::FeatureList::IsEnabled(
- service_manager::features::kAudioServiceSandbox);
+ sandbox::policy::features::kAudioServiceSandbox);
}
#endif
@@ -3839,7 +3839,7 @@
->GetPolicies(policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME,
std::string()));
- service_manager::EnableAudioSandbox(ShouldEnableAudioSandbox(policies));
+ sandbox::policy::EnableAudioSandbox(ShouldEnableAudioSandbox(policies));
}
#endif
}
diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h
index 7be1063..fbdf141 100644
--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -391,7 +391,7 @@
bool PreSpawnRenderer(sandbox::TargetPolicy* policy,
RendererSpawnFlags flags) override;
base::string16 GetAppContainerSidForSandboxType(
- service_manager::SandboxType sandbox_type) override;
+ sandbox::policy::SandboxType sandbox_type) override;
bool IsRendererCodeIntegrityEnabled() override;
#endif
void ExposeInterfacesToRenderer(
diff --git a/chrome/browser/chromeos/login/chrome_restart_request.cc b/chrome/browser/chromeos/login/chrome_restart_request.cc
index 4b70101..5f2715a 100644
--- a/chrome/browser/chromeos/login/chrome_restart_request.cc
+++ b/chrome/browser/chromeos/login/chrome_restart_request.cc
@@ -47,7 +47,7 @@
#include "media/base/media_switches.h"
#include "media/capture/capture_switches.h"
#include "media/media_buildflags.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "third_party/blink/public/common/switches.h"
#include "third_party/cros_system_api/switches/chrome_switches.h"
#include "ui/base/ui_base_switches.h"
@@ -80,12 +80,12 @@
DCHECK_NE(&base_command_line, command_line);
static const char* const kForwardSwitches[] = {
- service_manager::switches::kDisableGpuSandbox,
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kDisableSetuidSandbox,
- service_manager::switches::kGpuSandboxAllowSysVShm,
- service_manager::switches::kGpuSandboxFailuresFatal,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableGpuSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kDisableSetuidSandbox,
+ sandbox::policy::switches::kGpuSandboxAllowSysVShm,
+ sandbox::policy::switches::kGpuSandboxFailuresFatal,
+ sandbox::policy::switches::kNoSandbox,
::switches::kBlinkSettings,
::switches::kDisable2dCanvasImageChromium,
::switches::kDisableAccelerated2dCanvas,
diff --git a/chrome/browser/extensions/api/tab_capture/tab_capture_performance_test_base.cc b/chrome/browser/extensions/api/tab_capture/tab_capture_performance_test_base.cc
index a4c3502..626997b0 100644
--- a/chrome/browser/extensions/api/tab_capture/tab_capture_performance_test_base.cc
+++ b/chrome/browser/extensions/api/tab_capture/tab_capture_performance_test_base.cc
@@ -33,7 +33,7 @@
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h"
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
#include "third_party/zlib/google/compression_utils.h"
#include "ui/gl/gl_switches.h"
@@ -51,7 +51,7 @@
feature_list_.InitWithFeatures(
{
- service_manager::features::kAudioServiceSandbox,
+ sandbox::policy::features::kAudioServiceSandbox,
features::kAudioServiceLaunchOnStartup,
features::kAudioServiceOutOfProcess,
},
diff --git a/chrome/browser/infobars/infobars_browsertest.cc b/chrome/browser/infobars/infobars_browsertest.cc
index 098a26f..ff296ab 100644
--- a/chrome/browser/infobars/infobars_browsertest.cc
+++ b/chrome/browser/infobars/infobars_browsertest.cc
@@ -57,7 +57,7 @@
#include "extensions/browser/sandboxed_unpacker.h"
#include "extensions/browser/test_extension_registry_observer.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "ui/base/l10n/l10n_util.h"
#if !defined(OS_CHROMEOS)
@@ -318,7 +318,7 @@
case IBD::BAD_FLAGS_INFOBAR_DELEGATE:
chrome::ShowBadFlagsInfoBar(GetWebContents(),
IDS_BAD_FLAGS_WARNING_MESSAGE,
- service_manager::switches::kNoSandbox);
+ sandbox::policy::switches::kNoSandbox);
break;
case IBD::DEFAULT_BROWSER_INFOBAR_DELEGATE:
diff --git a/chrome/browser/media/webrtc/webrtc_text_log_handler.cc b/chrome/browser/media/webrtc/webrtc_text_log_handler.cc
index 0185766c..f555085a 100644
--- a/chrome/browser/media/webrtc/webrtc_text_log_handler.cc
+++ b/chrome/browser/media/webrtc/webrtc_text_log_handler.cc
@@ -36,9 +36,9 @@
#include "net/base/ip_address.h"
#include "net/base/network_change_notifier.h"
#include "net/base/network_interfaces.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/network/public/mojom/network_service.mojom.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#if defined(OS_LINUX)
#include "base/linux_util.h"
@@ -487,7 +487,7 @@
features::kAudioServiceLaunchOnStartup),
", Sandbox=",
enabled_or_disabled_bool_string(
- service_manager::IsAudioSandboxEnabled())}));
+ sandbox::policy::IsAudioSandboxEnabled())}));
// Audio manager
// On some platforms, this can vary depending on build flags and failure
diff --git a/chrome/browser/policy/policy_browsertest.cc b/chrome/browser/policy/policy_browsertest.cc
index b629facb..b80547b 100644
--- a/chrome/browser/policy/policy_browsertest.cc
+++ b/chrome/browser/policy/policy_browsertest.cc
@@ -184,11 +184,11 @@
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/network_switches.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/service_manager/public/cpp/connector.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/input/web_input_event.h"
@@ -238,7 +238,7 @@
#if defined(OS_WIN) || defined(OS_MACOSX) || \
(defined(OS_LINUX) && !defined(OS_CHROMEOS))
#include "media/webrtc/webrtc_switches.h"
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
#endif
using content::BrowserThread;
@@ -2604,10 +2604,10 @@
IN_PROC_BROWSER_TEST_P(AudioSandboxEnabledTest, IsRespected) {
base::Optional<bool> enable_sandbox_via_policy = GetParam();
bool is_sandbox_enabled_by_default = base::FeatureList::IsEnabled(
- service_manager::features::kAudioServiceSandbox);
+ sandbox::policy::features::kAudioServiceSandbox);
ASSERT_EQ(enable_sandbox_via_policy.value_or(is_sandbox_enabled_by_default),
- service_manager::IsAudioSandboxEnabled());
+ sandbox::policy::IsAudioSandboxEnabled());
}
INSTANTIATE_TEST_SUITE_P(
diff --git a/chrome/browser/ui/startup/bad_flags_prompt.cc b/chrome/browser/ui/startup/bad_flags_prompt.cc
index 86a5f65..00e1a2f 100644
--- a/chrome/browser/ui/startup/bad_flags_prompt.cc
+++ b/chrome/browser/ui/startup/bad_flags_prompt.cc
@@ -36,8 +36,8 @@
#include "gpu/config/gpu_switches.h"
#include "media/base/media_switches.h"
#include "media/media_buildflags.h"
+#include "sandbox/policy/switches.h"
#include "services/network/public/cpp/network_switches.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/blink/public/common/features.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/resource/resource_bundle.h"
@@ -58,12 +58,12 @@
static const char* kBadFlags[] = {
network::switches::kIgnoreCertificateErrorsSPKIList,
// These flags disable sandbox-related security.
- service_manager::switches::kDisableGpuSandbox,
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kDisableSetuidSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableGpuSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kDisableSetuidSandbox,
+ sandbox::policy::switches::kNoSandbox,
#if defined(OS_WIN)
- service_manager::switches::kAllowThirdPartyModules,
+ sandbox::policy::switches::kAllowThirdPartyModules,
#endif
switches::kDisableSiteIsolation,
switches::kDisableWebSecurity,
diff --git a/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc b/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
index 793226e..09e8f968b6 100644
--- a/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
+++ b/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
@@ -20,7 +20,7 @@
#include "components/ui_devtools/switches.h"
#include "components/ui_devtools/views/devtools_server_util.h"
#include "content/public/browser/tracing_service.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if defined(USE_AURA)
#include "base/run_loop.h"
@@ -115,7 +115,7 @@
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
- if (command_line.HasSwitch(service_manager::switches::kNoSandbox))
+ if (command_line.HasSwitch(sandbox::policy::switches::kNoSandbox))
return;
base::string16 title = l10n_util::GetStringFUTF16(
diff --git a/chrome/browser/ui/webui/sandbox/sandbox_handler.cc b/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
index 747c8494..d417b235 100644
--- a/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
+++ b/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
@@ -17,7 +17,7 @@
#include "content/public/browser/sandbox_type.h"
#include "content/public/browser/web_ui.h"
#include "content/public/common/process_type.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
using content::BrowserChildProcessHostIterator;
using content::ChildProcessData;
@@ -46,7 +46,7 @@
proc.SetPath("metricsName", base::Value(process_data.metrics_name));
proc.SetPath(
"sandboxType",
- base::Value(service_manager::SandboxWin::GetSandboxTypeInEnglish(
+ base::Value(sandbox::policy::SandboxWin::GetSandboxTypeInEnglish(
process_data.sandbox_type)));
browser_processes.Append(std::move(proc));
}
@@ -109,7 +109,7 @@
DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
browser_processes_ = std::move(browser_processes);
- service_manager::SandboxWin::GetPolicyDiagnostics(
+ sandbox::policy::SandboxWin::GetPolicyDiagnostics(
base::BindOnce(&SandboxHandler::FetchSandboxDiagnosticsCompleted,
weak_ptr_factory_.GetWeakPtr()));
}
diff --git a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
index 481b12ba..4bd9aa3 100644
--- a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
+++ b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
@@ -26,7 +26,7 @@
#if defined(OS_LINUX)
#include "content/public/browser/zygote_host/zygote_host_linux.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#endif
namespace {
@@ -37,30 +37,30 @@
const int status =
content::ZygoteHost::GetInstance()->GetRendererSandboxStatus();
- source->AddBoolean("suid", status & service_manager::SandboxLinux::kSUID);
- source->AddBoolean("userNs", status & service_manager::SandboxLinux::kUserNS);
- source->AddBoolean("pidNs", status & service_manager::SandboxLinux::kPIDNS);
- source->AddBoolean("netNs", status & service_manager::SandboxLinux::kNetNS);
+ source->AddBoolean("suid", status & sandbox::policy::SandboxLinux::kSUID);
+ source->AddBoolean("userNs", status & sandbox::policy::SandboxLinux::kUserNS);
+ source->AddBoolean("pidNs", status & sandbox::policy::SandboxLinux::kPIDNS);
+ source->AddBoolean("netNs", status & sandbox::policy::SandboxLinux::kNetNS);
source->AddBoolean("seccompBpf",
- status & service_manager::SandboxLinux::kSeccompBPF);
+ status & sandbox::policy::SandboxLinux::kSeccompBPF);
source->AddBoolean("seccompTsync",
- status & service_manager::SandboxLinux::kSeccompTSYNC);
+ status & sandbox::policy::SandboxLinux::kSeccompTSYNC);
source->AddBoolean("yamaBroker",
- status & service_manager::SandboxLinux::kYama);
+ status & sandbox::policy::SandboxLinux::kYama);
// Yama does not enforce in user namespaces.
bool enforcing_yama_nonbroker =
- status & service_manager::SandboxLinux::kYama &&
- !(status & service_manager::SandboxLinux::kUserNS);
+ status & sandbox::policy::SandboxLinux::kYama &&
+ !(status & sandbox::policy::SandboxLinux::kUserNS);
source->AddBoolean("yamaNonbroker", enforcing_yama_nonbroker);
// Require either the setuid or namespace sandbox for our first-layer sandbox.
- bool good_layer1 = (status & service_manager::SandboxLinux::kSUID ||
- status & service_manager::SandboxLinux::kUserNS) &&
- status & service_manager::SandboxLinux::kPIDNS &&
- status & service_manager::SandboxLinux::kNetNS;
+ bool good_layer1 = (status & sandbox::policy::SandboxLinux::kSUID ||
+ status & sandbox::policy::SandboxLinux::kUserNS) &&
+ status & sandbox::policy::SandboxLinux::kPIDNS &&
+ status & sandbox::policy::SandboxLinux::kNetNS;
// A second-layer sandbox is also required to be adequately sandboxed.
- bool good_layer2 = status & service_manager::SandboxLinux::kSeccompBPF;
+ bool good_layer2 = status & sandbox::policy::SandboxLinux::kSeccompBPF;
source->AddBoolean("sandboxGood", good_layer1 && good_layer2);
}
#endif
diff --git a/chrome/browser/vr/test/webxr_vr_browser_test.h b/chrome/browser/vr/test/webxr_vr_browser_test.h
index d77ca21d..d651d20 100644
--- a/chrome/browser/vr/test/webxr_vr_browser_test.h
+++ b/chrome/browser/vr/test/webxr_vr_browser_test.h
@@ -18,7 +18,7 @@
#include "ui/gfx/geometry/vector3d_f.h"
#if defined(OS_WIN)
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
#endif
namespace vr {
diff --git a/chrome/browser/win/chrome_elf_init.cc b/chrome/browser/win/chrome_elf_init.cc
index e0302d80..5f3ae0e 100644
--- a/chrome/browser/win/chrome_elf_init.cc
+++ b/chrome/browser/win/chrome_elf_init.cc
@@ -21,7 +21,7 @@
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/common/content_features.h"
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
const char kBrowserBlacklistTrialName[] = "BrowserBlacklist";
const char kBrowserBlacklistTrialDisabledGroupName[] = "NoBlacklist";
@@ -90,7 +90,7 @@
finch_path.c_str(), KEY_READ);
if (base::FeatureList::IsEnabled(
- service_manager::features::kWinSboxDisableExtensionPoints)) {
+ sandbox::policy::features::kWinSboxDisableExtensionPoints)) {
if (finch_security_registry_key.Valid())
finch_security_registry_key.DeleteKey(L"");
} else {
diff --git a/chrome/child/pdf_child_init.cc b/chrome/child/pdf_child_init.cc
index 1351cbdae..09a2438 100644
--- a/chrome/child/pdf_child_init.cc
+++ b/chrome/child/pdf_child_init.cc
@@ -14,8 +14,8 @@
#include "base/win/windows_version.h"
#include "content/public/child/child_thread.h"
#include "content/public/common/content_switches.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#endif
namespace {
@@ -58,12 +58,12 @@
// Patch utility processes which explicitly need GDI. Anything else, just
// return.
- service_manager::SandboxType service_sandbox_type =
- service_manager::SandboxTypeFromCommandLine(command_line);
- if (!(service_sandbox_type == service_manager::SandboxType::kPpapi ||
+ sandbox::policy::SandboxType service_sandbox_type =
+ sandbox::policy::SandboxTypeFromCommandLine(command_line);
+ if (!(service_sandbox_type == sandbox::policy::SandboxType::kPpapi ||
service_sandbox_type ==
- service_manager::SandboxType::kPrintCompositor ||
- service_sandbox_type == service_manager::SandboxType::kPdfConversion)) {
+ sandbox::policy::SandboxType::kPrintCompositor ||
+ service_sandbox_type == sandbox::policy::SandboxType::kPdfConversion)) {
return;
}
diff --git a/chrome/common/BUILD.gn b/chrome/common/BUILD.gn
index 75d7bb8..b2bf941f 100644
--- a/chrome/common/BUILD.gn
+++ b/chrome/common/BUILD.gn
@@ -225,7 +225,7 @@
"//pdf:buildflags",
"//ppapi/buildflags",
"//printing/buildflags",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
"//skia",
"//third_party/icu",
"//third_party/re2",
diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
index 1e92c0e..e9b06e3 100644
--- a/chrome/common/chrome_content_client.cc
+++ b/chrome/common/chrome_content_client.cc
@@ -70,10 +70,6 @@
#include "sandbox/linux/services/credentials.h"
#endif // defined(OS_LINUX)
-#if defined(OS_MACOSX)
-#include "services/service_manager/sandbox/mac/nacl_loader.sb.h"
-#endif
-
#if defined(OS_WIN)
#include "base/win/windows_version.h"
#endif
diff --git a/chrome/common/profiler/stack_sampling_configuration.cc b/chrome/common/profiler/stack_sampling_configuration.cc
index d91a988..eb790d0 100644
--- a/chrome/common/profiler/stack_sampling_configuration.cc
+++ b/chrome/common/profiler/stack_sampling_configuration.cc
@@ -14,7 +14,7 @@
#include "components/version_info/version_info.h"
#include "content/public/common/content_switches.h"
#include "extensions/buildflags/buildflags.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#if defined(OS_ANDROID)
#include "chrome/android/modules/stack_unwinder/public/module.h"
@@ -170,8 +170,8 @@
(process_type == switches::kUtilityProcess &&
// The network service is the only utility process that is profiled for
// now.
- service_manager::SandboxTypeFromCommandLine(*command_line) ==
- service_manager::SandboxType::kNetwork) ||
+ sandbox::policy::SandboxTypeFromCommandLine(*command_line) ==
+ sandbox::policy::SandboxType::kNetwork) ||
(process_type == switches::kRendererProcess &&
// Do not start the profiler for extension processes since profiling the
// compositor thread in them is not useful.
diff --git a/chrome/common/profiler/thread_profiler.cc b/chrome/common/profiler/thread_profiler.cc
index e054708..85fca381 100644
--- a/chrome/common/profiler/thread_profiler.cc
+++ b/chrome/common/profiler/thread_profiler.cc
@@ -26,8 +26,8 @@
#include "components/metrics/call_stack_profile_metrics_provider.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/service_names.mojom.h"
+#include "sandbox/policy/sandbox.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/sandbox.h"
#if defined(OS_ANDROID) && BUILDFLAG(ENABLE_ARM_CFI_TABLE)
#include "base/android/apk_assets.h"
@@ -70,8 +70,8 @@
return CallStackProfileParams::GPU_PROCESS;
if (process_type == switches::kUtilityProcess) {
auto sandbox_type =
- service_manager::SandboxTypeFromCommandLine(*command_line);
- if (sandbox_type == service_manager::SandboxType::kNetwork)
+ sandbox::policy::SandboxTypeFromCommandLine(*command_line);
+ if (sandbox_type == sandbox::policy::SandboxType::kNetwork)
return CallStackProfileParams::NETWORK_SERVICE_PROCESS;
return CallStackProfileParams::UTILITY_PROCESS;
}
diff --git a/chrome/service/service_main.cc b/chrome/service/service_main.cc
index 38696464..8ffc524 100644
--- a/chrome/service/service_main.cc
+++ b/chrome/service/service_main.cc
@@ -18,7 +18,7 @@
int CloudPrintServiceProcessMain(
const content::MainFunctionParams& parameters) {
// This is a hack: the Cloud Print service doesn't actually set up a sandbox,
- // but service_manager::SandboxTypeFromCommandLine(command_line)) doesn't know
+ // but sandbox::policy::SandboxTypeFromCommandLine(command_line)) doesn't know
// about it, so it's considered sandboxed, causing shared memory hooks to be
// installed above. The Cloud Print service *also* doesn't set
// is_broker_process when initializing Mojo, so that bit also can't be used to
diff --git a/chrome/service/service_utility_process_host.cc b/chrome/service/service_utility_process_host.cc
index d8318f63..541ff9b 100644
--- a/chrome/service/service_utility_process_host.cc
+++ b/chrome/service/service_utility_process_host.cc
@@ -46,10 +46,10 @@
#include "mojo/public/cpp/system/invitation.h"
#include "mojo/public/cpp/system/platform_handle.h"
#include "printing/emf_win.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/sandbox_types.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "ui/base/ui_base_switches.h"
namespace {
@@ -91,8 +91,8 @@
return true;
}
- service_manager::SandboxType GetSandboxType() override {
- return service_manager::SandboxType::kUtility;
+ sandbox::policy::SandboxType GetSandboxType() override {
+ return sandbox::policy::SandboxType::kUtility;
}
private:
@@ -356,7 +356,7 @@
mojo::NamedPlatformChannel channel(options);
channel.PassServerNameOnCommandLine(cmd_line);
- cmd_line->AppendSwitch(service_manager::switches::kNoSandbox);
+ cmd_line->AppendSwitch(sandbox::policy::switches::kNoSandbox);
process_ = base::LaunchProcess(*cmd_line, base::LaunchOptions());
mojo::OutgoingInvitation::Send(std::move(mojo_invitation),
process_.Handle(),
diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
index 8d426e3..73de193 100644
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -7053,7 +7053,7 @@
"//base",
"//chrome/test:browser_tests_runner",
"//device/base",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
]
public_deps = [
diff --git a/chrome/test/nacl/nacl_browsertest.cc b/chrome/test/nacl/nacl_browsertest.cc
index 67f3d23..8089b7e 100644
--- a/chrome/test/nacl/nacl_browsertest.cc
+++ b/chrome/test/nacl/nacl_browsertest.cc
@@ -27,7 +27,7 @@
#include "components/nacl/common/nacl_switches.h"
#include "content/public/common/content_switches.h"
#include "content/public/test/browser_test.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if defined(OS_WIN)
#include "base/win/windows_version.h"
@@ -281,7 +281,7 @@
// On windows, the debug stub requires --no-sandbox:
// crbug.com/265624
#if defined(OS_WIN)
- command_line->AppendSwitch(service_manager::switches::kNoSandbox);
+ command_line->AppendSwitch(sandbox::policy::switches::kNoSandbox);
#endif
}
diff --git a/chrome/utility/chrome_content_utility_client.cc b/chrome/utility/chrome_content_utility_client.cc
index ff68e4eb..d449930 100644
--- a/chrome/utility/chrome_content_utility_client.cc
+++ b/chrome/utility/chrome_content_utility_client.cc
@@ -17,7 +17,7 @@
#include "chrome/utility/services.h"
#include "content/public/child/child_thread.h"
#include "content/public/common/content_switches.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if BUILDFLAG(ENABLE_PRINT_PREVIEW) && defined(OS_WIN)
#include "chrome/utility/printing_handler.h"
@@ -44,7 +44,7 @@
#if defined(OS_WIN)
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
utility_process_running_elevated_ = command_line->HasSwitch(
- service_manager::switches::kNoSandboxAndElevatedPrivileges);
+ sandbox::policy::switches::kNoSandboxAndElevatedPrivileges);
#endif
// If our process runs with elevated privileges, only add elevated Mojo
diff --git a/chromecast/app/DEPS b/chromecast/app/DEPS
index 84008926..b2871c3b 100644
--- a/chromecast/app/DEPS
+++ b/chromecast/app/DEPS
@@ -9,7 +9,7 @@
"+content/public/app",
"+content/public/browser",
"+content/public/common",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
"+ui/base",
]
diff --git a/chromecast/app/cast_main_delegate.cc b/chromecast/app/cast_main_delegate.cc
index 6d67227..afd8d0c 100644
--- a/chromecast/app/cast_main_delegate.cc
+++ b/chromecast/app/cast_main_delegate.cc
@@ -42,7 +42,7 @@
#include "ui/base/resource/resource_bundle_android.h"
#elif defined(OS_LINUX)
#include "chromecast/app/linux/cast_crash_reporter_client.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#endif // defined(OS_LINUX)
namespace {
diff --git a/chromecast/app/linux/cast_crash_reporter_client.cc b/chromecast/app/linux/cast_crash_reporter_client.cc
index c560e78..c13a5fba 100644
--- a/chromecast/app/linux/cast_crash_reporter_client.cc
+++ b/chromecast/app/linux/cast_crash_reporter_client.cc
@@ -9,7 +9,7 @@
#include "chromecast/crash/linux/crash_util.h"
#include "components/crash/core/app/breakpad_linux.h"
#include "content/public/common/content_switches.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
namespace chromecast {
diff --git a/chromeos/services/ime/BUILD.gn b/chromeos/services/ime/BUILD.gn
index 968dd84..1abdeb7 100644
--- a/chromeos/services/ime/BUILD.gn
+++ b/chromeos/services/ime/BUILD.gn
@@ -51,7 +51,7 @@
"//base",
"//chromeos/services/ime/public/cpp:buildflags",
"//sandbox/linux:sandbox_services",
- "//services/service_manager/sandbox:sandbox",
+ "//sandbox/policy",
]
}
diff --git a/chromeos/services/ime/DEPS b/chromeos/services/ime/DEPS
index e0f62929..f37c4d10 100644
--- a/chromeos/services/ime/DEPS
+++ b/chromeos/services/ime/DEPS
@@ -2,5 +2,5 @@
"+mojo/public",
"+third_party/re2",
"+sandbox",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
diff --git a/chromeos/services/ime/ime_sandbox_hook.cc b/chromeos/services/ime/ime_sandbox_hook.cc
index 89741742..7b804f1 100644
--- a/chromeos/services/ime/ime_sandbox_hook.cc
+++ b/chromeos/services/ime/ime_sandbox_hook.cc
@@ -102,8 +102,8 @@
} // namespace
-bool ImePreSandboxHook(service_manager::SandboxLinux::Options options) {
- auto* instance = service_manager::SandboxLinux::GetInstance();
+bool ImePreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
+ auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
sandbox::syscall_broker::COMMAND_OPEN,
@@ -114,7 +114,7 @@
sandbox::syscall_broker::COMMAND_UNLINK,
}),
GetImeFilePermissions(),
- service_manager::SandboxLinux::PreSandboxHook(),
+ sandbox::policy::SandboxLinux::PreSandboxHook(),
options);
instance->EngageNamespaceSandboxIfPossible();
diff --git a/chromeos/services/ime/ime_sandbox_hook.h b/chromeos/services/ime/ime_sandbox_hook.h
index fb8c3d4..fd0cfd0 100644
--- a/chromeos/services/ime/ime_sandbox_hook.h
+++ b/chromeos/services/ime/ime_sandbox_hook.h
@@ -5,12 +5,12 @@
#ifndef CHROMEOS_SERVICES_IME_IME_SANDBOX_HOOK_H_
#define CHROMEOS_SERVICES_IME_IME_SANDBOX_HOOK_H_
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace chromeos {
namespace ime {
-bool ImePreSandboxHook(service_manager::SandboxLinux::Options options);
+bool ImePreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace ime
} // namespace chromeos
diff --git a/chromeos/services/tts/BUILD.gn b/chromeos/services/tts/BUILD.gn
index e2feb37..6592041 100644
--- a/chromeos/services/tts/BUILD.gn
+++ b/chromeos/services/tts/BUILD.gn
@@ -30,7 +30,7 @@
":tts",
"//base",
"//sandbox/linux:sandbox_services",
- "//services/service_manager/sandbox:sandbox",
+ "//sandbox/policy",
]
}
diff --git a/chromeos/services/tts/DEPS b/chromeos/services/tts/DEPS
index bbe2c10..63a980c 100644
--- a/chromeos/services/tts/DEPS
+++ b/chromeos/services/tts/DEPS
@@ -1,5 +1,5 @@
include_rules = [
"+mojo/public",
"+sandbox",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
diff --git a/chromeos/services/tts/tts_sandbox_hook.cc b/chromeos/services/tts/tts_sandbox_hook.cc
index f654ede..b10af01 100644
--- a/chromeos/services/tts/tts_sandbox_hook.cc
+++ b/chromeos/services/tts/tts_sandbox_hook.cc
@@ -43,14 +43,14 @@
return permissions;
}
-bool TtsPreSandboxHook(service_manager::SandboxLinux::Options options) {
+bool TtsPreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
if (!dlopen(kLibchromettsPath, RTLD_LAZY))
LOG(ERROR) << "Unable to open libchrometts.so: " << dlerror();
// Ensure this directory is created.
base::FilePath temp_data_dir(kTempDataDirectory);
base::CreateDirectoryAndGetError(temp_data_dir, nullptr);
- auto* instance = service_manager::SandboxLinux::GetInstance();
+ auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
sandbox::syscall_broker::COMMAND_OPEN,
@@ -61,7 +61,7 @@
sandbox::syscall_broker::COMMAND_UNLINK,
}),
GetTtsFilePermissions(),
- service_manager::SandboxLinux::PreSandboxHook(),
+ sandbox::policy::SandboxLinux::PreSandboxHook(),
options);
instance->EngageNamespaceSandboxIfPossible();
diff --git a/chromeos/services/tts/tts_sandbox_hook.h b/chromeos/services/tts/tts_sandbox_hook.h
index 6480236..59c77a4 100644
--- a/chromeos/services/tts/tts_sandbox_hook.h
+++ b/chromeos/services/tts/tts_sandbox_hook.h
@@ -5,12 +5,12 @@
#ifndef CHROMEOS_SERVICES_TTS_TTS_SANDBOX_HOOK_H_
#define CHROMEOS_SERVICES_TTS_TTS_SANDBOX_HOOK_H_
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace chromeos {
namespace tts {
-bool TtsPreSandboxHook(service_manager::SandboxLinux::Options options);
+bool TtsPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace tts
} // namespace chromeos
diff --git a/components/nacl/broker/BUILD.gn b/components/nacl/broker/BUILD.gn
index c7cf227..2203a44fd 100644
--- a/components/nacl/broker/BUILD.gn
+++ b/components/nacl/broker/BUILD.gn
@@ -121,7 +121,7 @@
"//content/app/sandbox_helper_win.cc",
"//content/common/sandbox_init_win.cc",
"//content/public/common/sandboxed_process_launcher_delegate.cc",
- "//services/service_manager/sandbox/win/sandbox_win.cc",
+ "//sandbox/policy/win/sandbox_win.cc",
]
defines = [
@@ -139,7 +139,7 @@
"//content/public/common:static_switches",
"//content/public/common/zygote:buildflags",
"//sandbox",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
]
}
diff --git a/components/nacl/broker/DEPS b/components/nacl/broker/DEPS
index 3fd2d9f..a782c802 100644
--- a/components/nacl/broker/DEPS
+++ b/components/nacl/broker/DEPS
@@ -1,6 +1,6 @@
include_rules = [
"+content/public/app/sandbox_helper_win.h",
"+mojo/public/cpp/system",
+ "+sandbox/policy",
"+sandbox/win/src",
- "+services/service_manager/sandbox",
]
diff --git a/components/nacl/broker/nacl_broker_listener.cc b/components/nacl/broker/nacl_broker_listener.cc
index a35566a..d2a7a18 100644
--- a/components/nacl/broker/nacl_broker_listener.cc
+++ b/components/nacl/broker/nacl_broker_listener.cc
@@ -52,8 +52,8 @@
run_loop_.Run();
}
-service_manager::SandboxType NaClBrokerListener::GetSandboxType() {
- return service_manager::SandboxType::kPpapi;
+sandbox::policy::SandboxType NaClBrokerListener::GetSandboxType() {
+ return sandbox::policy::SandboxType::kPpapi;
}
void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) {
diff --git a/components/nacl/broker/nacl_broker_listener.h b/components/nacl/broker/nacl_broker_listener.h
index ae02f05d..6776ee2 100644
--- a/components/nacl/broker/nacl_broker_listener.h
+++ b/components/nacl/broker/nacl_broker_listener.h
@@ -15,7 +15,7 @@
#include "components/nacl/common/nacl_types.h"
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "ipc/ipc_listener.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
namespace IPC {
class Channel;
@@ -32,7 +32,7 @@
void Listen();
// content::SandboxedProcessLauncherDelegate implementation:
- service_manager::SandboxType GetSandboxType() override;
+ sandbox::policy::SandboxType GetSandboxType() override;
// IPC::Listener implementation.
void OnChannelConnected(int32_t peer_pid) override;
diff --git a/components/nacl/browser/DEPS b/components/nacl/browser/DEPS
index ac0b7e8..15eafd6 100644
--- a/components/nacl/browser/DEPS
+++ b/components/nacl/browser/DEPS
@@ -7,5 +7,5 @@
"+ppapi/host",
"+ppapi/proxy",
"+ppapi/shared_impl",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
diff --git a/components/nacl/browser/nacl_broker_host_win.cc b/components/nacl/browser/nacl_broker_host_win.cc
index 324bd5e..08369d3 100644
--- a/components/nacl/browser/nacl_broker_host_win.cc
+++ b/components/nacl/browser/nacl_broker_host_win.cc
@@ -32,8 +32,8 @@
public:
NaClBrokerSandboxedProcessLauncherDelegate() {}
- service_manager::SandboxType GetSandboxType() override {
- return service_manager::SandboxType::kNoSandbox;
+ sandbox::policy::SandboxType GetSandboxType() override {
+ return sandbox::policy::SandboxType::kNoSandbox;
}
private:
diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc
index 4f6e651b..dcf7b0c 100644
--- a/components/nacl/browser/nacl_process_host.cc
+++ b/components/nacl/browser/nacl_process_host.cc
@@ -63,7 +63,7 @@
#include "ppapi/proxy/ppapi_messages.h"
#include "ppapi/shared_impl/ppapi_constants.h"
#include "ppapi/shared_impl/ppapi_nacl_plugin_args.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
#include "content/public/common/zygote/zygote_handle.h" // nogncheck
@@ -190,8 +190,8 @@
}
#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
- service_manager::SandboxType GetSandboxType() override {
- return service_manager::SandboxType::kPpapi;
+ sandbox::policy::SandboxType GetSandboxType() override {
+ return sandbox::policy::SandboxType::kPpapi;
}
};
@@ -355,7 +355,7 @@
const base::CommandLine* cmd = base::CommandLine::ForCurrentProcess();
#if defined(OS_WIN)
if (cmd->HasSwitch(switches::kEnableNaClDebug) &&
- !cmd->HasSwitch(service_manager::switches::kNoSandbox)) {
+ !cmd->HasSwitch(sandbox::policy::switches::kNoSandbox)) {
// We don't switch off sandbox automatically for security reasons.
SendErrorToRenderer("NaCl's GDB debug stub requires --no-sandbox flag"
" on Windows. See crbug.com/265624.");
diff --git a/components/nacl/common/BUILD.gn b/components/nacl/common/BUILD.gn
index 4ea9335..04ad546 100644
--- a/components/nacl/common/BUILD.gn
+++ b/components/nacl/common/BUILD.gn
@@ -29,7 +29,7 @@
":minimal_content_dummy",
":switches",
"//ipc",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
]
deps = [
diff --git a/components/nacl/common/DEPS b/components/nacl/common/DEPS
index f09fadf..546de6c 100644
--- a/components/nacl/common/DEPS
+++ b/components/nacl/common/DEPS
@@ -3,5 +3,5 @@
"+native_client/src/trusted/service_runtime/nacl_error_code.h",
"+mojo/core/embedder",
"+mojo/public",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
diff --git a/components/nacl/common/nacl_cmd_line.cc b/components/nacl/common/nacl_cmd_line.cc
index f75c1fa..b82243e 100644
--- a/components/nacl/common/nacl_cmd_line.cc
+++ b/components/nacl/common/nacl_cmd_line.cc
@@ -8,7 +8,7 @@
#include "build/build_config.h"
#include "components/nacl/common/nacl_switches.h"
#include "content/public/common/content_switches.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
namespace nacl {
@@ -20,7 +20,7 @@
// with any associated values) if present in the browser command line.
// TODO(gregoryd): check which flags of those below can be supported.
static const char* const kSwitchNames[] = {
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kNoSandbox,
switches::kDisableBreakpad,
switches::kFullMemoryCrashReport,
switches::kEnableLogging,
@@ -28,7 +28,7 @@
switches::kLoggingLevel,
switches::kNoErrorDialogs,
#if defined(OS_MACOSX)
- service_manager::switches::kEnableSandboxLogging,
+ sandbox::policy::switches::kEnableSandboxLogging,
#endif
#if defined(OS_WIN)
switches::kDisableHighResTimer,
diff --git a/components/nacl/loader/BUILD.gn b/components/nacl/loader/BUILD.gn
index 3be3347..7919bc5 100644
--- a/components/nacl/loader/BUILD.gn
+++ b/components/nacl/loader/BUILD.gn
@@ -123,7 +123,7 @@
"//ipc",
"//mojo/core/embedder",
"//sandbox/linux:sandbox_services",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
"//url/ipc:url_ipc",
]
@@ -195,7 +195,7 @@
"//content/public/common:static_switches",
"//mojo/core/embedder",
"//sandbox",
- "//services/service_manager/sandbox:sandbox",
+ "//sandbox/policy",
]
}
}
@@ -234,8 +234,8 @@
"//native_client/src/untrusted/nacl",
"//ppapi/proxy",
"//sandbox/linux:sandbox",
+ "//sandbox/policy",
"//services/service_manager/public/cpp",
- "//services/service_manager/sandbox",
]
}
diff --git a/components/nacl/loader/DEPS b/components/nacl/loader/DEPS
index 5d11bc0..5aa3158 100644
--- a/components/nacl/loader/DEPS
+++ b/components/nacl/loader/DEPS
@@ -10,9 +10,9 @@
"+sandbox/linux/suid",
"+sandbox/linux/system_headers",
"+sandbox/mac",
+ "+sandbox/policy",
"+sandbox/sandbox_buildflags.h",
"+sandbox/win/src",
- "+services/service_manager/sandbox",
"+ppapi/c", # header files only
"+mojo/core/embedder",
diff --git a/components/nacl/loader/nacl_helper_win_64.cc b/components/nacl/loader/nacl_helper_win_64.cc
index c3aa2f7..531dfb26 100644
--- a/components/nacl/loader/nacl_helper_win_64.cc
+++ b/components/nacl/loader/nacl_helper_win_64.cc
@@ -27,8 +27,8 @@
#include "content/public/common/main_function_params.h"
#include "content/public/common/sandbox_init.h"
#include "mojo/core/embedder/embedder.h"
+#include "sandbox/policy/sandbox.h"
#include "sandbox/win/src/sandbox_types.h"
-#include "services/service_manager/sandbox/sandbox.h"
extern int NaClMain(const content::MainFunctionParams&);
@@ -74,8 +74,8 @@
base::RouteStdioToConsole(true);
// Initialize the sandbox for this process.
- bool sandbox_initialized_ok = service_manager::Sandbox::Initialize(
- service_manager::SandboxTypeFromCommandLine(command_line), &sandbox_info);
+ bool sandbox_initialized_ok = sandbox::policy::Sandbox::Initialize(
+ sandbox::policy::SandboxTypeFromCommandLine(command_line), &sandbox_info);
// Die if the sandbox can't be enabled.
CHECK(sandbox_initialized_ok) << "Error initializing sandbox for "
diff --git a/components/nacl/loader/nacl_main.cc b/components/nacl/loader/nacl_main.cc
index 90e0ed7..8aaf72e 100644
--- a/components/nacl/loader/nacl_main.cc
+++ b/components/nacl/loader/nacl_main.cc
@@ -18,7 +18,7 @@
#include "components/nacl/loader/nacl_main_platform_delegate.h"
#include "content/public/common/main_function_params.h"
#include "mojo/core/embedder/embedder.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
// main() routine for the NaCl loader process.
int NaClMain(const content::MainFunctionParams& parameters) {
@@ -39,7 +39,7 @@
defined(OS_ANDROID)
NaClMainPlatformDelegate platform;
bool no_sandbox =
- parsed_command_line.HasSwitch(service_manager::switches::kNoSandbox);
+ parsed_command_line.HasSwitch(sandbox::policy::switches::kNoSandbox);
#if defined(OS_WIN)
// NaCl processes exit differently from other Chromium processes (see NaClExit
diff --git a/components/nacl/loader/nacl_main_platform_delegate_mac.mm b/components/nacl/loader/nacl_main_platform_delegate_mac.mm
index 9b91d91..4c13fd786 100644
--- a/components/nacl/loader/nacl_main_platform_delegate_mac.mm
+++ b/components/nacl/loader/nacl_main_platform_delegate_mac.mm
@@ -11,7 +11,7 @@
#include "content/public/common/sandbox_init.h"
#include "sandbox/mac/seatbelt.h"
#include "sandbox/mac/seatbelt_exec.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
void NaClMainPlatformDelegate::EnableSandbox(
const content::MainFunctionParams& parameters) {
diff --git a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
index 13ac51c..61305514 100644
--- a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
+++ b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
@@ -34,7 +34,7 @@
#include "sandbox/linux/services/resource_limits.h"
#include "sandbox/linux/services/thread_helpers.h"
#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
namespace nacl {
@@ -54,7 +54,7 @@
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
if (command_line.HasSwitch(
- service_manager::switches::kAllowSandboxDebugging)) {
+ sandbox::policy::switches::kAllowSandboxDebugging)) {
return true;
}
diff --git a/components/nacl/zygote/DEPS b/components/nacl/zygote/DEPS
index f78d2a5..188f3ff 100644
--- a/components/nacl/zygote/DEPS
+++ b/components/nacl/zygote/DEPS
@@ -2,5 +2,5 @@
"+crypto",
"+sandbox/linux/services",
"+sandbox/linux/suid",
- "+services/service_manager/sandbox",
+ "+sandbox/policy",
]
diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc
index 03807105..0148a0c 100644
--- a/components/nacl/zygote/nacl_fork_delegate_linux.cc
+++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc
@@ -38,7 +38,7 @@
#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
#include "sandbox/linux/suid/client/setuid_sandbox_host.h"
#include "sandbox/linux/suid/common/sandbox.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
namespace {
@@ -220,9 +220,9 @@
// Append any switches that need to be forwarded to the NaCl helper.
static constexpr const char* kForwardSwitches[] = {
- service_manager::switches::kAllowSandboxDebugging,
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kAllowSandboxDebugging,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kNoSandbox,
switches::kEnableNaClDebug,
switches::kNaClDangerousNoSandboxNonSfi,
};
diff --git a/content/BUILD.gn b/content/BUILD.gn
index 6a4a067..e6cb234 100644
--- a/content/BUILD.gn
+++ b/content/BUILD.gn
@@ -88,7 +88,7 @@
source_set("content") {
set_sources_assignment_filter([])
sources = [
- "//services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc",
+ "//sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc",
"common/sandbox_init_linux.cc",
"common/zygote/send_zygote_child_ping_linux.cc",
"public/common/content_switches.cc",
@@ -100,7 +100,7 @@
"//media:media_buildflags",
"//sandbox:sandbox_buildflags",
"//sandbox/linux:sandbox",
- "//services/service_manager/sandbox",
+ "//sandbox/policy",
]
}
} else {
diff --git a/content/DEPS b/content/DEPS
index 96a1943..b258857 100644
--- a/content/DEPS
+++ b/content/DEPS
@@ -41,7 +41,6 @@
"+sandbox",
"+services/proxy_resolver/public/mojom",
"+services/service_manager/embedder",
- "+services/service_manager/sandbox",
"+services/service_manager/zygote",
"+skia",
diff --git a/content/app/DEPS b/content/app/DEPS
index 8551a3a..6337fd0 100644
--- a/content/app/DEPS
+++ b/content/app/DEPS
@@ -11,6 +11,5 @@
"+services/network/public/cpp/features.h",
"+services/resource_coordinator/public",
"+services/service_manager/embedder",
- "+services/service_manager/sandbox/sandbox_type.h",
"+services/tracing/public/cpp",
]
diff --git a/content/app/content_main_runner_impl.cc b/content/app/content_main_runner_impl.cc
index f5e5576..8ca7ccf 100644
--- a/content/app/content_main_runner_impl.cc
+++ b/content/app/content_main_runner_impl.cc
@@ -91,10 +91,10 @@
#include "mojo/public/cpp/system/invitation.h"
#include "mojo/public/mojom/base/binder.mojom.h"
#include "ppapi/buildflags/buildflags.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "services/network/public/cpp/features.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "services/tracing/public/cpp/trace_startup.h"
#include "third_party/blink/public/common/origin_trials/trial_token_validator.h"
#include "ui/base/ui_base_paths.h"
@@ -279,7 +279,7 @@
SandboxHostLinux::GetInstance()->Init();
if (parsed_command_line.HasSwitch(switches::kNoZygote)) {
- if (!parsed_command_line.HasSwitch(service_manager::switches::kNoSandbox)) {
+ if (!parsed_command_line.HasSwitch(sandbox::policy::switches::kNoSandbox)) {
LOG(ERROR) << "--no-sandbox should be used together with --no--zygote";
exit(EXIT_FAILURE);
}
@@ -796,7 +796,7 @@
#if defined(OS_WIN)
if (!InitializeSandbox(
- service_manager::SandboxTypeFromCommandLine(command_line),
+ sandbox::policy::SandboxTypeFromCommandLine(command_line),
params.sandbox_info))
return TerminateForFatalInitializationError();
#elif defined(OS_MACOSX)
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc
index 4ada859..a4bc105 100644
--- a/content/browser/browser_main_loop.cc
+++ b/content/browser/browser_main_loop.cc
@@ -180,7 +180,7 @@
#include "content/browser/renderer_host/dwrite_font_lookup_table_builder_win.h"
#include "net/base/winsock_init.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#endif
#if defined(OS_CHROMEOS)
diff --git a/content/browser/browser_process_sub_thread.cc b/content/browser/browser_process_sub_thread.cc
index 748e7cf..d4db78e 100644
--- a/content/browser/browser_process_sub_thread.cc
+++ b/content/browser/browser_process_sub_thread.cc
@@ -162,7 +162,7 @@
UtilityProcessHost* utility_process =
static_cast<UtilityProcessHost*>(it.GetDelegate());
if (utility_process->sandbox_type() ==
- service_manager::SandboxType::kNetwork) {
+ sandbox::policy::SandboxType::kNetwork) {
// This ensures that cookies and cache are flushed to disk on shutdown.
// https://crbug.com/841001
#if BUILDFLAG(CLANG_PROFILING)
diff --git a/content/browser/child_process_launcher_helper.h b/content/browser/child_process_launcher_helper.h
index fa9c372a..5b77b66c 100644
--- a/content/browser/child_process_launcher_helper.h
+++ b/content/browser/child_process_launcher_helper.h
@@ -40,7 +40,7 @@
#endif
#if defined(OS_FUCHSIA)
-#include "services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h"
+#include "sandbox/policy/fuchsia/sandbox_policy_fuchsia.h"
#endif
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
@@ -250,7 +250,7 @@
#endif
#if defined(OS_FUCHSIA)
- std::unique_ptr<service_manager::SandboxPolicyFuchsia> sandbox_policy_;
+ std::unique_ptr<sandbox::policy::SandboxPolicyFuchsia> sandbox_policy_;
#endif
};
diff --git a/content/browser/child_process_launcher_helper_android.cc b/content/browser/child_process_launcher_helper_android.cc
index 7f6bc82..69c751e 100644
--- a/content/browser/child_process_launcher_helper_android.cc
+++ b/content/browser/child_process_launcher_helper_android.cc
@@ -24,7 +24,7 @@
#include "content/public/browser/render_process_host.h"
#include "content/public/common/content_descriptors.h"
#include "content/public/common/content_switches.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
using base::android::AttachCurrentThread;
using base::android::JavaParamRef;
@@ -57,7 +57,7 @@
// Non-sandboxed utility or renderer process are currently not supported.
DCHECK(process_type == switches::kGpuProcess ||
- !command_line()->HasSwitch(service_manager::switches::kNoSandbox));
+ !command_line()->HasSwitch(sandbox::policy::switches::kNoSandbox));
}
base::Optional<mojo::NamedPlatformChannel>
diff --git a/content/browser/child_process_launcher_helper_fuchsia.cc b/content/browser/child_process_launcher_helper_fuchsia.cc
index 3f48889..ca4b2e9 100644
--- a/content/browser/child_process_launcher_helper_fuchsia.cc
+++ b/content/browser/child_process_launcher_helper_fuchsia.cc
@@ -19,21 +19,21 @@
namespace {
const char* ProcessNameFromSandboxType(
- service_manager::SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
switch (sandbox_type) {
- case service_manager::SandboxType::kNoSandbox:
+ case sandbox::policy::SandboxType::kNoSandbox:
return nullptr;
- case service_manager::SandboxType::kWebContext:
+ case sandbox::policy::SandboxType::kWebContext:
return "context";
- case service_manager::SandboxType::kRenderer:
+ case sandbox::policy::SandboxType::kRenderer:
return "renderer";
- case service_manager::SandboxType::kUtility:
+ case sandbox::policy::SandboxType::kUtility:
return "utility";
- case service_manager::SandboxType::kGpu:
+ case sandbox::policy::SandboxType::kGpu:
return "gpu";
- case service_manager::SandboxType::kNetwork:
+ case sandbox::policy::SandboxType::kNetwork:
return "network";
- case service_manager::SandboxType::kVideoCapture:
+ case sandbox::policy::SandboxType::kVideoCapture:
return "video-capture";
default:
NOTREACHED() << "Unknown sandbox_type.";
@@ -68,7 +68,7 @@
void ChildProcessLauncherHelper::BeforeLaunchOnClientThread() {
DCHECK(client_task_runner_->RunsTasksInCurrentSequence());
- sandbox_policy_ = std::make_unique<service_manager::SandboxPolicyFuchsia>(
+ sandbox_policy_ = std::make_unique<sandbox::policy::SandboxPolicyFuchsia>(
delegate_->GetSandboxType());
}
diff --git a/content/browser/child_process_launcher_helper_linux.cc b/content/browser/child_process_launcher_helper_linux.cc
index e63dfcf..c1b5d30f 100644
--- a/content/browser/child_process_launcher_helper_linux.cc
+++ b/content/browser/child_process_launcher_helper_linux.cc
@@ -20,7 +20,7 @@
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "content/public/common/zygote/sandbox_support_linux.h"
#include "content/public/common/zygote/zygote_handle.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace content {
namespace internal {
diff --git a/content/browser/child_process_launcher_helper_mac.cc b/content/browser/child_process_launcher_helper_mac.cc
index 05e0c6b9..9b72b3e 100644
--- a/content/browser/child_process_launcher_helper_mac.cc
+++ b/content/browser/child_process_launcher_helper_mac.cc
@@ -22,11 +22,11 @@
#include "content/public/common/result_codes.h"
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "sandbox/mac/seatbelt_exec.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/embedder/result_codes.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
namespace content {
namespace internal {
@@ -70,19 +70,19 @@
options->disclaim_responsibility = delegate_->DisclaimResponsibility();
auto sandbox_type =
- service_manager::SandboxTypeFromCommandLine(*command_line_);
+ sandbox::policy::SandboxTypeFromCommandLine(*command_line_);
bool no_sandbox =
- command_line_->HasSwitch(service_manager::switches::kNoSandbox) ||
- service_manager::IsUnsandboxedSandboxType(sandbox_type);
+ command_line_->HasSwitch(sandbox::policy::switches::kNoSandbox) ||
+ sandbox::policy::IsUnsandboxedSandboxType(sandbox_type);
- bool use_v2 = (sandbox_type != service_manager::SandboxType::kGpu) ||
+ bool use_v2 = (sandbox_type != sandbox::policy::SandboxType::kGpu) ||
base::FeatureList::IsEnabled(features::kMacV2GPUSandbox);
if (use_v2 && !no_sandbox) {
// Generate the profile string.
std::string profile =
- service_manager::SandboxMac::GetSandboxProfile(sandbox_type);
+ sandbox::policy::SandboxMac::GetSandboxProfile(sandbox_type);
// Disable os logging to com.apple.diagnosticd which is a performance
// problem.
diff --git a/content/browser/child_process_launcher_helper_win.cc b/content/browser/child_process_launcher_helper_win.cc
index 695ae72..edb54c3 100644
--- a/content/browser/child_process_launcher_helper_win.cc
+++ b/content/browser/child_process_launcher_helper_win.cc
@@ -16,9 +16,9 @@
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "mojo/public/cpp/platform/named_platform_channel.h"
#include "mojo/public/cpp/platform/platform_channel.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_types.h"
#include "services/service_manager/embedder/result_codes.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
namespace content {
namespace internal {
diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc
index 9bb2839b..ac1bc82 100644
--- a/content/browser/gpu/gpu_process_host.cc
+++ b/content/browser/gpu/gpu_process_host.cc
@@ -71,8 +71,8 @@
#include "mojo/public/cpp/bindings/associated_remote.h"
#include "mojo/public/cpp/bindings/generic_pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "ui/base/ui_base_features.h"
#include "ui/base/ui_base_switches.h"
#include "ui/display/display_switches.h"
@@ -82,9 +82,9 @@
#include "ui/latency/latency_info.h"
#if defined(OS_WIN)
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/window.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#include "ui/gfx/win/rendering_window_manager.h"
#endif
@@ -220,11 +220,11 @@
// Command-line switches to propagate to the GPU process.
static const char* const kSwitchNames[] = {
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kGpuSandboxAllowSysVShm,
- service_manager::switches::kGpuSandboxFailuresFatal,
- service_manager::switches::kDisableGpuSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kGpuSandboxAllowSysVShm,
+ sandbox::policy::switches::kGpuSandboxFailuresFatal,
+ sandbox::policy::switches::kDisableGpuSandbox,
+ sandbox::policy::switches::kNoSandbox,
#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
switches::kDisableDevShmUsage,
#endif
@@ -264,7 +264,7 @@
switches::kVModule,
switches::kUseAdapterLuid,
#if defined(OS_MACOSX)
- service_manager::switches::kEnableSandboxLogging,
+ sandbox::policy::switches::kEnableSandboxLogging,
switches::kDisableAVFoundationOverlays,
switches::kDisableMacOverlays,
switches::kDisableMetalTestShaders,
@@ -379,7 +379,7 @@
// Open GL path.
policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
sandbox::USER_LIMITED);
- service_manager::SandboxWin::SetJobLevel(
+ sandbox::policy::SandboxWin::SetJobLevel(
cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
} else {
policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
@@ -391,7 +391,7 @@
// turn blocks on the browser UI thread. So, instead we forgo a window
// message pump entirely and just add job restrictions to prevent child
// processes.
- service_manager::SandboxWin::SetJobLevel(
+ sandbox::policy::SandboxWin::SetJobLevel(
cmd_line_, sandbox::JOB_LIMITED_USER,
JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_DESKTOP |
JOB_OBJECT_UILIMIT_EXITWINDOWS |
@@ -434,7 +434,7 @@
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
ZygoteHandle GetZygote() override {
- if (service_manager::IsUnsandboxedSandboxType(GetSandboxType()))
+ if (sandbox::policy::IsUnsandboxedSandboxType(GetSandboxType()))
return nullptr;
// The GPU process needs a specialized sandbox, so fork from the unsandboxed
@@ -443,12 +443,12 @@
}
#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
- service_manager::SandboxType GetSandboxType() override {
- if (cmd_line_.HasSwitch(service_manager::switches::kDisableGpuSandbox)) {
+ sandbox::policy::SandboxType GetSandboxType() override {
+ if (cmd_line_.HasSwitch(sandbox::policy::switches::kDisableGpuSandbox)) {
DVLOG(1) << "GPU sandbox is disabled";
- return service_manager::SandboxType::kNoSandbox;
+ return sandbox::policy::SandboxType::kNoSandbox;
}
- return service_manager::SandboxType::kGpu;
+ return sandbox::policy::SandboxType::kGpu;
}
private:
@@ -475,8 +475,8 @@
void RecordAppContainerStatus(int error_code, bool crashed_before) {
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
if (!crashed_before &&
- service_manager::SandboxWin::IsAppContainerEnabledForSandbox(
- *command_line, service_manager::SandboxType::kGpu)) {
+ sandbox::policy::SandboxWin::IsAppContainerEnabledForSandbox(
+ *command_line, sandbox::policy::SandboxType::kGpu)) {
base::UmaHistogramSparse("GPU.AppContainer.Status", error_code);
}
}
@@ -1149,7 +1149,7 @@
#endif // defined(OS_WIN)
if (kind_ == GPU_PROCESS_KIND_INFO_COLLECTION) {
- cmd_line->AppendSwitch(service_manager::switches::kDisableGpuSandbox);
+ cmd_line->AppendSwitch(sandbox::policy::switches::kDisableGpuSandbox);
cmd_line->AppendSwitchASCII(switches::kUseGL,
gl::kGLImplementationDisabledName);
diff --git a/content/browser/media/media_internals.cc b/content/browser/media/media_internals.cc
index 34dc80e..8258f5c 100644
--- a/content/browser/media/media_internals.cc
+++ b/content/browser/media/media_internals.cc
@@ -38,8 +38,8 @@
#include "media/base/media_log_record.h"
#include "media/webrtc/webrtc_switches.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
#if !defined(OS_ANDROID)
#include "media/filters/decrypting_video_decoder.h"
@@ -499,8 +499,8 @@
base::Value(feature_value_string));
set_feature_data(features::kAudioServiceLaunchOnStartup);
- set_explicit_feature_data(service_manager::features::kAudioServiceSandbox,
- service_manager::IsAudioSandboxEnabled());
+ set_explicit_feature_data(sandbox::policy::features::kAudioServiceSandbox,
+ sandbox::policy::IsAudioSandboxEnabled());
base::string16 audio_info_update =
SerializeUpdate("media.updateGeneralAudioInformation", &audio_info_data);
SendUpdate(audio_info_update);
diff --git a/content/browser/mojo_sandbox_browsertest.cc b/content/browser/mojo_sandbox_browsertest.cc
index 767e6f1..2a9f1a3 100644
--- a/content/browser/mojo_sandbox_browsertest.cc
+++ b/content/browser/mojo_sandbox_browsertest.cc
@@ -25,9 +25,9 @@
#include "content/public/test/content_browser_test.h"
#include "content/public/test/test_service.mojom.h"
#include "mojo/public/cpp/bindings/remote.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/public/cpp/interface_provider.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/switches.h"
namespace content {
namespace {
@@ -163,13 +163,13 @@
EXPECT_TRUE(got_response);
}
-// Test for service_manager::IsProcessSandboxed().
+// Test for sandbox::policy::IsProcessSandboxed().
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, IsProcessSandboxed) {
StartProcess();
mojo::Remote<mojom::TestService> test_service = BindTestService();
// The browser should not be considered sandboxed.
- EXPECT_FALSE(service_manager::Sandbox::IsProcessSandboxed());
+ EXPECT_FALSE(sandbox::policy::Sandbox::IsProcessSandboxed());
base::Optional<bool> maybe_is_sandboxed;
base::RunLoop run_loop;
@@ -186,12 +186,12 @@
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, NotIsProcessSandboxed) {
StartProcess(base::BindOnce([](UtilityProcessHost* host) {
- host->SetSandboxType(service_manager::SandboxType::kNoSandbox);
+ host->SetSandboxType(sandbox::policy::SandboxType::kNoSandbox);
}));
mojo::Remote<mojom::TestService> test_service = BindTestService();
// The browser should not be considered sandboxed.
- EXPECT_FALSE(service_manager::Sandbox::IsProcessSandboxed());
+ EXPECT_FALSE(sandbox::policy::Sandbox::IsProcessSandboxed());
base::Optional<bool> maybe_is_sandboxed;
base::RunLoop run_loop;
@@ -212,7 +212,7 @@
// get passed down to the browser and all child processes. In that case,
// IsProcessSandboxed() will report true, per the API.
bool no_sandbox = base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoSandbox);
+ sandbox::policy::switches::kNoSandbox);
EXPECT_EQ(no_sandbox, maybe_is_sandboxed.value());
#endif
}
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc
index 09f2cabf..4bb529b 100644
--- a/content/browser/ppapi_plugin_process_host.cc
+++ b/content/browser/ppapi_plugin_process_host.cc
@@ -36,16 +36,16 @@
#include "content/public/common/zygote/zygote_buildflags.h"
#include "ppapi/proxy/ppapi_messages.h"
#include "ppapi/shared_impl/ppapi_permissions.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "services/network/public/cpp/network_connection_tracker.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "ui/base/ui_base_switches.h"
#if defined(OS_WIN)
#include "base/win/windows_version.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/process_mitigations.h"
#include "sandbox/win/src/sandbox_policy.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#include "ui/display/win/dpi.h"
#include "ui/gfx/font_render_params.h"
#endif
@@ -95,9 +95,9 @@
#if !defined(NACL_WIN64)
// We don't support PPAPI win32k lockdown prior to Windows 10.
if (base::win::GetVersion() >= base::win::Version::WIN10 &&
- service_manager::IsWin32kLockdownEnabled()) {
+ sandbox::policy::IsWin32kLockdownEnabled()) {
result =
- service_manager::SandboxWin::AddWin32kLockdownPolicy(policy, true);
+ sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy, true);
if (result != sandbox::SBOX_ALL_OK)
return false;
}
@@ -105,7 +105,7 @@
const base::string16& sid =
browser_client->GetAppContainerSidForSandboxType(GetSandboxType());
if (!sid.empty())
- service_manager::SandboxWin::AddAppContainerPolicy(policy, sid.c_str());
+ sandbox::policy::SandboxWin::AddAppContainerPolicy(policy, sid.c_str());
// Only Flash needs to be able to execute dynamic code.
if (!permissions_.HasPermission(ppapi::PERMISSION_FLASH)) {
@@ -131,12 +131,12 @@
}
#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
- service_manager::SandboxType GetSandboxType() override {
+ sandbox::policy::SandboxType GetSandboxType() override {
#if defined(OS_WIN)
if (is_broker_)
- return service_manager::SandboxType::kNoSandbox;
+ return sandbox::policy::SandboxType::kNoSandbox;
#endif // OS_WIN
- return service_manager::SandboxType::kPpapi;
+ return sandbox::policy::SandboxType::kPpapi;
}
#if defined(OS_MACOSX)
@@ -404,10 +404,10 @@
if (!is_broker_) {
static const char* const kPluginForwardSwitches[] = {
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kNoSandbox,
#if defined(OS_MACOSX)
- service_manager::switches::kEnableSandboxLogging,
+ sandbox::policy::switches::kEnableSandboxLogging,
#endif
switches::kPpapiStartupDialog,
};
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index b5f2670..0e0b0d7 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -201,6 +201,7 @@
#include "mojo/public/cpp/bindings/scoped_message_error_crash_key.h"
#include "mojo/public/cpp/system/platform_handle.h"
#include "net/url_request/url_request_context_getter.h"
+#include "sandbox/policy/switches.h"
#include "services/device/public/mojom/battery_monitor.mojom.h"
#include "services/device/public/mojom/power_monitor.mojom.h"
#include "services/device/public/mojom/screen_orientation.mojom.h"
@@ -214,7 +215,6 @@
#include "services/service_manager/embedder/switches.h"
#include "services/service_manager/public/cpp/binder_registry.h"
#include "services/service_manager/public/cpp/interface_provider.h"
-#include "services/service_manager/sandbox/switches.h"
#include "storage/browser/database/database_tracker.h"
#include "storage/browser/file_system/sandbox_file_system_backend.h"
#include "third_party/blink/public/common/features.h"
@@ -261,8 +261,8 @@
#include "content/browser/renderer_host/dwrite_font_proxy_impl_win.h"
#include "content/public/common/font_cache_dispatcher_win.h"
#include "content/public/common/font_cache_win.mojom.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_policy.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#include "ui/display/win/dpi.h"
#endif
@@ -417,13 +417,13 @@
#if defined(OS_WIN)
bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {
- service_manager::SandboxWin::AddBaseHandleClosePolicy(policy);
+ sandbox::policy::SandboxWin::AddBaseHandleClosePolicy(policy);
const base::string16& sid =
GetContentClient()->browser()->GetAppContainerSidForSandboxType(
GetSandboxType());
if (!sid.empty())
- service_manager::SandboxWin::AddAppContainerPolicy(policy, sid.c_str());
+ sandbox::policy::SandboxWin::AddAppContainerPolicy(policy, sid.c_str());
ContentBrowserClient::RendererSpawnFlags flags(
ContentBrowserClient::RendererSpawnFlags::NONE);
if (renderer_code_integrity_enabled_)
@@ -444,8 +444,8 @@
}
#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
- service_manager::SandboxType GetSandboxType() override {
- return service_manager::SandboxType::kRenderer;
+ sandbox::policy::SandboxType GetSandboxType() override {
+ return sandbox::policy::SandboxType::kRenderer;
}
#if defined(OS_WIN)
@@ -3263,14 +3263,14 @@
static const char* const kSwitchNames[] = {
network::switches::kExplicitlyAllowedPorts,
service_manager::switches::kDisableInProcessStackTraces,
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kNoSandbox,
#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
switches::kDisableDevShmUsage,
#endif
#if defined(OS_MACOSX)
// Allow this to be set when invoking the browser and relayed along.
- service_manager::switches::kEnableSandboxLogging,
+ sandbox::policy::switches::kEnableSandboxLogging,
#endif
switches::kAgcStartupMinVolume,
switches::kAllowLoopbackInPeerConnection,
@@ -3443,7 +3443,7 @@
switches::kRendererWaitForJavaDebugger,
#endif
#if defined(OS_WIN)
- service_manager::switches::kDisableWin32kLockDown,
+ sandbox::policy::switches::kDisableWin32kLockDown,
switches::kDisableHighResTimer,
switches::kEnableWin7WebRtcHWH264Decoding,
switches::kTrySupportedChannelLayouts,
@@ -3506,8 +3506,8 @@
// --no-sandbox in official builds because that would bypass the bad_flgs
// prompt.
if (renderer_cmd->HasSwitch(switches::kRendererStartupDialog) &&
- !renderer_cmd->HasSwitch(service_manager::switches::kNoSandbox)) {
- renderer_cmd->AppendSwitch(service_manager::switches::kNoSandbox);
+ !renderer_cmd->HasSwitch(sandbox::policy::switches::kNoSandbox)) {
+ renderer_cmd->AppendSwitch(sandbox::policy::switches::kNoSandbox);
}
#endif
diff --git a/content/browser/sandbox_ipc_linux.cc b/content/browser/sandbox_ipc_linux.cc
index 512b91f..b0cade3 100644
--- a/content/browser/sandbox_ipc_linux.cc
+++ b/content/browser/sandbox_ipc_linux.cc
@@ -24,7 +24,7 @@
#include "base/strings/string_number_conversions.h"
#include "content/public/common/content_switches.h"
#include "sandbox/linux/services/libc_interceptor.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace content {
@@ -85,7 +85,7 @@
// bytes long (this is the largest message type).
// The size limit used to be FontConfigIPC::kMaxFontFamilyLength which was
// 2048, but we do not receive FontConfig IPC here anymore. The only payloads
- // here are service_manager::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT
+ // here are sandbox::policy::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT
// and HandleLocalTime from libc_interceptor for which
// kMaxSandboxIPCMessagePayloadSize set to 64 should be plenty.
// 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC
@@ -121,7 +121,7 @@
return;
if (kind ==
- service_manager::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT) {
+ sandbox::policy::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT) {
HandleMakeSharedMemorySegment(fd, iter, fds);
return;
}
diff --git a/content/browser/sandbox_mac_unittest.mm b/content/browser/sandbox_mac_unittest.mm
index 0e4ca56..1ba270d 100644
--- a/content/browser/sandbox_mac_unittest.mm
+++ b/content/browser/sandbox_mac_unittest.mm
@@ -24,8 +24,8 @@
#include "crypto/openssl_util.h"
#include "sandbox/mac/seatbelt.h"
#include "sandbox/mac/seatbelt_exec.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
+#include "sandbox/policy/switches.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "testing/multiprocess_func_list.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
@@ -53,9 +53,9 @@
}
void ExecuteWithParams(const std::string& procname,
- service_manager::SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
std::string profile =
- service_manager::SandboxMac::GetSandboxProfile(sandbox_type) +
+ sandbox::policy::SandboxMac::GetSandboxProfile(sandbox_type) +
kTempDirSuffix;
sandbox::SeatbeltExecClient client;
client.SetProfile(profile);
@@ -80,15 +80,15 @@
void ExecuteInAllSandboxTypes(const std::string& multiprocess_main,
base::RepeatingClosure after_each) {
- constexpr service_manager::SandboxType kSandboxTypes[] = {
- service_manager::SandboxType::kAudio,
- service_manager::SandboxType::kCdm,
- service_manager::SandboxType::kGpu,
- service_manager::SandboxType::kNaClLoader,
- service_manager::SandboxType::kPpapi,
- service_manager::SandboxType::kPrintCompositor,
- service_manager::SandboxType::kRenderer,
- service_manager::SandboxType::kUtility,
+ constexpr sandbox::policy::SandboxType kSandboxTypes[] = {
+ sandbox::policy::SandboxType::kAudio,
+ sandbox::policy::SandboxType::kCdm,
+ sandbox::policy::SandboxType::kGpu,
+ sandbox::policy::SandboxType::kNaClLoader,
+ sandbox::policy::SandboxType::kPpapi,
+ sandbox::policy::SandboxType::kPrintCompositor,
+ sandbox::policy::SandboxType::kRenderer,
+ sandbox::policy::SandboxType::kUtility,
};
for (const auto type : kSandboxTypes) {
@@ -141,7 +141,7 @@
TEST_F(SandboxMacTest, RendererCannotWriteHomeDir) {
ExecuteWithParams("RendererWriteProcess",
- service_manager::SandboxType::kRenderer);
+ sandbox::policy::SandboxType::kRenderer);
}
MULTIPROCESS_TEST_MAIN(ClipboardAccessProcess) {
@@ -251,7 +251,7 @@
extra_data_ = temp_file_path.value();
ExecuteWithParams("FontLoadingProcess",
- service_manager::SandboxType::kRenderer);
+ sandbox::policy::SandboxType::kRenderer);
temp_file.reset();
ASSERT_TRUE(base::DeleteFile(temp_file_path));
}
diff --git a/content/browser/sandbox_parameters_mac.h b/content/browser/sandbox_parameters_mac.h
index f6bc800..98e44e08 100644
--- a/content/browser/sandbox_parameters_mac.h
+++ b/content/browser/sandbox_parameters_mac.h
@@ -6,7 +6,7 @@
#define CONTENT_BROWSER_SANDBOX_PARAMETERS_MAC_H_
#include "content/common/content_export.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
namespace base {
class CommandLine;
@@ -22,7 +22,7 @@
// This populates the sandbox parameters in the client for the given
// |sandbox_type|. Some parameters may be extracted from the |command_line|.
CONTENT_EXPORT void SetupSandboxParameters(
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
const base::CommandLine& command_line,
sandbox::SeatbeltExecClient* client);
diff --git a/content/browser/sandbox_parameters_mac.mm b/content/browser/sandbox_parameters_mac.mm
index 93bf3c4..08752c5 100644
--- a/content/browser/sandbox_parameters_mac.mm
+++ b/content/browser/sandbox_parameters_mac.mm
@@ -27,9 +27,9 @@
#include "content/public/common/content_switches.h"
#include "ppapi/buildflags/buildflags.h"
#include "sandbox/mac/seatbelt_exec.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#if BUILDFLAG(ENABLE_PLUGINS)
#include "content/public/common/pepper_plugin_info.h"
@@ -65,21 +65,21 @@
PCHECK(rv != 0);
CHECK(client->SetParameter(
"DARWIN_USER_CACHE_DIR",
- service_manager::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
.value()));
rv = confstr(_CS_DARWIN_USER_DIR, dir_path, sizeof(dir_path));
PCHECK(rv != 0);
CHECK(client->SetParameter(
"DARWIN_USER_DIR",
- service_manager::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
.value()));
rv = confstr(_CS_DARWIN_USER_TEMP_DIR, dir_path, sizeof(dir_path));
PCHECK(rv != 0);
CHECK(client->SetParameter(
"DARWIN_USER_TEMP_DIR",
- service_manager::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::FilePath(dir_path))
.value()));
}
@@ -90,50 +90,50 @@
const base::CommandLine* command_line =
base::CommandLine::ForCurrentProcess();
bool enable_logging =
- command_line->HasSwitch(service_manager::switches::kEnableSandboxLogging);
+ command_line->HasSwitch(sandbox::policy::switches::kEnableSandboxLogging);
CHECK(client->SetBooleanParameter(
- service_manager::SandboxMac::kSandboxEnableLogging, enable_logging));
+ sandbox::policy::SandboxMac::kSandboxEnableLogging, enable_logging));
CHECK(client->SetBooleanParameter(
- service_manager::SandboxMac::kSandboxDisableDenialLogging,
+ sandbox::policy::SandboxMac::kSandboxDisableDenialLogging,
!enable_logging));
std::string bundle_path =
- service_manager::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
.value();
- CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBundlePath,
+ CHECK(client->SetParameter(sandbox::policy::SandboxMac::kSandboxBundlePath,
bundle_path));
std::string bundle_id = base::mac::BaseBundleID();
DCHECK(!bundle_id.empty()) << "base::mac::OuterBundle is unset";
CHECK(client->SetParameter(
- service_manager::SandboxMac::kSandboxChromeBundleId, bundle_id));
+ sandbox::policy::SandboxMac::kSandboxChromeBundleId, bundle_id));
- CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBrowserPID,
+ CHECK(client->SetParameter(sandbox::policy::SandboxMac::kSandboxBrowserPID,
std::to_string(getpid())));
std::string logging_path =
GetContentClient()->browser()->GetLoggingFileName(*command_line).value();
CHECK(client->SetParameter(
- service_manager::SandboxMac::kSandboxLoggingPathAsLiteral, logging_path));
+ sandbox::policy::SandboxMac::kSandboxLoggingPathAsLiteral, logging_path));
#if defined(COMPONENT_BUILD)
// For component builds, allow access to one directory level higher, where
// the dylibs live.
base::FilePath component_path = base::mac::MainBundlePath().Append("..");
std::string component_path_canonical =
- service_manager::SandboxMac::GetCanonicalPath(component_path).value();
- CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxComponentPath,
+ sandbox::policy::SandboxMac::GetCanonicalPath(component_path).value();
+ CHECK(client->SetParameter(sandbox::policy::SandboxMac::kSandboxComponentPath,
component_path_canonical));
#endif
- CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxOSVersion,
+ CHECK(client->SetParameter(sandbox::policy::SandboxMac::kSandboxOSVersion,
GetOSVersion()));
std::string homedir =
- service_manager::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
CHECK(client->SetParameter(
- service_manager::SandboxMac::kSandboxHomedirAsLiteral, homedir));
+ sandbox::policy::SandboxMac::kSandboxHomedirAsLiteral, homedir));
CHECK(client->SetBooleanParameter(
"FILTER_SYSCALLS",
@@ -154,7 +154,7 @@
base::NumberToString(storage_paths.size())));
for (size_t i = 0; i < storage_paths.size(); ++i) {
base::FilePath path =
- service_manager::SandboxMac::GetCanonicalPath(storage_paths[i]);
+ sandbox::policy::SandboxMac::GetCanonicalPath(storage_paths[i]);
std::string param_name =
base::StringPrintf("NETWORK_SERVICE_STORAGE_PATH_%zu", i);
CHECK(client->SetParameter(param_name, path.value())) << param_name;
@@ -162,7 +162,7 @@
if (g_network_test_certs_dir->has_value()) {
CHECK(client->SetParameter("NETWORK_SERVICE_TEST_CERTS_DIR",
- service_manager::SandboxMac::GetCanonicalPath(
+ sandbox::policy::SandboxMac::GetCanonicalPath(
**g_network_test_certs_dir)
.value()));
}
@@ -175,7 +175,7 @@
std::vector<content::WebPluginInfo> plugins;
PluginService::GetInstance()->GetInternalPlugins(&plugins);
- base::FilePath bundle_path = service_manager::SandboxMac::GetCanonicalPath(
+ base::FilePath bundle_path = sandbox::policy::SandboxMac::GetCanonicalPath(
base::mac::MainBundlePath());
const std::string param_base_name = "PPAPI_PATH_";
@@ -198,12 +198,12 @@
void SetupCDMSandboxParameters(sandbox::SeatbeltExecClient* client) {
SetupCommonSandboxParameters(client);
- base::FilePath bundle_path = service_manager::SandboxMac::GetCanonicalPath(
+ base::FilePath bundle_path = sandbox::policy::SandboxMac::GetCanonicalPath(
base::mac::FrameworkBundlePath().DirName());
CHECK(!bundle_path.empty());
CHECK(client->SetParameter(
- service_manager::SandboxMac::kSandboxBundleVersionPath,
+ sandbox::policy::SandboxMac::kSandboxBundleVersionPath,
bundle_path.value()));
}
@@ -214,37 +214,37 @@
} // namespace
-void SetupSandboxParameters(service_manager::SandboxType sandbox_type,
+void SetupSandboxParameters(sandbox::policy::SandboxType sandbox_type,
const base::CommandLine& command_line,
sandbox::SeatbeltExecClient* client) {
switch (sandbox_type) {
- case service_manager::SandboxType::kAudio:
- case service_manager::SandboxType::kSpeechRecognition:
- case service_manager::SandboxType::kNaClLoader:
- case service_manager::SandboxType::kPrintCompositor:
- case service_manager::SandboxType::kRenderer:
+ case sandbox::policy::SandboxType::kAudio:
+ case sandbox::policy::SandboxType::kSpeechRecognition:
+ case sandbox::policy::SandboxType::kNaClLoader:
+ case sandbox::policy::SandboxType::kPrintCompositor:
+ case sandbox::policy::SandboxType::kRenderer:
SetupCommonSandboxParameters(client);
break;
- case service_manager::SandboxType::kGpu:
+ case sandbox::policy::SandboxType::kGpu:
SetupCommonSandboxParameters(client);
AddDarwinDirs(client);
break;
- case service_manager::SandboxType::kCdm:
+ case sandbox::policy::SandboxType::kCdm:
SetupCDMSandboxParameters(client);
break;
- case service_manager::SandboxType::kNetwork:
+ case sandbox::policy::SandboxType::kNetwork:
SetupNetworkSandboxParameters(client);
break;
- case service_manager::SandboxType::kPpapi:
+ case sandbox::policy::SandboxType::kPpapi:
#if BUILDFLAG(ENABLE_PLUGINS)
SetupPPAPISandboxParameters(client);
#endif
break;
- case service_manager::SandboxType::kUtility:
+ case sandbox::policy::SandboxType::kUtility:
SetupUtilitySandboxParameters(client, command_line);
break;
- case service_manager::SandboxType::kNoSandbox:
- case service_manager::SandboxType::kVideoCapture:
+ case sandbox::policy::SandboxType::kNoSandbox:
+ case sandbox::policy::SandboxType::kVideoCapture:
CHECK(false) << "Unhandled parameters for sandbox_type "
<< static_cast<int>(sandbox_type);
}
diff --git a/content/browser/service_manager/service_manager_context.cc b/content/browser/service_manager/service_manager_context.cc
index c3b410c..064b8e0 100644
--- a/content/browser/service_manager/service_manager_context.cc
+++ b/content/browser/service_manager/service_manager_context.cc
@@ -49,12 +49,12 @@
#include "mojo/public/cpp/bindings/remote.h"
#include "mojo/public/cpp/platform/platform_channel.h"
#include "mojo/public/cpp/system/invitation.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/cpp/connector.h"
#include "services/service_manager/public/cpp/constants.h"
#include "services/service_manager/public/cpp/manifest.h"
#include "services/service_manager/public/cpp/service.h"
#include "services/service_manager/public/mojom/service.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "services/service_manager/service_manager.h"
#include "services/service_manager/service_process_host.h"
#include "services/service_manager/service_process_launcher.h"
@@ -106,7 +106,7 @@
// service_manager::ServiceProcessHost:
mojo::PendingRemote<service_manager::mojom::Service> Launch(
const service_manager::Identity& identity,
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
const base::string16& display_name,
LaunchCallback callback) override {
mojo::PendingRemote<service_manager::mojom::Service> remote;
@@ -147,11 +147,11 @@
// service_manager::ServiceProcessHost:
mojo::PendingRemote<service_manager::mojom::Service> Launch(
const service_manager::Identity& identity,
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
const base::string16& display_name,
LaunchCallback callback) override {
// TODO(https://crbug.com/781334): Support sandboxing.
- return launcher_.Start(identity, service_manager::SandboxType::kNoSandbox,
+ return launcher_.Start(identity, sandbox::policy::SandboxType::kNoSandbox,
std::move(callback));
}
diff --git a/content/browser/utility_process_host.cc b/content/browser/utility_process_host.cc
index 8728b59..544d920b 100644
--- a/content/browser/utility_process_host.cc
+++ b/content/browser/utility_process_host.cc
@@ -32,12 +32,12 @@
#include "content/public/common/zygote/zygote_buildflags.h"
#include "media/base/media_switches.h"
#include "media/webrtc/webrtc_switches.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "services/network/public/cpp/network_switches.h"
#include "services/service_manager/embedder/switches.h"
#include "services/service_manager/public/cpp/interface_provider.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "ui/base/ui_base_switches.h"
#include "ui/gl/gl_switches.h"
@@ -63,7 +63,7 @@
: public SandboxedProcessLauncherDelegate {
public:
UtilitySandboxedProcessLauncherDelegate(
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
const base::EnvironmentMap& env,
const base::CommandLine& cmd_line)
:
@@ -74,30 +74,30 @@
cmd_line_(cmd_line) {
#if DCHECK_IS_ON()
bool supported_sandbox_type =
- sandbox_type_ == service_manager::SandboxType::kNoSandbox ||
+ sandbox_type_ == sandbox::policy::SandboxType::kNoSandbox ||
#if defined(OS_WIN)
sandbox_type_ ==
- service_manager::SandboxType::kNoSandboxAndElevatedPrivileges ||
- sandbox_type_ == service_manager::SandboxType::kXrCompositing ||
- sandbox_type_ == service_manager::SandboxType::kProxyResolver ||
- sandbox_type_ == service_manager::SandboxType::kPdfConversion ||
- sandbox_type_ == service_manager::SandboxType::kIconReader ||
+ sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges ||
+ sandbox_type_ == sandbox::policy::SandboxType::kXrCompositing ||
+ sandbox_type_ == sandbox::policy::SandboxType::kProxyResolver ||
+ sandbox_type_ == sandbox::policy::SandboxType::kPdfConversion ||
+ sandbox_type_ == sandbox::policy::SandboxType::kIconReader ||
#endif
- sandbox_type_ == service_manager::SandboxType::kUtility ||
- sandbox_type_ == service_manager::SandboxType::kNetwork ||
- sandbox_type_ == service_manager::SandboxType::kCdm ||
- sandbox_type_ == service_manager::SandboxType::kPrintCompositor ||
- sandbox_type_ == service_manager::SandboxType::kPpapi ||
- sandbox_type_ == service_manager::SandboxType::kVideoCapture ||
+ sandbox_type_ == sandbox::policy::SandboxType::kUtility ||
+ sandbox_type_ == sandbox::policy::SandboxType::kNetwork ||
+ sandbox_type_ == sandbox::policy::SandboxType::kCdm ||
+ sandbox_type_ == sandbox::policy::SandboxType::kPrintCompositor ||
+ sandbox_type_ == sandbox::policy::SandboxType::kPpapi ||
+ sandbox_type_ == sandbox::policy::SandboxType::kVideoCapture ||
#if defined(OS_CHROMEOS)
- sandbox_type_ == service_manager::SandboxType::kIme ||
- sandbox_type_ == service_manager::SandboxType::kTts ||
+ sandbox_type_ == sandbox::policy::SandboxType::kIme ||
+ sandbox_type_ == sandbox::policy::SandboxType::kTts ||
#endif // OS_CHROMEOS
- sandbox_type_ == service_manager::SandboxType::kAudio ||
+ sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
#if !defined(OS_MACOSX)
- sandbox_type_ == service_manager::SandboxType::kSharingService ||
+ sandbox_type_ == sandbox::policy::SandboxType::kSharingService ||
#endif
- sandbox_type_ == service_manager::SandboxType::kSpeechRecognition;
+ sandbox_type_ == sandbox::policy::SandboxType::kSpeechRecognition;
DCHECK(supported_sandbox_type);
#endif // DCHECK_IS_ON()
}
@@ -106,8 +106,8 @@
#if defined(OS_WIN)
bool GetAppContainerId(std::string* appcontainer_id) override {
- if (sandbox_type_ == service_manager::SandboxType::kXrCompositing &&
- base::FeatureList::IsEnabled(service_manager::features::kXRSandbox)) {
+ if (sandbox_type_ == sandbox::policy::SandboxType::kXrCompositing &&
+ base::FeatureList::IsEnabled(sandbox::policy::features::kXRSandbox)) {
*appcontainer_id = base::WideToUTF8(cmd_line_.GetProgram().value());
return true;
}
@@ -116,17 +116,17 @@
bool DisableDefaultPolicy() override {
switch (sandbox_type_) {
- case service_manager::SandboxType::kAudio:
+ case sandbox::policy::SandboxType::kAudio:
// Default policy is disabled for audio process to allow audio drivers
// to read device properties (https://crbug.com/883326).
return true;
- case service_manager::SandboxType::kNetwork:
+ case sandbox::policy::SandboxType::kNetwork:
// Default policy is disabled for network process to allow incremental
// sandbox mitigations to be applied via experiments.
return true;
- case service_manager::SandboxType::kXrCompositing:
+ case sandbox::policy::SandboxType::kXrCompositing:
return base::FeatureList::IsEnabled(
- service_manager::features::kXRSandbox);
+ sandbox::policy::features::kXRSandbox);
default:
return false;
}
@@ -134,17 +134,17 @@
bool ShouldLaunchElevated() override {
return sandbox_type_ ==
- service_manager::SandboxType::kNoSandboxAndElevatedPrivileges;
+ sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges;
}
bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {
- if (sandbox_type_ == service_manager::SandboxType::kNetwork)
+ if (sandbox_type_ == sandbox::policy::SandboxType::kNetwork)
return network::NetworkPreSpawnTarget(policy, cmd_line_);
- if (sandbox_type_ == service_manager::SandboxType::kAudio)
+ if (sandbox_type_ == sandbox::policy::SandboxType::kAudio)
return audio::AudioPreSpawnTarget(policy);
- if (sandbox_type_ == service_manager::SandboxType::kProxyResolver) {
+ if (sandbox_type_ == sandbox::policy::SandboxType::kProxyResolver) {
sandbox::MitigationFlags flags = policy->GetDelayedProcessMitigations();
flags |= sandbox::MITIGATION_DYNAMIC_CODE_DISABLE;
if (sandbox::SBOX_ALL_OK != policy->SetDelayedProcessMitigations(flags))
@@ -152,7 +152,7 @@
return true;
}
- if (sandbox_type_ == service_manager::SandboxType::kIconReader) {
+ if (sandbox_type_ == sandbox::policy::SandboxType::kIconReader) {
policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
sandbox::USER_LOCKDOWN);
policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
@@ -177,8 +177,8 @@
L"\\??\\*.ico");
}
- if (sandbox_type_ == service_manager::SandboxType::kXrCompositing &&
- base::FeatureList::IsEnabled(service_manager::features::kXRSandbox)) {
+ if (sandbox_type_ == sandbox::policy::SandboxType::kXrCompositing &&
+ base::FeatureList::IsEnabled(sandbox::policy::features::kXRSandbox)) {
// There were issues with some mitigations, causing an inability
// to load OpenVR and Oculus APIs.
// TODO(https://crbug.com/881919): Try to harden the XR Compositor
@@ -191,7 +191,7 @@
return false;
}
sandbox::ResultCode result =
- service_manager::SandboxWin::AddAppContainerProfileToPolicy(
+ sandbox::policy::SandboxWin::AddAppContainerProfileToPolicy(
cmd_line_, sandbox_type_, appcontainer_id, policy);
if (result != sandbox::SBOX_ALL_OK) {
return false;
@@ -200,14 +200,14 @@
// Unprotected token/job.
policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
sandbox::USER_UNPROTECTED);
- service_manager::SandboxWin::SetJobLevel(
+ sandbox::policy::SandboxWin::SetJobLevel(
cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
}
- if (sandbox_type_ == service_manager::SandboxType::kSharingService) {
- if (service_manager::IsWin32kLockdownEnabled()) {
+ if (sandbox_type_ == sandbox::policy::SandboxType::kSharingService) {
+ if (sandbox::policy::IsWin32kLockdownEnabled()) {
auto result =
- service_manager::SandboxWin::AddWin32kLockdownPolicy(policy, false);
+ sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy, false);
if (result != sandbox::SBOX_ALL_OK)
return false;
}
@@ -226,19 +226,19 @@
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
ZygoteHandle GetZygote() override {
// If the sandbox has been disabled for a given type, don't use a zygote.
- if (service_manager::IsUnsandboxedSandboxType(sandbox_type_))
+ if (sandbox::policy::IsUnsandboxedSandboxType(sandbox_type_))
return nullptr;
// Utility processes which need specialized sandboxes fork from the
// unsandboxed zygote and then apply their actual sandboxes in the forked
// process upon startup.
- if (sandbox_type_ == service_manager::SandboxType::kNetwork ||
+ if (sandbox_type_ == sandbox::policy::SandboxType::kNetwork ||
#if defined(OS_CHROMEOS)
- sandbox_type_ == service_manager::SandboxType::kIme ||
- sandbox_type_ == service_manager::SandboxType::kTts ||
+ sandbox_type_ == sandbox::policy::SandboxType::kIme ||
+ sandbox_type_ == sandbox::policy::SandboxType::kTts ||
#endif // OS_CHROMEOS
- sandbox_type_ == service_manager::SandboxType::kAudio ||
- sandbox_type_ == service_manager::SandboxType::kSpeechRecognition) {
+ sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
+ sandbox_type_ == sandbox::policy::SandboxType::kSpeechRecognition) {
return GetUnsandboxedZygote();
}
@@ -251,7 +251,7 @@
base::EnvironmentMap GetEnvironment() override { return env_; }
#endif // OS_POSIX
- service_manager::SandboxType GetSandboxType() override {
+ sandbox::policy::SandboxType GetSandboxType() override {
return sandbox_type_;
}
@@ -259,7 +259,7 @@
#if defined(OS_POSIX)
base::EnvironmentMap env_;
#endif // OS_POSIX
- service_manager::SandboxType sandbox_type_;
+ sandbox::policy::SandboxType sandbox_type_;
base::CommandLine cmd_line_;
};
@@ -274,7 +274,7 @@
: UtilityProcessHost(nullptr /* client */) {}
UtilityProcessHost::UtilityProcessHost(std::unique_ptr<Client> client)
- : sandbox_type_(service_manager::SandboxType::kUtility),
+ : sandbox_type_(sandbox::policy::SandboxType::kUtility),
#if defined(OS_LINUX)
child_flags_(ChildProcessHost::CHILD_ALLOW_SELF),
#else
@@ -305,7 +305,7 @@
}
void UtilityProcessHost::SetSandboxType(
- service_manager::SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
sandbox_type_ = sandbox_type;
}
@@ -394,7 +394,7 @@
// not needed on Android anyway. See crbug.com/500854.
std::unique_ptr<base::CommandLine> cmd_line =
std::make_unique<base::CommandLine>(base::CommandLine::NO_PROGRAM);
- if (sandbox_type_ == service_manager::SandboxType::kNetwork &&
+ if (sandbox_type_ == sandbox::policy::SandboxType::kNetwork &&
base::FeatureList::IsEnabled(features::kWarmUpNetworkProcess)) {
process_->EnableWarmUpConnection();
}
@@ -432,7 +432,7 @@
cmd_line->AppendArg(switches::kPrefetchArgumentOther);
#endif // defined(OS_WIN)
- service_manager::SetCommandLineFlagsForSandboxType(cmd_line.get(),
+ sandbox::policy::SetCommandLineFlagsForSandboxType(cmd_line.get(),
sandbox_type_);
// Browser command-line switches to propagate to the utility process.
@@ -445,13 +445,13 @@
network::switches::kLogNetLog,
network::switches::kNetLogCaptureMode,
network::switches::kExplicitlyAllowedPorts,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kNoSandbox,
#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
switches::kDisableDevShmUsage,
#endif
- service_manager::switches::kEnableAudioServiceSandbox,
+ sandbox::policy::switches::kEnableAudioServiceSandbox,
#if defined(OS_MACOSX)
- service_manager::switches::kEnableSandboxLogging,
+ sandbox::policy::switches::kEnableSandboxLogging,
os_crypt::switches::kUseMockKeychain,
#endif
switches::kDisableTestCerts,
@@ -498,7 +498,7 @@
switches::kTrySupportedChannelLayouts,
switches::kWaveOutBuffers,
switches::kWebXrForceRuntime,
- service_manager::switches::kAddXrAppContainerCaps,
+ sandbox::policy::switches::kAddXrAppContainerCaps,
#endif
};
cmd_line->CopySwitchesFrom(browser_command_line, kSwitchNames,
diff --git a/content/browser/utility_process_host.h b/content/browser/utility_process_host.h
index 00add833..cbc920a 100644
--- a/content/browser/utility_process_host.h
+++ b/content/browser/utility_process_host.h
@@ -23,10 +23,10 @@
#include "mojo/public/cpp/bindings/generic_pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/system/message_pipe.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/cpp/identity.h"
#include "services/service_manager/public/cpp/service.h"
#include "services/service_manager/public/mojom/service.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
namespace base {
class Thread;
@@ -79,9 +79,9 @@
// Makes the process run with a specific sandbox type, or unsandboxed if
// SandboxType::kNoSandbox is specified.
- void SetSandboxType(service_manager::SandboxType sandbox_type);
+ void SetSandboxType(sandbox::policy::SandboxType sandbox_type);
- service_manager::SandboxType sandbox_type() const { return sandbox_type_; }
+ sandbox::policy::SandboxType sandbox_type() const { return sandbox_type_; }
// Returns information about the utility child process.
const ChildProcessData& GetData();
@@ -135,7 +135,7 @@
void BindHostReceiver(mojo::GenericPendingReceiver receiver) override;
// Launch the child process with switches that will setup this sandbox type.
- service_manager::SandboxType sandbox_type_;
+ sandbox::policy::SandboxType sandbox_type_;
// ChildProcessHost flags to use when starting the child process.
int child_flags_;
diff --git a/content/browser/utility_process_host_browsertest.cc b/content/browser/utility_process_host_browsertest.cc
index 7b5cbec..3033f261f 100644
--- a/content/browser/utility_process_host_browsertest.cc
+++ b/content/browser/utility_process_host_browsertest.cc
@@ -69,7 +69,7 @@
#if defined(OS_WIN)
if (elevated)
host->SetSandboxType(
- service_manager::SandboxType::kNoSandboxAndElevatedPrivileges);
+ sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges);
#endif
EXPECT_TRUE(host->Start());
diff --git a/content/browser/utility_process_sandbox_browsertest.cc b/content/browser/utility_process_sandbox_browsertest.cc
index 51cecca..105d97d 100644
--- a/content/browser/utility_process_sandbox_browsertest.cc
+++ b/content/browser/utility_process_sandbox_browsertest.cc
@@ -16,12 +16,12 @@
#include "content/public/test/content_browser_test.h"
#include "content/public/test/test_service.mojom.h"
#include "mojo/public/cpp/bindings/remote.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/tests/sandbox_status.test-mojom.h"
-using service_manager::SandboxLinux;
-using service_manager::SandboxType;
+using sandbox::policy::SandboxLinux;
+using sandbox::policy::SandboxType;
namespace {
@@ -29,7 +29,7 @@
std::vector<SandboxType> types;
// We need the standard sandbox config to run this test.
if (base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoSandbox)) {
+ sandbox::policy::switches::kNoSandbox)) {
return types;
}
@@ -164,7 +164,7 @@
testing::ValuesIn(GetSandboxTypesToTest()),
[](const testing::TestParamInfo<
UtilityProcessSandboxBrowserTest::ParamType>& info) {
- auto name = service_manager::StringFromUtilitySandboxType(info.param);
+ auto name = sandbox::policy::StringFromUtilitySandboxType(info.param);
name[0] = base::ToUpperASCII(name[0]);
return name;
});
diff --git a/content/browser/zygote_host/zygote_browsertest.cc b/content/browser/zygote_host/zygote_browsertest.cc
index f7339c77..7ec7f4f9 100644
--- a/content/browser/zygote_host/zygote_browsertest.cc
+++ b/content/browser/zygote_host/zygote_browsertest.cc
@@ -14,9 +14,9 @@
#include "content/public/test/content_browser_test.h"
#include "content/public/test/content_browser_test_utils.h"
#include "content/shell/browser/shell.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/switches.h"
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
#include "content/browser/zygote_host/zygote_host_impl_linux.h"
#include "content/common/zygote/zygote_communication_linux.h"
@@ -55,15 +55,15 @@
// We need zygotes and the standard sandbox config to run this test.
if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoZygote) ||
base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoSandbox)) {
+ sandbox::policy::switches::kNoSandbox)) {
return;
}
// Sanity check the sandbox flags we expect to be everywhere.
const int flags = GetGenericZygote()->GetSandboxStatus();
- constexpr int kExpectedFlags = service_manager::SandboxLinux::kPIDNS |
- service_manager::SandboxLinux::kNetNS |
- service_manager::SandboxLinux::kUserNS;
+ constexpr int kExpectedFlags = sandbox::policy::SandboxLinux::kPIDNS |
+ sandbox::policy::SandboxLinux::kNetNS |
+ sandbox::policy::SandboxLinux::kUserNS;
EXPECT_EQ(kExpectedFlags, flags & kExpectedFlags);
EXPECT_EQ(GetUnsandboxedZygote()->GetSandboxStatus(), 0);
@@ -79,7 +79,7 @@
void SetUpCommandLine(base::CommandLine* command_line) override {
ContentBrowserTest::SetUpCommandLine(command_line);
command_line->AppendSwitch(switches::kNoZygote);
- command_line->AppendSwitch(service_manager::switches::kNoSandbox);
+ command_line->AppendSwitch(sandbox::policy::switches::kNoSandbox);
}
private:
diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc
index ced1c83..87a0c431 100644
--- a/content/browser/zygote_host/zygote_host_impl_linux.cc
+++ b/content/browser/zygote_host/zygote_host_impl_linux.cc
@@ -21,8 +21,8 @@
#include "sandbox/linux/services/namespace_sandbox.h"
#include "sandbox/linux/suid/client/setuid_sandbox_host.h"
#include "sandbox/linux/suid/common/sandbox.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/switches.h"
namespace content {
@@ -73,7 +73,7 @@
}
void ZygoteHostImpl::Init(const base::CommandLine& command_line) {
- if (command_line.HasSwitch(service_manager::switches::kNoSandbox)) {
+ if (command_line.HasSwitch(sandbox::policy::switches::kNoSandbox)) {
return;
}
@@ -88,7 +88,7 @@
gid_t gid = 0;
if (!sandbox::Credentials::GetRESIds(&uid, &gid) || uid == 0) {
LOG(ERROR) << "Running as root without --"
- << service_manager::switches::kNoSandbox
+ << sandbox::policy::switches::kNoSandbox
<< " is not supported. See https://crbug.com/638180.";
exit(EXIT_FAILURE);
}
@@ -100,11 +100,11 @@
}
if (!command_line.HasSwitch(
- service_manager::switches::kDisableNamespaceSandbox) &&
+ sandbox::policy::switches::kDisableNamespaceSandbox) &&
sandbox::Credentials::CanCreateProcessInNewUserNS()) {
use_namespace_sandbox_ = true;
} else if (!command_line.HasSwitch(
- service_manager::switches::kDisableSetuidSandbox) &&
+ sandbox::policy::switches::kDisableSetuidSandbox) &&
!sandbox_binary_.empty()) {
use_suid_sandbox_ = true;
@@ -121,7 +121,7 @@
"developing with the SUID sandbox. "
"If you want to live dangerously and need an immediate workaround, "
"you can try using --"
- << service_manager::switches::kNoSandbox << ".";
+ << sandbox::policy::switches::kNoSandbox << ".";
}
}
@@ -156,7 +156,7 @@
options.fds_to_remap.emplace_back(fds[1], kZygoteSocketPairFd);
const bool is_sandboxed_zygote =
- !cmd_line->HasSwitch(service_manager::switches::kNoZygoteSandbox);
+ !cmd_line->HasSwitch(sandbox::policy::switches::kNoZygoteSandbox);
base::ScopedFD dummy_fd;
if (is_sandboxed_zygote && use_suid_sandbox_) {
@@ -196,7 +196,7 @@
CHECK_GT(boot_pid, 1)
<< "Received invalid process ID for zygote; kernel might be too old? "
"See crbug.com/357670 or try using --"
- << service_manager::switches::kNoSandbox << " to workaround.";
+ << sandbox::policy::switches::kNoSandbox << " to workaround.";
// Now receive the message that the zygote's ready to go, along with the
// main zygote process's ID.
diff --git a/content/child/child_process.cc b/content/child/child_process.cc
index 0f4fa57..8be56cd8 100644
--- a/content/child/child_process.cc
+++ b/content/child/child_process.cc
@@ -19,7 +19,7 @@
#include "content/common/android/cpu_time_metrics.h"
#include "content/common/mojo_core_library_support.h"
#include "mojo/public/cpp/system/dynamic_library_support.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/tracing/public/cpp/trace_startup.h"
#include "third_party/blink/public/common/features.h"
@@ -50,8 +50,8 @@
// have already loaded the library via |mojo::LoadCoreLibrary()|, rendering
// this call safe even from within a strict sandbox.
MojoInitializeFlags flags = MOJO_INITIALIZE_FLAG_NONE;
- if (service_manager::IsUnsandboxedSandboxType(
- service_manager::SandboxTypeFromCommandLine(command_line))) {
+ if (sandbox::policy::IsUnsandboxedSandboxType(
+ sandbox::policy::SandboxTypeFromCommandLine(command_line))) {
flags |= MOJO_INITIALIZE_FLAG_FORCE_DIRECT_SHARED_MEMORY_ALLOCATION;
}
CHECK_EQ(MOJO_RESULT_OK, mojo::InitializeCoreLibrary(flags));
diff --git a/content/child/child_thread_impl.cc b/content/child/child_thread_impl.cc
index 78e5cd79..5ffeccc 100644
--- a/content/child/child_thread_impl.cc
+++ b/content/child/child_thread_impl.cc
@@ -70,11 +70,11 @@
#include "mojo/public/cpp/system/buffer.h"
#include "mojo/public/cpp/system/invitation.h"
#include "mojo/public/cpp/system/platform_handle.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/device/public/cpp/power_monitor/power_monitor_broadcast_source.h"
#include "services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.h"
#include "services/resource_coordinator/public/mojom/memory_instrumentation/memory_instrumentation.mojom.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "services/tracing/public/cpp/background_tracing/background_tracing_agent_impl.h"
#include "services/tracing/public/cpp/background_tracing/background_tracing_agent_provider_impl.h"
diff --git a/content/common/BUILD.gn b/content/common/BUILD.gn
index 343b001e..6bac21d 100644
--- a/content/common/BUILD.gn
+++ b/content/common/BUILD.gn
@@ -214,9 +214,9 @@
"//cc/ipc",
"//gpu/command_buffer/common",
"//ipc",
+ "//sandbox/policy",
"//services/network:network_service",
"//services/service_manager/public/cpp",
- "//services/service_manager/sandbox",
"//third_party/blink/public:blink_headers",
"//third_party/blink/public/common",
"//ui/accessibility",
@@ -309,8 +309,8 @@
if (is_android && use_seccomp_bpf) {
set_sources_assignment_filter([])
sources += [
- "//services/service_manager/sandbox/linux/bpf_base_policy_linux.cc",
- "//services/service_manager/sandbox/linux/bpf_base_policy_linux.h",
+ "//sandbox/policy/linux/bpf_base_policy_linux.cc",
+ "//sandbox/policy/linux/bpf_base_policy_linux.h",
]
set_sources_assignment_filter(sources_assignment_filter)
}
diff --git a/content/common/DEPS b/content/common/DEPS
index 8154671..b559e48 100644
--- a/content/common/DEPS
+++ b/content/common/DEPS
@@ -10,7 +10,6 @@
"+services/network/public/mojom",
"+services/resource_coordinator/public/mojom",
"+services/service_manager/public/cpp",
- "+services/service_manager/sandbox",
"+services/video_capture/public/mojom",
"+services/viz/public/cpp",
"+services/viz/public/mojom",
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 4d81210..8184861 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -10,19 +10,19 @@
#include "base/files/scoped_file.h"
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/policy.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
namespace content {
bool InitializeSandbox(std::unique_ptr<sandbox::bpf_dsl::Policy> policy,
base::ScopedFD proc_fd) {
- return service_manager::SandboxSeccompBPF::StartSandboxWithExternalPolicy(
+ return sandbox::policy::SandboxSeccompBPF::StartSandboxWithExternalPolicy(
std::move(policy), std::move(proc_fd));
}
#if !defined(OS_NACL_NONSFI)
std::unique_ptr<sandbox::bpf_dsl::Policy> GetBPFSandboxBaselinePolicy() {
- return service_manager::SandboxSeccompBPF::GetBaselinePolicy();
+ return sandbox::policy::SandboxSeccompBPF::GetBaselinePolicy();
}
#endif // !defined(OS_NACL_NONSFI)
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc
index e681cf8..34191d1e 100644
--- a/content/common/sandbox_init_mac.cc
+++ b/content/common/sandbox_init_mac.cc
@@ -18,9 +18,9 @@
#include "media/gpu/mac/vt_video_decode_accelerator_mac.h"
#include "sandbox/mac/seatbelt.h"
#include "sandbox/mac/seatbelt_exec.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/sandbox_type.h"
#include "ui/gl/init/gl_factory.h"
namespace content {
@@ -29,9 +29,9 @@
// Helper method to make a closure from a closure.
base::OnceClosure MaybeWrapWithGPUSandboxHook(
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
base::OnceClosure original) {
- if (sandbox_type != service_manager::SandboxType::kGpu)
+ if (sandbox_type != sandbox::policy::SandboxType::kGpu)
return original;
return base::BindOnce(
@@ -78,12 +78,12 @@
// Fill in |sandbox_type| based on the command line. Returns false if the
// current process type doesn't need to be sandboxed or if the sandbox was
// disabled from the command line.
-bool GetSandboxTypeFromCommandLine(service_manager::SandboxType* sandbox_type) {
+bool GetSandboxTypeFromCommandLine(sandbox::policy::SandboxType* sandbox_type) {
DCHECK(sandbox_type);
auto* command_line = base::CommandLine::ForCurrentProcess();
- *sandbox_type = service_manager::SandboxTypeFromCommandLine(*command_line);
- if (service_manager::IsUnsandboxedSandboxType(*sandbox_type))
+ *sandbox_type = sandbox::policy::SandboxTypeFromCommandLine(*command_line);
+ if (IsUnsandboxedSandboxType(*sandbox_type))
return false;
if (command_line->HasSwitch(sandbox::switches::kSeatbeltClientName)) {
@@ -97,17 +97,17 @@
} // namespace
-bool InitializeSandbox(service_manager::SandboxType sandbox_type) {
- return service_manager::Sandbox::Initialize(
+bool InitializeSandbox(sandbox::policy::SandboxType sandbox_type) {
+ return sandbox::policy::Sandbox::Initialize(
sandbox_type,
MaybeWrapWithGPUSandboxHook(sandbox_type, base::OnceClosure()));
}
bool InitializeSandbox(base::OnceClosure post_warmup_hook) {
- service_manager::SandboxType sandbox_type =
- service_manager::SandboxType::kNoSandbox;
+ sandbox::policy::SandboxType sandbox_type =
+ sandbox::policy::SandboxType::kNoSandbox;
return !GetSandboxTypeFromCommandLine(&sandbox_type) ||
- service_manager::Sandbox::Initialize(
+ sandbox::policy::Sandbox::Initialize(
sandbox_type, MaybeWrapWithGPUSandboxHook(
sandbox_type, std::move(post_warmup_hook)));
}
diff --git a/content/common/sandbox_init_win.cc b/content/common/sandbox_init_win.cc
index e363bd2..8d8e925 100644
--- a/content/common/sandbox_init_win.cc
+++ b/content/common/sandbox_init_win.cc
@@ -12,16 +12,16 @@
#include "content/public/common/content_switches.h"
#include "content/public/common/sandbox_init.h"
#include "content/public/common/sandboxed_process_launcher_delegate.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox.h"
#include "sandbox/win/src/sandbox_types.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
namespace content {
-bool InitializeSandbox(service_manager::SandboxType sandbox_type,
+bool InitializeSandbox(sandbox::policy::SandboxType sandbox_type,
sandbox::SandboxInterfaceInfo* sandbox_info) {
- return service_manager::Sandbox::Initialize(sandbox_type, sandbox_info);
+ return sandbox::policy::Sandbox::Initialize(sandbox_type, sandbox_info);
}
sandbox::ResultCode StartSandboxedProcess(
@@ -47,7 +47,7 @@
child_command_line->AppendSwitch(switches::kWaitForDebugger);
}
- return service_manager::SandboxWin::StartSandboxedProcess(
+ return sandbox::policy::SandboxWin::StartSandboxedProcess(
child_command_line, type_str, handles_to_inherit, delegate, process);
}
diff --git a/content/common/zygote/sandbox_support_linux.cc b/content/common/zygote/sandbox_support_linux.cc
index dabc1009f..f23c5c9 100644
--- a/content/common/zygote/sandbox_support_linux.cc
+++ b/content/common/zygote/sandbox_support_linux.cc
@@ -8,8 +8,8 @@
#include "base/posix/global_descriptors.h"
#include "base/posix/unix_domain_socket.h"
#include "build/build_config.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#include "services/service_manager/embedder/descriptors.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
namespace content {
@@ -18,7 +18,7 @@
bool executable) {
base::Pickle request;
request.WriteInt(
- service_manager::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT);
+ sandbox::policy::SandboxLinux::METHOD_MAKE_SHARED_MEMORY_SEGMENT);
request.WriteUInt32(length);
request.WriteBool(executable);
uint8_t reply_buf[10];
diff --git a/content/common/zygote/zygote_communication_linux.cc b/content/common/zygote/zygote_communication_linux.cc
index 4ae0b9e..9b7866d 100644
--- a/content/common/zygote/zygote_communication_linux.cc
+++ b/content/common/zygote/zygote_communication_linux.cc
@@ -19,9 +19,9 @@
#include "base/stl_util.h"
#include "content/common/zygote/zygote_commands_linux.h"
#include "content/public/common/content_switches.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/embedder/result_codes.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/icu/source/i18n/unicode/timezone.h"
namespace content {
@@ -230,7 +230,7 @@
service_manager::switches::kZygoteProcess);
if (type_ == ZygoteType::kUnsandboxed)
- cmd_line.AppendSwitch(service_manager::switches::kNoZygoteSandbox);
+ cmd_line.AppendSwitch(sandbox::policy::switches::kNoZygoteSandbox);
const base::CommandLine& browser_command_line =
*base::CommandLine::ForCurrentProcess();
@@ -241,10 +241,10 @@
// Append any switches from the service manager that need to be forwarded on
// to the zygote/renderers.
static const char* const kForwardSwitches[] = {
- service_manager::switches::kAllowSandboxDebugging,
+ sandbox::policy::switches::kAllowSandboxDebugging,
service_manager::switches::kDisableInProcessStackTraces,
- service_manager::switches::kDisableSeccompFilterSandbox,
- service_manager::switches::kNoSandbox,
+ sandbox::policy::switches::kDisableSeccompFilterSandbox,
+ sandbox::policy::switches::kNoSandbox,
};
cmd_line.CopySwitchesFrom(browser_command_line, kForwardSwitches,
base::size(kForwardSwitches));
diff --git a/content/gpu/BUILD.gn b/content/gpu/BUILD.gn
index 354cc7c..478927c3 100644
--- a/content/gpu/BUILD.gn
+++ b/content/gpu/BUILD.gn
@@ -73,10 +73,10 @@
"//components/viz/service/main",
"//media/gpu/ipc/service",
"//media/mojo/clients:clients",
+ "//sandbox/policy:chromecast_sandbox_whitelist_buildflags",
"//services/service_manager/embedder",
"//services/service_manager/public/cpp",
"//services/service_manager/public/mojom",
- "//services/service_manager/sandbox:chromecast_sandbox_whitelist_buildflags",
"//services/shape_detection:lib",
"//services/shape_detection/public/mojom",
"//services/tracing/public/cpp",
diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc
index 82f5545..1a2c3b6 100644
--- a/content/gpu/gpu_main.cc
+++ b/content/gpu/gpu_main.cc
@@ -88,7 +88,7 @@
#if defined(OS_LINUX)
#include "content/gpu/gpu_sandbox_hook_linux.h"
#include "content/public/common/sandbox_init.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#endif
#if defined(OS_MACOSX)
@@ -98,7 +98,7 @@
#include "content/public/common/content_features.h"
#include "media/gpu/mac/vt_video_decode_accelerator_mac.h"
#include "sandbox/mac/seatbelt.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
#endif
#if BUILDFLAG(USE_VAAPI)
@@ -459,12 +459,12 @@
if (watchdog_thread) {
// SandboxLinux needs to be able to ensure that the thread
// has really been stopped.
- service_manager::SandboxLinux::GetInstance()->StopThread(watchdog_thread);
+ sandbox::policy::SandboxLinux::GetInstance()->StopThread(watchdog_thread);
}
// SandboxLinux::InitializeSandbox() must always be called
// with only one thread.
- service_manager::SandboxLinux::Options sandbox_options;
+ sandbox::policy::SandboxLinux::Options sandbox_options;
sandbox_options.use_amd_specific_policies =
gpu_info && angle::IsAMD(gpu_info->active_gpu().vendor_id);
sandbox_options.use_intel_specific_policies =
@@ -474,8 +474,8 @@
sandbox_options.accelerated_video_encode_enabled =
!gpu_prefs.disable_accelerated_video_encode;
- bool res = service_manager::SandboxLinux::GetInstance()->InitializeSandbox(
- service_manager::SandboxTypeFromCommandLine(
+ bool res = sandbox::policy::SandboxLinux::GetInstance()->InitializeSandbox(
+ sandbox::policy::SandboxTypeFromCommandLine(
*base::CommandLine::ForCurrentProcess()),
base::BindOnce(GpuProcessPreSandboxHook), sandbox_options);
diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc
index 932f2ef..742e9576 100644
--- a/content/gpu/gpu_sandbox_hook_linux.cc
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
@@ -26,12 +26,12 @@
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
+#include "sandbox/policy/chromecast_sandbox_whitelist_buildflags.h"
+#include "sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_gpu_policy_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#include "services/service_manager/embedder/set_process_title.h"
-#include "services/service_manager/sandbox/chromecast_sandbox_whitelist_buildflags.h"
-#include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Policy;
using sandbox::syscall_broker::BrokerFilePermission;
@@ -102,7 +102,7 @@
void AddV4L2GpuWhitelist(
std::vector<BrokerFilePermission>* permissions,
- const service_manager::SandboxSeccompBPF::Options& options) {
+ const sandbox::policy::SandboxSeccompBPF::Options& options) {
if (options.accelerated_video_decode_enabled) {
// Device nodes for V4L2 video decode accelerator drivers.
// We do not use a FileEnumerator because the device files may not exist
@@ -322,7 +322,7 @@
}
std::vector<BrokerFilePermission> FilePermissionsForGpu(
- const service_manager::SandboxSeccompBPF::Options& options) {
+ const sandbox::policy::SandboxSeccompBPF::Options& options) {
// All GPU process policies need this file brokered out.
static const char kDriRcPath[] = "/etc/drirc";
std::vector<BrokerFilePermission> permissions = {
@@ -396,13 +396,13 @@
}
bool IsAcceleratedVideoEnabled(
- const service_manager::SandboxSeccompBPF::Options& options) {
+ const sandbox::policy::SandboxSeccompBPF::Options& options) {
return options.accelerated_video_encode_enabled ||
options.accelerated_video_decode_enabled;
}
void LoadV4L2Libraries(
- const service_manager::SandboxSeccompBPF::Options& options) {
+ const sandbox::policy::SandboxSeccompBPF::Options& options) {
if (IsAcceleratedVideoEnabled(options) && UseLibV4L2()) {
dlopen(kLibV4l2Path, dlopen_flag);
@@ -423,7 +423,7 @@
}
bool LoadLibrariesForGpu(
- const service_manager::SandboxSeccompBPF::Options& options) {
+ const sandbox::policy::SandboxSeccompBPF::Options& options) {
if (IsChromeOS()) {
if (UseV4L2Codec())
LoadV4L2Libraries(options);
@@ -442,7 +442,7 @@
}
sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU(
- const service_manager::SandboxLinux::Options& options) {
+ const sandbox::policy::SandboxLinux::Options& options) {
sandbox::syscall_broker::BrokerCommandSet command_set;
command_set.set(sandbox::syscall_broker::COMMAND_ACCESS);
command_set.set(sandbox::syscall_broker::COMMAND_OPEN);
@@ -455,7 +455,7 @@
}
bool BrokerProcessPreSandboxHook(
- service_manager::SandboxLinux::Options options) {
+ sandbox::policy::SandboxLinux::Options options) {
// Oddly enough, we call back into gpu to invoke this service manager
// method, since it is part of the embedder component, and the service
// mananger's sandbox component is a lower layer that can't depend on it.
@@ -465,8 +465,8 @@
} // namespace
-bool GpuProcessPreSandboxHook(service_manager::SandboxLinux::Options options) {
- service_manager::SandboxLinux::GetInstance()->StartBrokerProcess(
+bool GpuProcessPreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
+ sandbox::policy::SandboxLinux::GetInstance()->StartBrokerProcess(
CommandSetForGPU(options), FilePermissionsForGpu(options),
base::BindOnce(BrokerProcessPreSandboxHook), options);
diff --git a/content/gpu/gpu_sandbox_hook_linux.h b/content/gpu/gpu_sandbox_hook_linux.h
index e1651d1..2cd6918 100644
--- a/content/gpu/gpu_sandbox_hook_linux.h
+++ b/content/gpu/gpu_sandbox_hook_linux.h
@@ -5,11 +5,11 @@
#ifndef CONTENT_GPU_GPU_SANDBOX_HOOK_LINUX_H_
#define CONTENT_GPU_GPU_SANDBOX_HOOK_LINUX_H_
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace content {
-bool GpuProcessPreSandboxHook(service_manager::SandboxLinux::Options options);
+bool GpuProcessPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace content
diff --git a/content/ppapi_plugin/DEPS b/content/ppapi_plugin/DEPS
index 62185ebf..fa325c5 100644
--- a/content/ppapi_plugin/DEPS
+++ b/content/ppapi_plugin/DEPS
@@ -6,6 +6,5 @@
"+ppapi/c",
"+ppapi/proxy",
"+services/service_manager/public/cpp",
- "+services/service_manager/sandbox",
"+services/tracing/public",
]
diff --git a/content/ppapi_plugin/ppapi_plugin_main.cc b/content/ppapi_plugin/ppapi_plugin_main.cc
index bf0ac811..32d45105 100644
--- a/content/ppapi_plugin/ppapi_plugin_main.cc
+++ b/content/ppapi_plugin/ppapi_plugin_main.cc
@@ -44,7 +44,7 @@
#if defined(OS_LINUX)
#include "content/public/common/sandbox_init.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#endif
#ifdef V8_USE_EXTERNAL_STARTUP_DATA
@@ -121,10 +121,10 @@
#endif
#if defined(OS_LINUX)
- service_manager::SandboxLinux::GetInstance()->InitializeSandbox(
- service_manager::SandboxTypeFromCommandLine(command_line),
- service_manager::SandboxLinux::PreSandboxHook(),
- service_manager::SandboxLinux::Options());
+ sandbox::policy::SandboxLinux::GetInstance()->InitializeSandbox(
+ sandbox::policy::SandboxTypeFromCommandLine(command_line),
+ sandbox::policy::SandboxLinux::PreSandboxHook(),
+ sandbox::policy::SandboxLinux::Options());
#endif
ChildProcess ppapi_process;
diff --git a/content/public/DEPS b/content/public/DEPS
index 37cb1e4..0e0a300 100644
--- a/content/public/DEPS
+++ b/content/public/DEPS
@@ -4,7 +4,6 @@
"+services/cert_verifier/public/mojom",
"+services/network/public/mojom",
"+services/service_manager/public",
- "+services/service_manager/sandbox",
# This file does not belong in content/public as it should not be
# included directly by embedders of content/. It must however be
diff --git a/content/public/browser/DEPS b/content/public/browser/DEPS
index 7be5bc6..de8d3de 100644
--- a/content/public/browser/DEPS
+++ b/content/public/browser/DEPS
@@ -17,7 +17,6 @@
"+services/metrics/public/cpp",
"+services/network/public/cpp",
"+services/resource_coordinator/public",
- "+services/service_manager/sandbox",
"+services/tracing/public/mojom",
"+services/video_capture/public/mojom",
"+services/viz/public/mojom",
diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
index 70ab5e7..3fe77cc 100644
--- a/content/public/browser/content_browser_client.cc
+++ b/content/public/browser/content_browser_client.cc
@@ -41,11 +41,11 @@
#include "net/ssl/client_cert_identity.h"
#include "net/ssl/client_cert_store.h"
#include "net/url_request/url_request_context_getter.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/device/public/cpp/geolocation/location_provider.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/service_manager/public/cpp/manifest.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "storage/browser/quota/quota_manager.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/loader/url_loader_throttle.h"
@@ -691,7 +691,7 @@
}
base::string16 ContentBrowserClient::GetAppContainerSidForSandboxType(
- service_manager::SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
// Embedders should override this method and return different SIDs for each
// sandbox type. Note: All content level tests will run child processes in the
// same AppContainer.
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index e89dd60..a781173 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -118,7 +118,6 @@
namespace service_manager {
class Identity;
struct Manifest;
-enum class SandboxType;
class Service;
template <typename...>
@@ -152,6 +151,9 @@
namespace sandbox {
class TargetPolicy;
+namespace policy {
+enum class SandboxType;
+} // namespace policy
} // namespace sandbox
namespace ui {
@@ -1176,7 +1178,7 @@
// empty string if this sandboxed process type does not support living inside
// an AppContainer. Called on PROCESS_LAUNCHER thread.
virtual base::string16 GetAppContainerSidForSandboxType(
- service_manager::SandboxType sandbox_type);
+ sandbox::policy::SandboxType sandbox_type);
// Returns whether renderer code integrity is enabled.
// This is called on the UI thread.
diff --git a/content/public/browser/sandbox_type.h b/content/public/browser/sandbox_type.h
index cc6d830..1f217e9 100644
--- a/content/public/browser/sandbox_type.h
+++ b/content/public/browser/sandbox_type.h
@@ -5,12 +5,13 @@
#ifndef CONTENT_PUBLIC_BROWSER_SANDBOX_TYPE_H_
#define CONTENT_PUBLIC_BROWSER_SANDBOX_TYPE_H_
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
namespace content {
-// TODO(crbug.com/977637): Move the definition into this header.
-using SandboxType = service_manager::SandboxType;
+// TODO(crbug.com/1097376): Remove this header and replace users with
+// sandbox/policy/sandbox_type.h.
+using SandboxType = sandbox::policy::SandboxType;
} // namespace content
diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
index f24ff23..5f463bdf 100644
--- a/content/public/common/content_switches.cc
+++ b/content/public/common/content_switches.cc
@@ -697,7 +697,7 @@
const char kRendererProcessLimit[] = "renderer-process-limit";
// Causes the renderer process to display a dialog on launch. Passing this flag
-// also adds service_manager::kNoSandbox on Windows non-official builds, since
+// also adds sandbox::policy::kNoSandbox on Windows non-official builds, since
// that's needed to show a dialog.
const char kRendererStartupDialog[] = "renderer-startup-dialog";
diff --git a/content/public/common/sandbox_init.h b/content/public/common/sandbox_init.h
index 2a49ce9..e4cc793 100644
--- a/content/public/common/sandbox_init.h
+++ b/content/public/common/sandbox_init.h
@@ -14,7 +14,7 @@
#include "base/process/process_handle.h"
#include "build/build_config.h"
#include "content/common/content_export.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
namespace base {
class CommandLine;
@@ -41,7 +41,7 @@
// occurred. If process_type isn't one that needs sandboxing true is always
// returned.
CONTENT_EXPORT bool InitializeSandbox(
- service_manager::SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
sandbox::SandboxInterfaceInfo* sandbox_info);
// Launch a sandboxed process. |delegate| may be NULL. If |delegate| is non-NULL
@@ -64,7 +64,7 @@
// occurred. If process_type isn't one that needs sandboxing, no action is
// taken and true is always returned.
CONTENT_EXPORT bool InitializeSandbox(
- service_manager::SandboxType sandbox_type);
+ sandbox::policy::SandboxType sandbox_type);
// Initialize the sandbox for renderer, gpu, utility, worker, and plugin
// processes, depending on the command line flags. For the browser process which
diff --git a/content/public/common/sandboxed_process_launcher_delegate.h b/content/public/common/sandboxed_process_launcher_delegate.h
index 03336bc..dff4f8e 100644
--- a/content/public/common/sandboxed_process_launcher_delegate.h
+++ b/content/public/common/sandboxed_process_launcher_delegate.h
@@ -11,8 +11,8 @@
#include "build/build_config.h"
#include "content/common/content_export.h"
#include "content/public/common/zygote/zygote_buildflags.h"
-#include "services/service_manager/sandbox/sandbox_delegate.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_delegate.h"
+#include "sandbox/policy/sandbox_type.h"
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
#include "content/public/common/zygote/zygote_handle.h" // nogncheck
@@ -25,7 +25,7 @@
// i.e. to loosen it if needed.
// The methods below will be called on the PROCESS_LAUNCHER thread.
class CONTENT_EXPORT SandboxedProcessLauncherDelegate
- : public service_manager::SandboxDelegate {
+ : public sandbox::policy::SandboxDelegate {
public:
~SandboxedProcessLauncherDelegate() override {}
diff --git a/content/public/test/network_service_test_helper.cc b/content/public/test/network_service_test_helper.cc
index 9d2398f..c2b4481 100644
--- a/content/public/test/network_service_test_helper.cc
+++ b/content/public/test/network_service_test_helper.cc
@@ -31,13 +31,13 @@
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/spawned_test_server/spawned_test_server.h"
#include "net/test/test_data_directory.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/network/cookie_manager.h"
#include "services/network/host_resolver.h"
#include "services/network/network_context.h"
#include "services/network/network_service.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/mojom/network_change_manager.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#if defined(OS_ANDROID)
#include "base/test/android/url_utils.h"
@@ -294,10 +294,10 @@
base::Unretained(this)));
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
- service_manager::SandboxType sandbox_type =
- service_manager::SandboxTypeFromCommandLine(*command_line);
+ sandbox::policy::SandboxType sandbox_type =
+ sandbox::policy::SandboxTypeFromCommandLine(*command_line);
if (IsUnsandboxedSandboxType(sandbox_type) ||
- sandbox_type == service_manager::SandboxType::kNetwork) {
+ sandbox_type == sandbox::policy::SandboxType::kNetwork) {
// Register the EmbeddedTestServer's certs, so that any SSL connections to
// it succeed. Only do this when file I/O is allowed in the current process.
#if defined(OS_ANDROID)
diff --git a/content/public/test/test_launcher.cc b/content/public/test/test_launcher.cc
index db8f9152..6a8be563 100644
--- a/content/public/test/test_launcher.cc
+++ b/content/public/test/test_launcher.cc
@@ -54,9 +54,9 @@
#if defined(OS_WIN)
#include "base/base_switches.h"
#include "content/public/app/sandbox_helper_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_types.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#elif defined(OS_MACOSX)
#include "base/mac/scoped_nsautorelease_pool.h"
#include "sandbox/mac/seatbelt_exec.h"
diff --git a/content/public/test/test_service.cc b/content/public/test/test_service.cc
index 945472e..516fda2c 100644
--- a/content/public/test/test_service.cc
+++ b/content/public/test/test_service.cc
@@ -10,7 +10,7 @@
#include "base/check.h"
#include "base/notreached.h"
#include "base/run_loop.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
namespace content {
@@ -78,7 +78,7 @@
}
void TestService::IsProcessSandboxed(IsProcessSandboxedCallback callback) {
- std::move(callback).Run(service_manager::Sandbox::IsProcessSandboxed());
+ std::move(callback).Run(sandbox::policy::Sandbox::IsProcessSandboxed());
}
} // namespace content
diff --git a/content/public/test/test_service.mojom b/content/public/test/test_service.mojom
index 473e78ed..d9f69af6 100644
--- a/content/public/test/test_service.mojom
+++ b/content/public/test/test_service.mojom
@@ -42,6 +42,6 @@
CreateUnsafeSharedMemoryRegion(string message)
=> (mojo_base.mojom.UnsafeSharedMemoryRegion? region);
- // Returns the result of service_manager::Sandbox::IsProcessSandboxed().
+ // Returns the result of sandbox::policy::Sandbox::IsProcessSandboxed().
IsProcessSandboxed() => (bool is_sandboxed);
};
diff --git a/content/renderer/pepper/content_renderer_pepper_host_factory.cc b/content/renderer/pepper/content_renderer_pepper_host_factory.cc
index 8892d3c0..dbcdc91c0 100644
--- a/content/renderer/pepper/content_renderer_pepper_host_factory.cc
+++ b/content/renderer/pepper/content_renderer_pepper_host_factory.cc
@@ -37,7 +37,7 @@
#include "ppapi/proxy/ppapi_messages.h"
#include "ppapi/proxy/serialized_structs.h"
#include "ppapi/shared_impl/ppb_image_data_shared.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "third_party/blink/public/platform/web_url.h"
#include "third_party/blink/public/web/web_document.h"
#include "third_party/blink/public/web/web_plugin_container.h"
@@ -133,7 +133,7 @@
// TODO(ananta)
// Look into whether this causes a loss of functionality. From cursory
// testing things seem to work well.
- if (service_manager::IsWin32kLockdownEnabled())
+ if (sandbox::policy::IsWin32kLockdownEnabled())
image_type = ppapi::PPB_ImageData_Shared::SIMPLE;
#endif
scoped_refptr<PPB_ImageData_Impl> image_data(new PPB_ImageData_Impl(
diff --git a/content/renderer/pepper/resource_creation_impl.cc b/content/renderer/pepper/resource_creation_impl.cc
index 27dfee54..eecb529f 100644
--- a/content/renderer/pepper/resource_creation_impl.cc
+++ b/content/renderer/pepper/resource_creation_impl.cc
@@ -21,7 +21,7 @@
#include "ppapi/shared_impl/ppb_image_data_shared.h"
#include "ppapi/shared_impl/ppb_input_event_shared.h"
#include "ppapi/shared_impl/var.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if defined(OS_WIN)
#include "base/command_line.h"
@@ -152,7 +152,7 @@
// TODO(ananta)
// Look into whether this causes a loss of functionality. From cursory
// testing things seem to work well.
- if (service_manager::IsWin32kLockdownEnabled())
+ if (sandbox::policy::IsWin32kLockdownEnabled())
return CreateImageDataSimple(instance, format, size, init_to_zero);
#endif
return PPB_ImageData_Impl::Create(instance,
diff --git a/content/renderer/renderer_main.cc b/content/renderer/renderer_main.cc
index 0c7dd6c..c51c9d3 100644
--- a/content/renderer/renderer_main.cc
+++ b/content/renderer/renderer_main.cc
@@ -35,7 +35,7 @@
#include "media/media_buildflags.h"
#include "mojo/public/cpp/bindings/mojo_buildflags.h"
#include "ppapi/buildflags/buildflags.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "services/tracing/public/cpp/trace_startup.h"
#include "third_party/blink/public/platform/platform.h"
#include "third_party/blink/public/platform/scheduler/web_thread_scheduler.h"
@@ -181,7 +181,7 @@
{
bool should_run_loop = true;
bool need_sandbox =
- !command_line.HasSwitch(service_manager::switches::kNoSandbox);
+ !command_line.HasSwitch(sandbox::policy::switches::kNoSandbox);
#if !defined(OS_WIN) && !defined(OS_MACOSX)
// Sandbox is enabled before RenderProcess initialization on all platforms,
diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc
index ca87fed..e97f908 100644
--- a/content/renderer/renderer_main_platform_delegate_linux.cc
+++ b/content/renderer/renderer_main_platform_delegate_linux.cc
@@ -13,7 +13,7 @@
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/sandbox_init.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
namespace content {
@@ -34,24 +34,24 @@
// https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox.md
//
// Anything else is started in InitializeSandbox().
- service_manager::SandboxLinux::Options options;
- service_manager::Sandbox::Initialize(
- service_manager::SandboxTypeFromCommandLine(
+ sandbox::policy::SandboxLinux::Options options;
+ sandbox::policy::Sandbox::Initialize(
+ sandbox::policy::SandboxTypeFromCommandLine(
*base::CommandLine::ForCurrentProcess()),
- service_manager::SandboxLinux::PreSandboxHook(), options);
+ sandbox::policy::SandboxLinux::PreSandboxHook(), options);
// about:sandbox uses a value returned from SandboxLinux::GetStatus() before
// any renderer has been started.
// Here, we test that the status of SeccompBpf in the renderer is consistent
// with what SandboxLinux::GetStatus() said we would do.
- auto* linux_sandbox = service_manager::SandboxLinux::GetInstance();
- if (linux_sandbox->GetStatus() & service_manager::SandboxLinux::kSeccompBPF) {
+ auto* linux_sandbox = sandbox::policy::SandboxLinux::GetInstance();
+ if (linux_sandbox->GetStatus() & sandbox::policy::SandboxLinux::kSeccompBPF) {
CHECK(linux_sandbox->seccomp_bpf_started());
}
// Under the setuid sandbox, we should not be able to open any file via the
// filesystem.
- if (linux_sandbox->GetStatus() & service_manager::SandboxLinux::kSUID) {
+ if (linux_sandbox->GetStatus() & sandbox::policy::SandboxLinux::kSUID) {
CHECK(!base::PathExists(base::FilePath("/proc/cpuinfo")));
}
diff --git a/content/renderer/renderer_main_platform_delegate_win.cc b/content/renderer/renderer_main_platform_delegate_win.cc
index fa44401..4fb80f41 100644
--- a/content/renderer/renderer_main_platform_delegate_win.cc
+++ b/content/renderer/renderer_main_platform_delegate_win.cc
@@ -17,8 +17,8 @@
#include "content/public/common/injection_test_win.h"
#include "content/public/renderer/render_thread.h"
#include "content/renderer/render_thread_impl.h"
+#include "sandbox/policy/switches.h"
#include "sandbox/win/src/sandbox.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/blink/public/platform/web_runtime_features.h"
#include "third_party/blink/public/web/win/web_font_rendering.h"
#include "third_party/icu/source/i18n/unicode/timezone.h"
@@ -41,7 +41,7 @@
// Be mindful of what resources you acquire here. They can be used by
// malicious code if the renderer gets compromised.
bool no_sandbox =
- command_line.HasSwitch(service_manager::switches::kNoSandbox);
+ command_line.HasSwitch(sandbox::policy::switches::kNoSandbox);
if (!no_sandbox) {
// ICU DateFormat class (used in base/time_format.cc) needs to get the
diff --git a/content/renderer/sandbox_mac_v2_unittest.mm b/content/renderer/sandbox_mac_v2_unittest.mm
index a272a85..cad3c4b 100644
--- a/content/renderer/sandbox_mac_v2_unittest.mm
+++ b/content/renderer/sandbox_mac_v2_unittest.mm
@@ -24,9 +24,9 @@
#include "content/test/test_content_client.h"
#include "sandbox/mac/sandbox_compiler.h"
#include "sandbox/mac/seatbelt_exec.h"
-#include "services/service_manager/sandbox/mac/common.sb.h"
-#include "services/service_manager/sandbox/mac/renderer.sb.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
+#include "sandbox/policy/mac/common.sb.h"
+#include "sandbox/policy/mac/renderer.sb.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "testing/multiprocess_func_list.h"
@@ -39,39 +39,39 @@
const base::FilePath& executable_path) {
bool enable_logging = true;
CHECK(compiler->InsertBooleanParam(
- service_manager::SandboxMac::kSandboxEnableLogging, enable_logging));
+ sandbox::policy::SandboxMac::kSandboxEnableLogging, enable_logging));
CHECK(compiler->InsertBooleanParam(
- service_manager::SandboxMac::kSandboxDisableDenialLogging,
+ sandbox::policy::SandboxMac::kSandboxDisableDenialLogging,
!enable_logging));
std::string homedir =
- service_manager::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxHomedirAsLiteral, homedir));
+ sandbox::policy::SandboxMac::kSandboxHomedirAsLiteral, homedir));
int32_t major_version, minor_version, bugfix_version;
base::SysInfo::OperatingSystemVersionNumbers(&major_version, &minor_version,
&bugfix_version);
int32_t os_version = (major_version * 100) + minor_version;
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxOSVersion,
+ sandbox::policy::SandboxMac::kSandboxOSVersion,
std::to_string(os_version)));
std::string bundle_path =
- service_manager::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
+ sandbox::policy::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
.value();
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxBundlePath, bundle_path));
+ sandbox::policy::SandboxMac::kSandboxBundlePath, bundle_path));
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxChromeBundleId,
+ sandbox::policy::SandboxMac::kSandboxChromeBundleId,
"com.google.Chrome.test.sandbox"));
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxBrowserPID,
+ sandbox::policy::SandboxMac::kSandboxBrowserPID,
std::to_string(getpid())));
CHECK(compiler->InsertStringParam(
- service_manager::SandboxMac::kSandboxLoggingPathAsLiteral,
+ sandbox::policy::SandboxMac::kSandboxLoggingPathAsLiteral,
logging_path.value()));
// Parameters normally set by the main executable.
@@ -95,8 +95,8 @@
MULTIPROCESS_TEST_MAIN(SandboxProfileProcess) {
TestContentClient content_client;
const std::string profile =
- std::string(service_manager::kSeatbeltPolicyString_common) +
- service_manager::kSeatbeltPolicyString_renderer;
+ std::string(sandbox::policy::kSeatbeltPolicyString_common) +
+ sandbox::policy::kSeatbeltPolicyString_renderer;
sandbox::SandboxCompiler compiler(profile);
// Create the logging file and pass /bin/ls as the executable path.
@@ -104,7 +104,7 @@
CHECK(temp_dir.CreateUniqueTempDir());
CHECK(temp_dir.IsValid());
base::FilePath temp_path = temp_dir.GetPath();
- temp_path = service_manager::SandboxMac::GetCanonicalPath(temp_path);
+ temp_path = sandbox::policy::SandboxMac::GetCanonicalPath(temp_path);
const base::FilePath log_file = temp_path.Append("log-file");
const base::FilePath exec_file("/bin/ls");
diff --git a/content/shell/browser/DEPS b/content/shell/browser/DEPS
index 6398d51..cddf13e 100644
--- a/content/shell/browser/DEPS
+++ b/content/shell/browser/DEPS
@@ -4,7 +4,6 @@
"+services/device/public/cpp",
"+services/network/public",
"+services/service_manager/public/cpp",
- "+services/service_manager/sandbox",
"+ui/ozone/public",
]
diff --git a/content/shell/browser/web_test/web_test_content_browser_client.cc b/content/shell/browser/web_test/web_test_content_browser_client.cc
index 9687f90b..4d4a7ab2 100644
--- a/content/shell/browser/web_test/web_test_content_browser_client.cc
+++ b/content/shell/browser/web_test/web_test_content_browser_client.cc
@@ -63,8 +63,8 @@
#if defined(OS_WIN)
#include "base/strings/utf_string_conversions.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#endif
namespace content {
diff --git a/content/shell/renderer/shell_content_renderer_client.cc b/content/shell/renderer/shell_content_renderer_client.cc
index 6c9778a..827171d 100644
--- a/content/shell/renderer/shell_content_renderer_client.cc
+++ b/content/shell/renderer/shell_content_renderer_client.cc
@@ -24,7 +24,7 @@
#include "mojo/public/cpp/system/message_pipe.h"
#include "net/base/net_errors.h"
#include "ppapi/buildflags/buildflags.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#include "third_party/blink/public/platform/web_url_error.h"
#include "third_party/blink/public/web/web_testing_support.h"
#include "third_party/blink/public/web/web_view.h"
@@ -106,7 +106,7 @@
}
void IsProcessSandboxed(IsProcessSandboxedCallback callback) override {
- std::move(callback).Run(service_manager::Sandbox::IsProcessSandboxed());
+ std::move(callback).Run(sandbox::policy::Sandbox::IsProcessSandboxed());
}
mojo::Receiver<mojom::TestService> receiver_;
diff --git a/content/shell/utility/shell_content_utility_client.cc b/content/shell/utility/shell_content_utility_client.cc
index bb540e6..4db7fea 100644
--- a/content/shell/utility/shell_content_utility_client.cc
+++ b/content/shell/utility/shell_content_utility_client.cc
@@ -31,7 +31,7 @@
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
#include "mojo/public/cpp/bindings/service_factory.h"
#include "mojo/public/cpp/system/buffer.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#include "services/test/echo/echo_service.h"
#if defined(OS_LINUX)
@@ -108,7 +108,7 @@
}
void IsProcessSandboxed(IsProcessSandboxedCallback callback) override {
- std::move(callback).Run(service_manager::Sandbox::IsProcessSandboxed());
+ std::move(callback).Run(sandbox::policy::Sandbox::IsProcessSandboxed());
}
private:
diff --git a/content/test/content_browser_test_test.cc b/content/test/content_browser_test_test.cc
index 73f0ed3..114c760 100644
--- a/content/test/content_browser_test_test.cc
+++ b/content/test/content_browser_test_test.cc
@@ -33,7 +33,7 @@
#include "content/public/test/test_utils.h"
#include "content/shell/browser/shell.h"
#include "content/shell/common/shell_switches.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "testing/gtest/include/gtest/gtest-spi.h"
#include "testing/gtest/include/gtest/gtest.h"
@@ -90,7 +90,7 @@
#if defined(THREAD_SANITIZER)
// TSan appears to not be able to report intentional crashes from sandboxed
// renderer processes.
- new_test.AppendSwitch(service_manager::switches::kNoSandbox);
+ new_test.AppendSwitch(sandbox::policy::switches::kNoSandbox);
#endif
std::string output;
diff --git a/content/utility/browser_exposed_utility_interfaces.cc b/content/utility/browser_exposed_utility_interfaces.cc
index 4f48f53..1a116f0 100644
--- a/content/utility/browser_exposed_utility_interfaces.cc
+++ b/content/utility/browser_exposed_utility_interfaces.cc
@@ -16,7 +16,7 @@
#include "mojo/public/cpp/bindings/binder_map.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if !defined(OS_ANDROID)
#include "content/public/common/resource_usage_reporter.mojom.h"
@@ -63,7 +63,7 @@
void ExposeUtilityInterfacesToBrowser(mojo::BinderMap* binders) {
#if !defined(OS_ANDROID)
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoneSandboxAndElevatedPrivileges)) {
+ sandbox::policy::switches::kNoneSandboxAndElevatedPrivileges)) {
binders->Add(base::BindRepeating(&CreateResourceUsageReporter),
base::ThreadTaskRunnerHandle::Get());
}
diff --git a/content/utility/services.cc b/content/utility/services.cc
index 4a49a840..050767d 100644
--- a/content/utility/services.cc
+++ b/content/utility/services.cc
@@ -30,8 +30,8 @@
#if defined(OS_MACOSX)
#include "base/mac/mach_logging.h"
#include "sandbox/mac/system_services.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
#endif
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
@@ -125,7 +125,7 @@
#if defined(OS_MACOSX)
// Don't connect to launch services when running sandboxed
// (https://crbug.com/874785).
- if (service_manager::IsAudioSandboxEnabled()) {
+ if (sandbox::policy::IsAudioSandboxEnabled()) {
sandbox::DisableLaunchServices();
}
diff --git a/content/utility/speech/BUILD.gn b/content/utility/speech/BUILD.gn
index 7a8ad15..35b7a9f 100644
--- a/content/utility/speech/BUILD.gn
+++ b/content/utility/speech/BUILD.gn
@@ -15,5 +15,5 @@
"//sandbox/linux:sandbox_services",
]
- public_deps = [ "//services/service_manager/sandbox" ]
+ public_deps = [ "//sandbox/policy" ]
}
diff --git a/content/utility/speech/DEPS b/content/utility/speech/DEPS
index 4e9e133..6f65f72 100644
--- a/content/utility/speech/DEPS
+++ b/content/utility/speech/DEPS
@@ -1,5 +1,3 @@
include_rules = [
"+components/soda",
- "+sandbox",
- "+services/service_manager/sandbox",
]
diff --git a/content/utility/speech/speech_recognition_sandbox_hook_linux.cc b/content/utility/speech/speech_recognition_sandbox_hook_linux.cc
index 6d8e9ed..2cc7f0b0a 100644
--- a/content/utility/speech/speech_recognition_sandbox_hook_linux.cc
+++ b/content/utility/speech/speech_recognition_sandbox_hook_linux.cc
@@ -37,12 +37,12 @@
} // namespace
bool SpeechRecognitionPreSandboxHook(
- service_manager::SandboxLinux::Options options) {
+ sandbox::policy::SandboxLinux::Options options) {
void* soda_library = dlopen(GetSodaBinaryPath().value().c_str(),
RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
DCHECK(soda_library);
- auto* instance = service_manager::SandboxLinux::GetInstance();
+ auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
sandbox::syscall_broker::COMMAND_OPEN,
@@ -50,7 +50,7 @@
sandbox::syscall_broker::COMMAND_STAT,
}),
GetSodaFilePermissions(GetSodaDirectory()),
- service_manager::SandboxLinux::PreSandboxHook(),
+ sandbox::policy::SandboxLinux::PreSandboxHook(),
options);
instance->EngageNamespaceSandboxIfPossible();
diff --git a/content/utility/speech/speech_recognition_sandbox_hook_linux.h b/content/utility/speech/speech_recognition_sandbox_hook_linux.h
index 7fdfd3b..e26c7744 100644
--- a/content/utility/speech/speech_recognition_sandbox_hook_linux.h
+++ b/content/utility/speech/speech_recognition_sandbox_hook_linux.h
@@ -5,14 +5,14 @@
#ifndef CONTENT_UTILITY_SPEECH_SPEECH_RECOGNITION_SANDBOX_HOOK_LINUX_H_
#define CONTENT_UTILITY_SPEECH_SPEECH_RECOGNITION_SANDBOX_HOOK_LINUX_H_
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace speech {
// Opens the libsoda.so binary and grants broker file permissions to the
// necessary files required by the binary.
bool SpeechRecognitionPreSandboxHook(
- service_manager::SandboxLinux::Options options);
+ sandbox::policy::SandboxLinux::Options options);
} // namespace speech
diff --git a/content/utility/utility_main.cc b/content/utility/utility_main.cc
index f5bdb79c..e5099a5 100644
--- a/content/utility/utility_main.cc
+++ b/content/utility/utility_main.cc
@@ -21,14 +21,14 @@
#include "content/public/common/sandbox_init.h"
#include "content/public/utility/content_utility_client.h"
#include "content/utility/utility_thread_impl.h"
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#include "services/tracing/public/cpp/trace_startup.h"
#if defined(OS_LINUX)
#include "content/utility/speech/speech_recognition_sandbox_hook_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#include "services/audio/audio_sandbox_hook_linux.h"
#include "services/network/network_sandbox_hook_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
#endif
#if defined(OS_CHROMEOS)
@@ -87,33 +87,33 @@
// TODO(jorgelo): move this after GTK initialization when we enable a strict
// Seccomp-BPF policy.
auto sandbox_type =
- service_manager::SandboxTypeFromCommandLine(parameters.command_line);
+ sandbox::policy::SandboxTypeFromCommandLine(parameters.command_line);
if (parameters.zygote_child ||
- sandbox_type == service_manager::SandboxType::kNetwork ||
+ sandbox_type == sandbox::policy::SandboxType::kNetwork ||
#if defined(OS_CHROMEOS)
- sandbox_type == service_manager::SandboxType::kIme ||
- sandbox_type == service_manager::SandboxType::kTts ||
+ sandbox_type == sandbox::policy::SandboxType::kIme ||
+ sandbox_type == sandbox::policy::SandboxType::kTts ||
#endif // OS_CHROMEOS
- sandbox_type == service_manager::SandboxType::kAudio ||
- sandbox_type == service_manager::SandboxType::kSpeechRecognition) {
- service_manager::SandboxLinux::PreSandboxHook pre_sandbox_hook;
- if (sandbox_type == service_manager::SandboxType::kNetwork)
+ sandbox_type == sandbox::policy::SandboxType::kAudio ||
+ sandbox_type == sandbox::policy::SandboxType::kSpeechRecognition) {
+ sandbox::policy::SandboxLinux::PreSandboxHook pre_sandbox_hook;
+ if (sandbox_type == sandbox::policy::SandboxType::kNetwork)
pre_sandbox_hook = base::BindOnce(&network::NetworkPreSandboxHook);
- else if (sandbox_type == service_manager::SandboxType::kAudio)
+ else if (sandbox_type == sandbox::policy::SandboxType::kAudio)
pre_sandbox_hook = base::BindOnce(&audio::AudioPreSandboxHook);
- else if (sandbox_type == service_manager::SandboxType::kSpeechRecognition)
+ else if (sandbox_type == sandbox::policy::SandboxType::kSpeechRecognition)
pre_sandbox_hook =
base::BindOnce(&speech::SpeechRecognitionPreSandboxHook);
#if defined(OS_CHROMEOS)
- else if (sandbox_type == service_manager::SandboxType::kIme)
+ else if (sandbox_type == sandbox::policy::SandboxType::kIme)
pre_sandbox_hook = base::BindOnce(&chromeos::ime::ImePreSandboxHook);
- else if (sandbox_type == service_manager::SandboxType::kTts)
+ else if (sandbox_type == sandbox::policy::SandboxType::kTts)
pre_sandbox_hook = base::BindOnce(&chromeos::tts::TtsPreSandboxHook);
#endif // OS_CHROMEOS
- service_manager::Sandbox::Initialize(
+ sandbox::policy::Sandbox::Initialize(
sandbox_type, std::move(pre_sandbox_hook),
- service_manager::SandboxLinux::Options());
+ sandbox::policy::SandboxLinux::Options());
}
#elif defined(OS_WIN)
g_utility_target_services = parameters.sandbox_info->target_services;
@@ -154,9 +154,9 @@
#if defined(OS_WIN)
auto sandbox_type =
- service_manager::SandboxTypeFromCommandLine(parameters.command_line);
- if (!service_manager::IsUnsandboxedSandboxType(sandbox_type) &&
- sandbox_type != service_manager::SandboxType::kCdm) {
+ sandbox::policy::SandboxTypeFromCommandLine(parameters.command_line);
+ if (!sandbox::policy::IsUnsandboxedSandboxType(sandbox_type) &&
+ sandbox_type != sandbox::policy::SandboxType::kCdm) {
if (!g_utility_target_services)
return false;
char buffer;
diff --git a/content/zygote/BUILD.gn b/content/zygote/BUILD.gn
index 1673fc1..c6f5d60c 100644
--- a/content/zygote/BUILD.gn
+++ b/content/zygote/BUILD.gn
@@ -20,8 +20,8 @@
"//content/public/common:common_sources",
"//ipc",
"//sandbox",
+ "//sandbox/policy",
"//services/service_manager/embedder",
- "//services/service_manager/sandbox",
"//third_party/icu",
]
diff --git a/content/zygote/DEPS b/content/zygote/DEPS
index cbd3237..9086e39 100644
--- a/content/zygote/DEPS
+++ b/content/zygote/DEPS
@@ -1,4 +1,3 @@
include_rules = [
"+content/public/common/zygote",
- "+services/service_manager/sandbox",
]
diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc
index 48ab8fc..a7bbb41 100644
--- a/content/zygote/zygote_linux.cc
+++ b/content/zygote/zygote_linux.cc
@@ -38,12 +38,12 @@
#include "ipc/ipc_channel.h"
#include "sandbox/linux/services/credentials.h"
#include "sandbox/linux/services/namespace_sandbox.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/sandbox.h"
#include "services/service_manager/embedder/descriptors.h"
#include "services/service_manager/embedder/result_codes.h"
#include "services/service_manager/embedder/set_process_title.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/sandbox.h"
#include "third_party/icu/source/i18n/unicode/timezone.h"
// See
@@ -214,11 +214,11 @@
}
bool Zygote::UsingSUIDSandbox() const {
- return sandbox_flags_ & service_manager::SandboxLinux::kSUID;
+ return sandbox_flags_ & sandbox::policy::SandboxLinux::kSUID;
}
bool Zygote::UsingNSSandbox() const {
- return sandbox_flags_ & service_manager::SandboxLinux::kUserNS;
+ return sandbox_flags_ & sandbox::policy::SandboxLinux::kUserNS;
}
bool Zygote::HandleRequestFromBrowser(int fd) {
@@ -422,8 +422,8 @@
CHECK_NE(pid, 0);
} else {
PCHECK(base::CreatePipe(&read_pipe, &write_pipe));
- if (sandbox_flags_ & service_manager::SandboxLinux::kPIDNS &&
- sandbox_flags_ & service_manager::SandboxLinux::kUserNS) {
+ if (sandbox_flags_ & sandbox::policy::SandboxLinux::kPIDNS &&
+ sandbox_flags_ & sandbox::policy::SandboxLinux::kUserNS) {
pid = sandbox::NamespaceSandbox::ForkInNewPidNamespace(
/*drop_capabilities_in_child=*/true);
} else {
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
index b7dc390..14ac0b9a 100644
--- a/content/zygote/zygote_main_linux.cc
+++ b/content/zygote/zygote_main_linux.cc
@@ -38,12 +38,12 @@
#include "sandbox/linux/services/namespace_sandbox.h"
#include "sandbox/linux/services/thread_helpers.h"
#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
+#include "sandbox/policy/linux/sandbox_debug_handling_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/embedder/descriptors.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/icu/source/i18n/unicode/timezone.h"
namespace content {
@@ -130,7 +130,7 @@
CHECK(CreateInitProcessReaper(std::move(post_fork_parent_callback)));
}
- CHECK(service_manager::SandboxDebugHandling::SetDumpableStatusAndHandlers());
+ CHECK(sandbox::policy::SandboxDebugHandling::SetDumpableStatusAndHandlers());
return true;
}
@@ -138,7 +138,7 @@
CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd));
}
-static void EnterNamespaceSandbox(service_manager::SandboxLinux* linux_sandbox,
+static void EnterNamespaceSandbox(sandbox::policy::SandboxLinux* linux_sandbox,
base::OnceClosure post_fork_parent_callback) {
linux_sandbox->EngageNamespaceSandbox(true /* from_zygote */);
if (getpid() == 1) {
@@ -148,7 +148,7 @@
}
}
-static void EnterLayerOneSandbox(service_manager::SandboxLinux* linux_sandbox,
+static void EnterLayerOneSandbox(sandbox::policy::SandboxLinux* linux_sandbox,
const bool using_layer1_sandbox,
base::OnceClosure post_fork_parent_callback) {
DCHECK(linux_sandbox);
@@ -179,14 +179,14 @@
std::vector<std::unique_ptr<ZygoteForkDelegate>> fork_delegates) {
sandbox::SetAmZygoteOrRenderer(true, GetSandboxFD());
- auto* linux_sandbox = service_manager::SandboxLinux::GetInstance();
+ auto* linux_sandbox = sandbox::policy::SandboxLinux::GetInstance();
// Skip pre-initializing sandbox when sandbox is disabled for
// https://crbug.com/444900.
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoSandbox) &&
+ sandbox::policy::switches::kNoSandbox) &&
!base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoZygoteSandbox)) {
+ sandbox::policy::switches::kNoZygoteSandbox)) {
// This will pre-initialize the various sandboxes that need it.
linux_sandbox->PreinitializeSandbox();
}
@@ -228,11 +228,11 @@
const int sandbox_flags = linux_sandbox->GetStatus();
const bool setuid_sandbox_engaged =
- !!(sandbox_flags & service_manager::SandboxLinux::kSUID);
+ !!(sandbox_flags & sandbox::policy::SandboxLinux::kSUID);
CHECK_EQ(using_setuid_sandbox, setuid_sandbox_engaged);
const bool namespace_sandbox_engaged =
- !!(sandbox_flags & service_manager::SandboxLinux::kUserNS);
+ !!(sandbox_flags & sandbox::policy::SandboxLinux::kUserNS);
CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged);
Zygote zygote(sandbox_flags, std::move(fork_delegates),
diff --git a/fuchsia/engine/BUILD.gn b/fuchsia/engine/BUILD.gn
index fe80aee..6001d91 100644
--- a/fuchsia/engine/BUILD.gn
+++ b/fuchsia/engine/BUILD.gn
@@ -110,10 +110,10 @@
"//media/mojo/common",
"//media/mojo/services",
"//mojo/public/cpp/bindings",
+ "//sandbox/policy",
"//services/media_session/public/mojom",
"//services/network/public/cpp",
"//services/network/public/mojom",
- "//services/service_manager/sandbox",
"//skia/public/mojom",
"//third_party/blink/public/common",
"//third_party/fuchsia-sdk/sdk/fidl/fuchsia.accessibility.semantics",
diff --git a/fuchsia/engine/DEPS b/fuchsia/engine/DEPS
index 048342eb..2f2e3b19 100644
--- a/fuchsia/engine/DEPS
+++ b/fuchsia/engine/DEPS
@@ -9,6 +9,7 @@
"+media/base",
"+media/fuchsia",
"+mojo/public",
+ "+sandbox/policy",
"+services/service_manager",
"+third_party/blink/public/common/switches.h",
"+third_party/widevine/cdm/widevine_cdm_common.h",
diff --git a/fuchsia/engine/context_provider_impl.cc b/fuchsia/engine/context_provider_impl.cc
index af79777..241ca546 100644
--- a/fuchsia/engine/context_provider_impl.cc
+++ b/fuchsia/engine/context_provider_impl.cc
@@ -52,8 +52,8 @@
#include "media/base/key_system_names.h"
#include "media/base/media_switches.h"
#include "net/http/http_util.h"
+#include "sandbox/policy/fuchsia/sandbox_policy_fuchsia.h"
#include "services/network/public/cpp/features.h"
-#include "services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h"
#include "third_party/blink/public/common/switches.h"
#include "third_party/widevine/cdm/widevine_cdm_common.h"
#include "ui/gfx/switches.h"
@@ -258,8 +258,8 @@
base::LaunchOptions launch_options;
launch_options.process_name_suffix = ":context";
- service_manager::SandboxPolicyFuchsia sandbox_policy(
- service_manager::SandboxType::kWebContext);
+ sandbox::policy::SandboxPolicyFuchsia sandbox_policy(
+ sandbox::policy::SandboxType::kWebContext);
sandbox_policy.SetServiceDirectory(std::move(service_directory));
sandbox_policy.UpdateLaunchOptionsForSandbox(&launch_options);
diff --git a/headless/DEPS b/headless/DEPS
index 51e7ce5..376faea 100644
--- a/headless/DEPS
+++ b/headless/DEPS
@@ -23,9 +23,9 @@
"+ui/gfx/geometry",
"+ui/gl",
"+ui/ozone/public",
+ "+sandbox/policy",
"+sandbox/win/src",
"+services/network/public",
"+services/service_manager/embedder",
"+services/service_manager/public",
- "+services/service_manager/sandbox",
]
diff --git a/headless/lib/browser/headless_content_browser_client.cc b/headless/lib/browser/headless_content_browser_client.cc
index 2631cc0..a41dd53 100644
--- a/headless/lib/browser/headless_content_browser_client.cc
+++ b/headless/lib/browser/headless_content_browser_client.cc
@@ -34,7 +34,7 @@
#include "net/base/url_util.h"
#include "net/ssl/client_cert_identity.h"
#include "printing/buildflags/buildflags.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "ui/base/ui_base_switches.h"
#include "ui/gfx/switches.h"
@@ -244,7 +244,7 @@
#if defined(OS_LINUX)
// Processes may only query perf_event_open with the BPF sandbox disabled.
if (old_command_line.HasSwitch(::switches::kEnableThreadInstructionCount) &&
- old_command_line.HasSwitch(service_manager::switches::kNoSandbox)) {
+ old_command_line.HasSwitch(sandbox::policy::switches::kNoSandbox)) {
command_line->AppendSwitch(::switches::kEnableThreadInstructionCount);
}
#endif
diff --git a/headless/lib/headless_content_main_delegate.cc b/headless/lib/headless_content_main_delegate.cc
index 6805126f..6fae5ad 100644
--- a/headless/lib/headless_content_main_delegate.cc
+++ b/headless/lib/headless_content_main_delegate.cc
@@ -34,8 +34,8 @@
#include "headless/lib/headless_macros.h"
#include "headless/lib/renderer/headless_content_renderer_client.h"
#include "headless/lib/utility/headless_content_utility_client.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/switches.h"
#include "third_party/blink/public/common/switches.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/resource/resource_bundle.h"
@@ -198,7 +198,7 @@
command_line->AppendSwitch(::switches::kSingleProcess);
if (options()->disable_sandbox)
- command_line->AppendSwitch(service_manager::switches::kNoSandbox);
+ command_line->AppendSwitch(sandbox::policy::switches::kNoSandbox);
if (!options()->enable_resource_scheduler)
command_line->AppendSwitch(::switches::kDisableResourceScheduler);
diff --git a/sandbox/DEPS b/sandbox/DEPS
new file mode 100644
index 0000000..7c638e7d
--- /dev/null
+++ b/sandbox/DEPS
@@ -0,0 +1,4 @@
+include_rules = [
+ # Core sandbox library should not depend on policy files.
+ "-sandbox/policy",
+]
diff --git a/sandbox/README.md b/sandbox/README.md
new file mode 100644
index 0000000..7f288ce
--- /dev/null
+++ b/sandbox/README.md
@@ -0,0 +1,23 @@
+# Sandbox Library
+
+This directory contains platform-specific sandboxing libraries. Sandboxing is a
+technique that can improve the security of an application by separating
+untrustworthy code (or code that handles untrustworthy data) and restricting its
+privileges and capabilities.
+
+Each platform relies on the operating system's process primitive to isolate code
+into distinct security principals, and platform-specific technologies are used
+to implement the privilege reduction. At a high-level:
+
+- `mac/` uses the Seatbelt sandbox. See the [detailed
+ design](mac/seatbelt_sandbox_design.md) for more.
+- `linux/` uses namespaces and Seccomp-BPF. See the [detailed
+ design](../docs/linux/sandboxing.md) for more.
+- `win/` uses a combination of restricted tokens, distinct job objects,
+ alternate desktops, and integrity levels. See the [detailed
+ design](../docs/design/sandbox.md) for more.
+
+Built on top of the low-level sandboxing library is the
+[`//sandbox/policy`](policy/README.md) component, which provides concrete
+policies and helper utilities for sandboxing specific Chromium processes and
+services. The core sandbox library cannot depend on the policy component.
diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
index 7d4d600..5459571 100644
--- a/sandbox/linux/BUILD.gn
+++ b/sandbox/linux/BUILD.gn
@@ -193,7 +193,10 @@
}
test("sandbox_linux_unittests") {
- deps = [ ":sandbox_linux_unittests_sources" ]
+ deps = [
+ ":sandbox_linux_unittests_sources",
+ "//sandbox/policy:tests",
+ ]
data_deps = [ "//testing/buildbot/filters:sandbox_linux_unittests_filters" ]
if (is_android) {
use_raw_android_executable = true
diff --git a/sandbox/mac/BUILD.gn b/sandbox/mac/BUILD.gn
index e7407b67..383014c 100644
--- a/sandbox/mac/BUILD.gn
+++ b/sandbox/mac/BUILD.gn
@@ -75,6 +75,7 @@
"mojom:test_interfaces",
"//base",
"//mojo/core/test:run_all_unittests",
+ "//sandbox/policy:tests",
"//testing/gtest",
]
}
diff --git a/services/service_manager/sandbox/BUILD.gn b/sandbox/policy/BUILD.gn
similarity index 87%
rename from services/service_manager/sandbox/BUILD.gn
rename to sandbox/policy/BUILD.gn
index 9b55c35..bd47563c 100644
--- a/services/service_manager/sandbox/BUILD.gn
+++ b/sandbox/policy/BUILD.gn
@@ -5,8 +5,9 @@
import("//build/buildflag_header.gni")
import("//build/config/chromecast_build.gni")
import("//build/config/sanitizers/sanitizers.gni")
+import("//testing/test.gni")
-component("sandbox") {
+component("policy") {
sources = [
"export.h",
"features.cc",
@@ -19,7 +20,7 @@
"switches.cc",
"switches.h",
]
- defines = [ "SERVICE_MANAGER_SANDBOX_IMPL" ]
+ defines = [ "SANDBOX_POLICY_IMPL" ]
public_deps = [ "//services/service_manager/embedder:embedder_switches" ]
deps = [
":sanitizer_buildflags",
@@ -142,3 +143,27 @@
header = "chromecast_sandbox_whitelist_buildflags.h"
flags = [ "ENABLE_CHROMECAST_GPU_SANDBOX_WHITELIST=$is_chromecast" ]
}
+
+# TODO(crbug.com/1097376): Figure out a better organization for //sandbox
+# tests.
+source_set("tests") {
+ testonly = true
+
+ sources = [ "sandbox_type_unittest.cc" ]
+
+ deps = [
+ ":policy",
+ "//base",
+ "//testing/gtest",
+ ]
+
+ if (is_win) {
+ sources += [ "win/sandbox_win_unittest.cc" ]
+ deps += [ "//sandbox/win:sandbox" ]
+ data = [
+ "//base/test/data/pe_image/pe_image_test_32.dll",
+ "//base/test/data/pe_image/pe_image_test_64.dll",
+ "//base/test/data/pe_image/pe_image_test_arm64.dll",
+ ]
+ }
+}
diff --git a/sandbox/policy/DEPS b/sandbox/policy/DEPS
new file mode 100644
index 0000000..0f5bfa1
--- /dev/null
+++ b/sandbox/policy/DEPS
@@ -0,0 +1,5 @@
+include_rules = [
+ "+sandbox/constants.h",
+ "+sandbox",
+ "+services/service_manager/embedder/switches.h",
+]
diff --git a/services/service_manager/sandbox/OWNERS b/sandbox/policy/OWNERS
similarity index 100%
rename from services/service_manager/sandbox/OWNERS
rename to sandbox/policy/OWNERS
diff --git a/sandbox/policy/README.md b/sandbox/policy/README.md
new file mode 100644
index 0000000..044d3a0
--- /dev/null
+++ b/sandbox/policy/README.md
@@ -0,0 +1,12 @@
+# Sandbox Policies
+
+This directory integrates the lower-level core sandboxing library with the
+[`//content`](../../content/README.md),
+[`//services`](../../services/README.md), and
+[`//chrome`](../../chrome/README.md) layers. It provides concrete security
+policies for specific process types and Mojo services, whereas the library
+provided by `//sandbox` is a generic sandboxing primitive.
+
+Code in this directory (or other directories) may freely depend on code in
+the core `//sandbox` library, but the `//sandbox/{mac,linux,win}` directories
+may not depend on this policy component.
diff --git a/sandbox/policy/export.h b/sandbox/policy/export.h
new file mode 100644
index 0000000..137cb4f
--- /dev/null
+++ b/sandbox/policy/export.h
@@ -0,0 +1,29 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_EXPORT_H_
+#define SANDBOX_POLICY_EXPORT_H_
+
+#if defined(COMPONENT_BUILD)
+#if defined(WIN32)
+
+#if defined(SANDBOX_POLICY_IMPL)
+#define SANDBOX_POLICY_EXPORT __declspec(dllexport)
+#else
+#define SANDBOX_POLICY_EXPORT __declspec(dllimport)
+#endif // defined(SANDBOX_POLICY_IMPL)
+
+#else // defined(WIN32)
+#if defined(SANDBOX_POLICY_IMPL)
+#define SANDBOX_POLICY_EXPORT __attribute__((visibility("default")))
+#else
+#define SANDBOX_POLICY_EXPORT
+#endif // defined(SANDBOX_POLICY_IMPL)
+#endif
+
+#else // defined(COMPONENT_BUILD)
+#define SANDBOX_POLICY_EXPORT
+#endif
+
+#endif // SANDBOX_POLICY_EXPORT_H_
diff --git a/services/service_manager/sandbox/features.cc b/sandbox/policy/features.cc
similarity index 85%
rename from services/service_manager/sandbox/features.cc
rename to sandbox/policy/features.cc
index c29946b6..f34ae63 100644
--- a/services/service_manager/sandbox/features.cc
+++ b/sandbox/policy/features.cc
@@ -2,11 +2,12 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/features.h"
+#include "sandbox/policy/features.h"
#include "build/build_config.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace features {
// Enables audio service sandbox.
@@ -23,10 +24,8 @@
#if !defined(OS_MACOSX)
// Enables network service sandbox.
// (Only causes an effect when feature kNetworkService is enabled.)
-const base::Feature kNetworkServiceSandbox {
- "NetworkServiceSandbox",
- base::FEATURE_DISABLED_BY_DEFAULT
-};
+const base::Feature kNetworkServiceSandbox{"NetworkServiceSandbox",
+ base::FEATURE_DISABLED_BY_DEFAULT};
#endif // !defined(OS_MACOSX)
#if defined(OS_WIN)
@@ -49,4 +48,5 @@
#endif // !defined(OS_ANDROID)
} // namespace features
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/features.h b/sandbox/policy/features.h
new file mode 100644
index 0000000..d0f2b4a0
--- /dev/null
+++ b/sandbox/policy/features.h
@@ -0,0 +1,39 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file defines all the public base::FeatureList features for the content
+// module.
+
+#ifndef SANDBOX_POLICY_FEATURES_H_
+#define SANDBOX_POLICY_FEATURES_H_
+
+#include "base/feature_list.h"
+#include "build/build_config.h"
+#include "sandbox/policy/export.h"
+
+namespace sandbox {
+namespace policy {
+namespace features {
+
+SANDBOX_POLICY_EXPORT extern const base::Feature kAudioServiceSandbox;
+
+#if !defined(OS_MACOSX)
+SANDBOX_POLICY_EXPORT extern const base::Feature kNetworkServiceSandbox;
+#endif
+
+#if defined(OS_WIN)
+SANDBOX_POLICY_EXPORT extern const base::Feature kWinSboxDisableExtensionPoints;
+SANDBOX_POLICY_EXPORT extern const base::Feature kGpuAppContainer;
+SANDBOX_POLICY_EXPORT extern const base::Feature kGpuLPAC;
+#endif // defined(OS_WIN)
+
+#if !defined(OS_ANDROID)
+SANDBOX_POLICY_EXPORT extern const base::Feature kXRSandbox;
+#endif // !defined(OS_ANDROID)
+
+} // namespace features
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_FEATURES_H_
diff --git a/services/service_manager/sandbox/fuchsia/OWNERS b/sandbox/policy/fuchsia/OWNERS
similarity index 100%
rename from services/service_manager/sandbox/fuchsia/OWNERS
rename to sandbox/policy/fuchsia/OWNERS
diff --git a/services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.cc b/sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc
similarity index 94%
rename from services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.cc
rename to sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc
index 0d178b90..d7c3c4f 100644
--- a/services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.cc
+++ b/sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h"
+#include "sandbox/policy/fuchsia/sandbox_policy_fuchsia.h"
#include <lib/fdio/spawn.h>
#include <stdio.h>
@@ -36,9 +36,10 @@
#include "base/process/launch.h"
#include "base/process/process.h"
#include "base/threading/thread_task_runner_handle.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
enum SandboxFeature {
@@ -151,10 +152,9 @@
} // namespace
-SandboxPolicyFuchsia::SandboxPolicyFuchsia(service_manager::SandboxType type) {
- if (base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kNoSandbox)) {
- type_ = service_manager::SandboxType::kNoSandbox;
+SandboxPolicyFuchsia::SandboxPolicyFuchsia(SandboxType type) {
+ if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoSandbox)) {
+ type_ = SandboxType::kNoSandbox;
} else {
type_ = type;
}
@@ -199,12 +199,11 @@
void SandboxPolicyFuchsia::UpdateLaunchOptionsForSandbox(
base::LaunchOptions* options) {
-
// Always clone stderr to get logs output.
options->fds_to_remap.push_back(std::make_pair(STDERR_FILENO, STDERR_FILENO));
options->fds_to_remap.push_back(std::make_pair(STDOUT_FILENO, STDOUT_FILENO));
- if (type_ == service_manager::SandboxType::kNoSandbox) {
+ if (type_ == SandboxType::kNoSandbox) {
options->spawn_flags = FDIO_SPAWN_CLONE_NAMESPACE | FDIO_SPAWN_CLONE_JOB;
options->clear_environment = false;
return;
@@ -281,4 +280,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h b/sandbox/policy/fuchsia/sandbox_policy_fuchsia.h
similarity index 74%
rename from services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h
rename to sandbox/policy/fuchsia/sandbox_policy_fuchsia.h
index 7811581..c544dc9 100644
--- a/services/service_manager/sandbox/fuchsia/sandbox_policy_fuchsia.h
+++ b/sandbox/policy/fuchsia/sandbox_policy_fuchsia.h
@@ -2,16 +2,16 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
+#ifndef SANDBOX_POLICY_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
+#define SANDBOX_POLICY_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
#include <fuchsia/io/cpp/fidl.h>
#include <lib/fidl/cpp/interface_handle.h>
#include <lib/zx/job.h>
#include "base/memory/ref_counted.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/sandbox_type.h"
namespace base {
struct LaunchOptions;
@@ -23,12 +23,13 @@
} // namespace base
-namespace service_manager {
+namespace sandbox {
+namespace policy {
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxPolicyFuchsia {
+class SANDBOX_POLICY_EXPORT SandboxPolicyFuchsia {
public:
// Must be called on the IO thread.
- explicit SandboxPolicyFuchsia(service_manager::SandboxType type);
+ explicit SandboxPolicyFuchsia(SandboxType type);
~SandboxPolicyFuchsia();
// Sets the service directory to pass to the child process when launching it.
@@ -44,7 +45,7 @@
void UpdateLaunchOptionsForSandbox(base::LaunchOptions* options);
private:
- service_manager::SandboxType type_;
+ SandboxType type_;
// Services directory used for the /svc namespace of the child process.
std::unique_ptr<base::fuchsia::FilteredServiceDirectory> service_directory_;
@@ -57,6 +58,7 @@
DISALLOW_COPY_AND_ASSIGN(SandboxPolicyFuchsia);
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
+#endif // SANDBOX_POLICY_FUCHSIA_SANDBOX_POLICY_FUCHSIA_H_
diff --git a/services/service_manager/sandbox/linux/OWNERS b/sandbox/policy/linux/OWNERS
similarity index 100%
rename from services/service_manager/sandbox/linux/OWNERS
rename to sandbox/policy/linux/OWNERS
diff --git a/services/service_manager/sandbox/linux/bpf_audio_policy_linux.cc b/sandbox/policy/linux/bpf_audio_policy_linux.cc
similarity index 86%
rename from services/service_manager/sandbox/linux/bpf_audio_policy_linux.cc
rename to sandbox/policy/linux/bpf_audio_policy_linux.cc
index dca79767..fba1b9e 100644
--- a/services/service_manager/sandbox/linux/bpf_audio_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_audio_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_audio_policy_linux.h"
+#include "sandbox/policy/linux/bpf_audio_policy_linux.h"
#include <sys/socket.h>
@@ -14,7 +14,7 @@
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_futex.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Arg;
@@ -24,7 +24,8 @@
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
AudioProcessPolicy::AudioProcessPolicy() = default;
@@ -89,7 +90,7 @@
Allow())
.Default(Error(EPERM));
#else
- return sandbox::RestrictFutex();
+ return RestrictFutex();
#endif
}
#endif
@@ -105,9 +106,9 @@
// an unnecessary crash in the audio process. See: http://crbug.com/904787
const Arg<pid_t> pid(0);
const Arg<int> sig(1);
- return If(pid == sandbox::sys_getpid(), Allow())
+ return If(pid == sys_getpid(), Allow())
.ElseIf(sig == 0, Error(EPERM))
- .Else(sandbox::CrashSIGSYSKill());
+ .Else(CrashSIGSYSKill());
}
#endif
#if defined(__NR_socket)
@@ -118,12 +119,12 @@
#endif
default:
#if defined(__x86_64__)
- if (sandbox::SyscallSets::IsSystemVSemaphores(system_call_number) ||
- sandbox::SyscallSets::IsSystemVSharedMemory(system_call_number)) {
+ if (SyscallSets::IsSystemVSemaphores(system_call_number) ||
+ SyscallSets::IsSystemVSharedMemory(system_call_number)) {
return Allow();
}
#elif defined(__i386__)
- if (sandbox::SyscallSets::IsSystemVIpc(system_call_number))
+ if (SyscallSets::IsSystemVIpc(system_call_number))
return Allow();
#endif
@@ -135,4 +136,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_audio_policy_linux.h b/sandbox/policy/linux/bpf_audio_policy_linux.h
new file mode 100644
index 0000000..56067e8
--- /dev/null
+++ b/sandbox/policy/linux/bpf_audio_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_AUDIO_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_AUDIO_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT AudioProcessPolicy : public BPFBasePolicy {
+ public:
+ AudioProcessPolicy();
+ ~AudioProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(AudioProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_AUDIO_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_base_policy_linux.cc b/sandbox/policy/linux/bpf_base_policy_linux.cc
similarity index 87%
rename from services/service_manager/sandbox/linux/bpf_base_policy_linux.cc
rename to sandbox/policy/linux/bpf_base_policy_linux.cc
index 687f648..90164ea 100644
--- a/services/service_manager/sandbox/linux/bpf_base_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_base_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
#include <errno.h>
@@ -14,7 +14,8 @@
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
@@ -24,7 +25,7 @@
} // namespace.
BPFBasePolicy::BPFBasePolicy()
- : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}
+ : baseline_policy_(new BaselinePolicy(kFSDeniedErrno)) {}
BPFBasePolicy::~BPFBasePolicy() {}
ResultExpr BPFBasePolicy::EvaluateSyscall(int system_call_number) const {
@@ -52,4 +53,5 @@
return kFSDeniedErrno;
}
-} // namespace service_manager.
+} // namespace policy
+} // namespace sandbox.
diff --git a/sandbox/policy/linux/bpf_base_policy_linux.h b/sandbox/policy/linux/bpf_base_policy_linux.h
new file mode 100644
index 0000000..57152a0a
--- /dev/null
+++ b/sandbox/policy/linux/bpf_base_policy_linux.h
@@ -0,0 +1,46 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_BASE_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_BASE_POLICY_LINUX_H_
+
+#include <memory>
+
+#include "base/macros.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
+#include "sandbox/linux/bpf_dsl/policy.h"
+#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
+#include "sandbox/policy/export.h"
+
+namespace sandbox {
+namespace policy {
+
+// The "baseline" BPF policy. Any other seccomp-bpf policy should inherit
+// from it.
+// It implements the main Policy interface. Due to its nature
+// as a "kernel attack surface reduction" layer, it's implementation-defined.
+class SANDBOX_POLICY_EXPORT BPFBasePolicy : public bpf_dsl::Policy {
+ public:
+ BPFBasePolicy();
+ ~BPFBasePolicy() override;
+
+ // bpf_dsl::Policy:
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+ bpf_dsl::ResultExpr InvalidSyscall() const override;
+
+ // Get the errno(3) to return for filesystem errors.
+ static int GetFSDeniedErrno();
+
+ pid_t GetPolicyPid() const { return baseline_policy_->policy_pid(); }
+
+ private:
+ // Compose the BaselinePolicy from sandbox/.
+ std::unique_ptr<BaselinePolicy> baseline_policy_;
+ DISALLOW_COPY_AND_ASSIGN(BPFBasePolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_BASE_POLICY_LINUX_H_
diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
new file mode 100644
index 0000000..2963bb9
--- /dev/null
+++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
@@ -0,0 +1,151 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/policy/linux/bpf_broker_policy_linux.h"
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/system_headers/linux_syscalls.h"
+
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::ResultExpr;
+
+namespace sandbox {
+namespace policy {
+
+BrokerProcessPolicy::BrokerProcessPolicy(
+ const syscall_broker::BrokerCommandSet& allowed_command_set)
+ : allowed_command_set_(allowed_command_set) {}
+
+BrokerProcessPolicy::~BrokerProcessPolicy() {}
+
+ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ switch (sysno) {
+#if defined(__NR_access)
+ case __NR_access:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_ACCESS))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_faccessat)
+ case __NR_faccessat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_ACCESS))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_mkdir)
+ case __NR_mkdir:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_MKDIR))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_mkdirat)
+ case __NR_mkdirat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_MKDIR))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_open)
+ case __NR_open:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_OPEN))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_openat)
+ case __NR_openat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_OPEN))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_rename)
+ case __NR_rename:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_RENAME))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_renameat)
+ case __NR_renameat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_RENAME))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_stat)
+ case __NR_stat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_stat64)
+ case __NR_stat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_lstat)
+ case __NR_lstat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_lstat64)
+ case __NR_lstat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_fstatat)
+ case __NR_fstatat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_readlink)
+ case __NR_readlink:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_READLINK))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_readlinkat)
+ case __NR_readlinkat:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_READLINK))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_rmdir)
+ case __NR_rmdir:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_RMDIR))
+ return Allow();
+ break;
+#endif
+#if defined(__NR_unlink)
+ case __NR_unlink:
+ // NOTE: Open() uses unlink() to make "temporary" files.
+ if (allowed_command_set_.test(syscall_broker::COMMAND_OPEN) ||
+ allowed_command_set_.test(syscall_broker::COMMAND_UNLINK)) {
+ return Allow();
+ }
+ break;
+#endif
+#if defined(__NR_unlinkat)
+ case __NR_unlinkat:
+ // NOTE: Open() uses unlink() to make "temporary" files.
+ if (allowed_command_set_.test(syscall_broker::COMMAND_OPEN) ||
+ allowed_command_set_.test(syscall_broker::COMMAND_UNLINK)) {
+ return Allow();
+ }
+ break;
+#endif
+ default:
+ break;
+ }
+ return BPFBasePolicy::EvaluateSyscall(sysno);
+}
+
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.h b/sandbox/policy/linux/bpf_broker_policy_linux.h
new file mode 100644
index 0000000..0fe3515a
--- /dev/null
+++ b/sandbox/policy/linux/bpf_broker_policy_linux.h
@@ -0,0 +1,35 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/syscall_broker/broker_command.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// A broker policy is one for a privileged syscall broker that allows
+// access, open, openat, and (in the non-Chrome OS case) unlink.
+class SANDBOX_POLICY_EXPORT BrokerProcessPolicy : public BPFBasePolicy {
+ public:
+ explicit BrokerProcessPolicy(
+ const syscall_broker::BrokerCommandSet& allowed_command_set);
+ ~BrokerProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ const syscall_broker::BrokerCommandSet allowed_command_set_;
+
+ DISALLOW_COPY_AND_ASSIGN(BrokerProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_BROKER_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc b/sandbox/policy/linux/bpf_cdm_policy_linux.cc
similarity index 80%
rename from services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
rename to sandbox/policy/linux/bpf_cdm_policy_linux.cc
index 9d39e5d..1181e729 100644
--- a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_cdm_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cdm_policy_linux.h"
#include <errno.h>
@@ -11,14 +11,14 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
CdmProcessPolicy::CdmProcessPolicy() {}
CdmProcessPolicy::~CdmProcessPolicy() {}
@@ -26,7 +26,7 @@
ResultExpr CdmProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
case __NR_ioctl:
- return sandbox::RestrictIoctl();
+ return RestrictIoctl();
// Allow the system calls below.
case __NR_fdatasync:
case __NR_fsync:
@@ -46,11 +46,12 @@
case __NR_uname:
return Allow();
case __NR_sched_getaffinity:
- return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
+ return RestrictSchedTarget(GetPolicyPid(), sysno);
default:
// Default on the content baseline policy.
return BPFBasePolicy::EvaluateSyscall(sysno);
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_cdm_policy_linux.h b/sandbox/policy/linux/bpf_cdm_policy_linux.h
new file mode 100644
index 0000000..ebf7de5
--- /dev/null
+++ b/sandbox/policy/linux/bpf_cdm_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_CDM_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_CDM_POLICY_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy can be used by the process hosting a Content Decryption Module.
+class CdmProcessPolicy : public BPFBasePolicy {
+ public:
+ CdmProcessPolicy();
+ ~CdmProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(CdmProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_CDM_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
similarity index 92%
rename from services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.cc
rename to sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
index 56233ee..0506ef37 100644
--- a/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h"
#include <errno.h>
#include <fcntl.h>
@@ -25,7 +25,8 @@
using sandbox::bpf_dsl::If;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
CrosAmdGpuProcessPolicy::CrosAmdGpuProcessPolicy() {}
@@ -67,4 +68,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h
new file mode 100644
index 0000000..305128c
--- /dev/null
+++ b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h
@@ -0,0 +1,30 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_gpu_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy is for AMD GPUs running on Chrome OS.
+class SANDBOX_POLICY_EXPORT CrosAmdGpuProcessPolicy : public GpuProcessPolicy {
+ public:
+ CrosAmdGpuProcessPolicy();
+ ~CrosAmdGpuProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(CrosAmdGpuProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.cc
similarity index 85%
rename from services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.cc
rename to sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.cc
index cecd679..819cd9d 100644
--- a/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h"
#include <fcntl.h>
#include <sys/socket.h>
@@ -15,8 +15,8 @@
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Arg;
@@ -24,7 +24,8 @@
using sandbox::bpf_dsl::If;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat)
#if defined(__arm__) || defined(__aarch64__)
@@ -64,4 +65,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h b/sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h
new file mode 100644
index 0000000..2b7ad40
--- /dev/null
+++ b/sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h
@@ -0,0 +1,33 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_gpu_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy is for Chrome OS ARM.
+class SANDBOX_POLICY_EXPORT CrosArmGpuProcessPolicy : public GpuProcessPolicy {
+ public:
+ explicit CrosArmGpuProcessPolicy(bool allow_shmat);
+ ~CrosArmGpuProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+#if defined(__arm__) || defined(__aarch64__)
+ const bool allow_shmat_; // Allow shmat(2).
+#endif
+ DISALLOW_COPY_AND_ASSIGN(CrosArmGpuProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_gpu_policy_linux.cc
similarity index 83%
rename from services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
rename to sandbox/policy/linux/bpf_gpu_policy_linux.cc
index 2fbb034..e962355 100644
--- a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_gpu_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_gpu_policy_linux.h"
#include <errno.h>
#include <fcntl.h>
@@ -18,18 +18,18 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
GpuProcessPolicy::GpuProcessPolicy() {}
@@ -71,9 +71,9 @@
return Allow();
case __NR_sched_getaffinity:
case __NR_sched_setaffinity:
- return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
+ return RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_prlimit64:
- return sandbox::RestrictPrlimit64(GetPolicyPid());
+ return RestrictPrlimit64(GetPolicyPid());
default:
if (SyscallSets::IsEventFd(sysno))
return Allow();
@@ -93,4 +93,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_gpu_policy_linux.h b/sandbox/policy/linux/bpf_gpu_policy_linux.h
new file mode 100644
index 0000000..a76a6362
--- /dev/null
+++ b/sandbox/policy/linux/bpf_gpu_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_GPU_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_GPU_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT GpuProcessPolicy : public BPFBasePolicy {
+ public:
+ GpuProcessPolicy();
+ ~GpuProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc b/sandbox/policy/linux/bpf_ime_policy_linux.cc
similarity index 83%
rename from services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc
rename to sandbox/policy/linux/bpf_ime_policy_linux.cc
index a3f79ee..4d6147a2 100644
--- a/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_ime_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_ime_policy_linux.h"
+#include "sandbox/policy/linux/bpf_ime_policy_linux.h"
#include <sys/socket.h>
@@ -10,14 +10,15 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
ImeProcessPolicy::ImeProcessPolicy() {}
@@ -35,7 +36,7 @@
// https://crbug.com/991435
#if defined(__NR_getrusage)
case __NR_getrusage:
- return sandbox::RestrictGetrusage();
+ return RestrictGetrusage();
#endif
default:
auto* broker_process = SandboxLinux::GetInstance()->broker_process();
@@ -46,4 +47,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_ime_policy_linux.h b/sandbox/policy/linux/bpf_ime_policy_linux.h
new file mode 100644
index 0000000..2ecb90b
--- /dev/null
+++ b/sandbox/policy/linux/bpf_ime_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_IME_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_IME_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT ImeProcessPolicy : public BPFBasePolicy {
+ public:
+ ImeProcessPolicy();
+ ~ImeProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(ImeProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_IME_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc b/sandbox/policy/linux/bpf_network_policy_linux.cc
similarity index 77%
rename from services/service_manager/sandbox/linux/bpf_network_policy_linux.cc
rename to sandbox/policy/linux/bpf_network_policy_linux.cc
index 201a6b3..2cdcc79 100644
--- a/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_network_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_network_policy_linux.h"
+#include "sandbox/policy/linux/bpf_network_policy_linux.h"
#include <fcntl.h>
#include <unistd.h>
@@ -16,16 +16,17 @@
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
NetworkProcessPolicy::NetworkProcessPolicy() {}
@@ -41,4 +42,5 @@
return Allow();
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_network_policy_linux.h b/sandbox/policy/linux/bpf_network_policy_linux.h
new file mode 100644
index 0000000..09d25c0
--- /dev/null
+++ b/sandbox/policy/linux/bpf_network_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_NETWORK_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_NETWORK_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT NetworkProcessPolicy : public BPFBasePolicy {
+ public:
+ NetworkProcessPolicy();
+ ~NetworkProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(NetworkProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_NETWORK_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.cc b/sandbox/policy/linux/bpf_ppapi_policy_linux.cc
similarity index 80%
rename from services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.cc
rename to sandbox/policy/linux/bpf_ppapi_policy_linux.cc
index 7e9c64d..1465de6 100644
--- a/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_ppapi_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h"
+#include "sandbox/policy/linux/bpf_ppapi_policy_linux.h"
#include <errno.h>
@@ -11,14 +11,14 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
PpapiProcessPolicy::PpapiProcessPolicy() {}
PpapiProcessPolicy::~PpapiProcessPolicy() {}
@@ -37,7 +37,7 @@
case __NR_sched_getparam:
case __NR_sched_getscheduler:
case __NR_sched_setscheduler:
- return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
+ return RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_ioctl:
return Error(ENOTTY); // Flash Access.
default:
@@ -46,4 +46,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_ppapi_policy_linux.h b/sandbox/policy/linux/bpf_ppapi_policy_linux.h
new file mode 100644
index 0000000..f905534
--- /dev/null
+++ b/sandbox/policy/linux/bpf_ppapi_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_PPAPI_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_PPAPI_POLICY_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// Policy for Pepper plugins such as Flash.
+class PpapiProcessPolicy : public BPFBasePolicy {
+ public:
+ PpapiProcessPolicy();
+ ~PpapiProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(PpapiProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_PPAPI_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.cc b/sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
similarity index 84%
rename from services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.cc
rename to sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
index df97888..4a234d79 100644
--- a/services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.h"
+#include "sandbox/policy/linux/bpf_print_compositor_policy_linux.h"
#include <errno.h>
@@ -11,14 +11,14 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
PrintCompositorProcessPolicy::PrintCompositorProcessPolicy() {}
PrintCompositorProcessPolicy::~PrintCompositorProcessPolicy() {}
@@ -28,7 +28,7 @@
// policy. Check whether we can trim further.
switch (sysno) {
case __NR_ioctl:
- return sandbox::RestrictIoctl();
+ return RestrictIoctl();
// Allow the system calls below.
case __NR_fdatasync:
case __NR_fsync:
@@ -51,4 +51,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_print_compositor_policy_linux.h b/sandbox/policy/linux/bpf_print_compositor_policy_linux.h
new file mode 100644
index 0000000..4d082c37
--- /dev/null
+++ b/sandbox/policy/linux/bpf_print_compositor_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy can be used by print compositor utility processes.
+class PrintCompositorProcessPolicy : public BPFBasePolicy {
+ public:
+ PrintCompositorProcessPolicy();
+ ~PrintCompositorProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(PrintCompositorProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc b/sandbox/policy/linux/bpf_renderer_policy_linux.cc
similarity index 86%
rename from services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
rename to sandbox/policy/linux/bpf_renderer_policy_linux.cc
index a85c0ea..9fe9575e 100644
--- a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h"
+#include "sandbox/policy/linux/bpf_renderer_policy_linux.h"
#include <errno.h>
#include <sys/ioctl.h>
@@ -13,7 +13,7 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
// TODO(vignatti): replace the local definitions below with #include
// <linux/dma-buf.h> once kernel version 4.6 becomes widely used.
@@ -26,13 +26,13 @@
#define LOCAL_DMA_BUF_IOCTL_SYNC \
_IOW(LOCAL_DMA_BUF_BASE, 0, struct local_dma_buf_sync)
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Arg;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
@@ -43,7 +43,7 @@
Allow())
.SANDBOX_BPF_DSL_CASES(
(static_cast<unsigned long>(LOCAL_DMA_BUF_IOCTL_SYNC)), Allow())
- .Default(sandbox::CrashSIGSYSIoctl());
+ .Default(CrashSIGSYSIoctl());
}
} // namespace
@@ -56,7 +56,7 @@
// The baseline policy allows __NR_clock_gettime. Allow
// clock_getres() for V8. crbug.com/329053.
case __NR_clock_getres:
- return sandbox::RestrictClockID();
+ return RestrictClockID();
case __NR_ioctl:
return RestrictIoctl();
// Allow the system calls below.
@@ -78,7 +78,7 @@
// set rlim_max and rlim_cur together.
//
// See SandboxLinux::LimitAddressSpace() in
-// services/service_manager/sandbox/linux/sandbox_linux.cc and
+// sandbox/policy/linux/sandbox_linux.cc and
// ArrayBufferContents::ReserveMemory,
// ArrayBufferContents::ReleaseReservedMemory in
// third_party/WebKit/Source/platform/wtf/typed_arrays/ArrayBufferContents.cpp.
@@ -98,14 +98,15 @@
case __NR_sched_getparam:
case __NR_sched_getscheduler:
case __NR_sched_setscheduler:
- return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
+ return RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_prlimit64:
// See crbug.com/662450 and setrlimit comment above.
- return sandbox::RestrictPrlimit(GetPolicyPid());
+ return RestrictPrlimit(GetPolicyPid());
default:
// Default on the content baseline policy.
return BPFBasePolicy::EvaluateSyscall(sysno);
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_renderer_policy_linux.h b/sandbox/policy/linux/bpf_renderer_policy_linux.h
new file mode 100644
index 0000000..01351e3
--- /dev/null
+++ b/sandbox/policy/linux/bpf_renderer_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_RENDERER_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_RENDERER_POLICY_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy can be used by both renderer and worker processes.
+class RendererProcessPolicy : public BPFBasePolicy {
+ public:
+ RendererProcessPolicy();
+ ~RendererProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(RendererProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_RENDERER_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.cc b/sandbox/policy/linux/bpf_sharing_service_policy_linux.cc
similarity index 80%
rename from services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.cc
rename to sandbox/policy/linux/bpf_sharing_service_policy_linux.cc
index 483c1c6..91c12ca 100644
--- a/services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_sharing_service_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.h"
+#include "sandbox/policy/linux/bpf_sharing_service_policy_linux.h"
#include <errno.h>
@@ -11,19 +11,19 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
ResultExpr SharingServiceProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
case __NR_ioctl:
- return sandbox::RestrictIoctl();
+ return RestrictIoctl();
// Allow the system calls below.
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
defined(__aarch64__)
@@ -42,4 +42,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.h b/sandbox/policy/linux/bpf_sharing_service_policy_linux.h
similarity index 63%
rename from services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.h
rename to sandbox/policy/linux/bpf_sharing_service_policy_linux.h
index 4b62254..bde3ffa 100644
--- a/services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.h
+++ b/sandbox/policy/linux/bpf_sharing_service_policy_linux.h
@@ -2,13 +2,14 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_SHARING_SERVICE_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_SHARING_SERVICE_POLICY_LINUX_H_
+#ifndef SANDBOX_POLICY_LINUX_BPF_SHARING_SERVICE_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_SHARING_SERVICE_POLICY_LINUX_H_
#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
// This policy can be used by the Sharing service to host WebRTC.
class SharingServiceProcessPolicy : public BPFBasePolicy {
@@ -16,14 +17,14 @@
SharingServiceProcessPolicy() = default;
~SharingServiceProcessPolicy() override = default;
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
SharingServiceProcessPolicy(const SharingServiceProcessPolicy&) = delete;
SharingServiceProcessPolicy& operator=(const SharingServiceProcessPolicy&) =
delete;
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_UTILITY_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.cc b/sandbox/policy/linux/bpf_speech_recognition_policy_linux.cc
similarity index 85%
rename from services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.cc
rename to sandbox/policy/linux/bpf_speech_recognition_policy_linux.cc
index d1eb78d..f4450312 100644
--- a/services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_speech_recognition_policy_linux.cc
@@ -2,19 +2,20 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.h"
+#include "sandbox/policy/linux/bpf_speech_recognition_policy_linux.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
SpeechRecognitionProcessPolicy::SpeechRecognitionProcessPolicy() = default;
SpeechRecognitionProcessPolicy::~SpeechRecognitionProcessPolicy() = default;
@@ -44,4 +45,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_speech_recognition_policy_linux.h b/sandbox/policy/linux/bpf_speech_recognition_policy_linux.h
new file mode 100644
index 0000000..f31e852
--- /dev/null
+++ b/sandbox/policy/linux/bpf_speech_recognition_policy_linux.h
@@ -0,0 +1,32 @@
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// The process policy for the sandboxed utility process that loads the Speech
+// On-Device API (SODA). This policy allows the syscalls used by the libsoda.so
+// binary to transcribe audio into text.
+class SANDBOX_POLICY_EXPORT SpeechRecognitionProcessPolicy
+ : public BPFBasePolicy {
+ public:
+ SpeechRecognitionProcessPolicy();
+ ~SpeechRecognitionProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(SpeechRecognitionProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc b/sandbox/policy/linux/bpf_tts_policy_linux.cc
similarity index 82%
rename from services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc
rename to sandbox/policy/linux/bpf_tts_policy_linux.cc
index 812072395..f39a05d 100644
--- a/services/service_manager/sandbox/linux/bpf_tts_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_tts_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_tts_policy_linux.h"
+#include "sandbox/policy/linux/bpf_tts_policy_linux.h"
#include <sys/socket.h>
@@ -10,14 +10,15 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
TtsProcessPolicy::TtsProcessPolicy() {}
@@ -31,4 +32,5 @@
return BPFBasePolicy::EvaluateSyscall(sysno);
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_tts_policy_linux.h b/sandbox/policy/linux/bpf_tts_policy_linux.h
new file mode 100644
index 0000000..9e4dd927
--- /dev/null
+++ b/sandbox/policy/linux/bpf_tts_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_TTS_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_TTS_POLICY_LINUX_H_
+
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT TtsProcessPolicy : public BPFBasePolicy {
+ public:
+ TtsProcessPolicy();
+ ~TtsProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(TtsProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_TTS_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc b/sandbox/policy/linux/bpf_utility_policy_linux.cc
similarity index 80%
rename from services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
rename to sandbox/policy/linux/bpf_utility_policy_linux.cc
index 192081e..dfe9e9c 100644
--- a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
+++ b/sandbox/policy/linux/bpf_utility_policy_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/bpf_utility_policy_linux.h"
+#include "sandbox/policy/linux/bpf_utility_policy_linux.h"
#include <errno.h>
@@ -11,14 +11,14 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
-namespace service_manager {
+namespace sandbox {
+namespace policy {
UtilityProcessPolicy::UtilityProcessPolicy() {}
UtilityProcessPolicy::~UtilityProcessPolicy() {}
@@ -26,10 +26,10 @@
ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
case __NR_ioctl:
- return sandbox::RestrictIoctl();
+ return RestrictIoctl();
case __NR_prlimit64:
// Restrict prlimit() to reference only the calling process.
- return sandbox::RestrictPrlimitToGetrlimit(GetPolicyPid());
+ return RestrictPrlimitToGetrlimit(GetPolicyPid());
// Allow the system calls below.
case __NR_fdatasync:
case __NR_fsync:
@@ -52,4 +52,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/bpf_utility_policy_linux.h b/sandbox/policy/linux/bpf_utility_policy_linux.h
new file mode 100644
index 0000000..fea3ea43
--- /dev/null
+++ b/sandbox/policy/linux/bpf_utility_policy_linux.h
@@ -0,0 +1,29 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_BPF_UTILITY_POLICY_LINUX_H_
+#define SANDBOX_POLICY_LINUX_BPF_UTILITY_POLICY_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+
+namespace sandbox {
+namespace policy {
+
+// This policy can be used by utility processes.
+class UtilityProcessPolicy : public BPFBasePolicy {
+ public:
+ UtilityProcessPolicy();
+ ~UtilityProcessPolicy() override;
+
+ bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(UtilityProcessPolicy);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_BPF_UTILITY_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.cc b/sandbox/policy/linux/sandbox_debug_handling_linux.cc
similarity index 88%
rename from services/service_manager/sandbox/linux/sandbox_debug_handling_linux.cc
rename to sandbox/policy/linux/sandbox_debug_handling_linux.cc
index f435ccb..705df32 100644
--- a/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.cc
+++ b/sandbox/policy/linux/sandbox_debug_handling_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h"
+#include "sandbox/policy/linux/sandbox_debug_handling_linux.h"
#include <errno.h>
#include <signal.h>
@@ -14,9 +14,10 @@
#include "base/logging.h"
#include "base/macros.h"
#include "base/strings/safe_sprintf.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
@@ -54,7 +55,7 @@
bool IsSandboxDebuggingEnabled() {
return base::CommandLine::ForCurrentProcess()->HasSwitch(
- service_manager::switches::kAllowSandboxDebugging);
+ switches::kAllowSandboxDebugging);
}
} // namespace
@@ -76,4 +77,5 @@
return prctl(PR_GET_DUMPABLE) == 0;
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/linux/sandbox_debug_handling_linux.h b/sandbox/policy/linux/sandbox_debug_handling_linux.h
new file mode 100644
index 0000000..60ad0b21
--- /dev/null
+++ b/sandbox/policy/linux/sandbox_debug_handling_linux.h
@@ -0,0 +1,28 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
+#define SANDBOX_POLICY_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
+
+#include "base/macros.h"
+#include "sandbox/policy/export.h"
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT SandboxDebugHandling {
+ public:
+ // Depending on the command line, set the current process as
+ // non dumpable. Also set any signal handlers for sandbox
+ // debugging.
+ static bool SetDumpableStatusAndHandlers();
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxDebugHandling);
+};
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/sandbox_linux.cc b/sandbox/policy/linux/sandbox_linux.cc
similarity index 88%
rename from services/service_manager/sandbox/linux/sandbox_linux.cc
rename to sandbox/policy/linux/sandbox_linux.cc
index 7e8488a..a2f1150a 100644
--- a/services/service_manager/sandbox/linux/sandbox_linux.cc
+++ b/sandbox/policy/linux/sandbox_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#include <dirent.h>
#include <fcntl.h>
@@ -42,27 +42,26 @@
#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
+#include "sandbox/policy/linux/bpf_broker_policy_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "sandbox/sandbox_buildflags.h"
-#include "services/service_manager/sandbox/linux/bpf_broker_policy_linux.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#if BUILDFLAG(USING_SANITIZER)
#include <sanitizer/common_interface_defs.h>
#endif
-using sandbox::Yama;
-
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
void LogSandboxStarted(const std::string& sandbox_name) {
const std::string process_type =
base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
- switches::kProcessType);
+ service_manager::switches::kProcessType);
const std::string activated_sandbox =
"Activated " + sandbox_name +
" sandbox for process type: " + process_type + ".";
@@ -99,7 +98,7 @@
bool UpdateProcessTypeAndEnableSandbox(
SandboxLinux::PreSandboxHook broker_side_hook,
SandboxLinux::Options options,
- sandbox::syscall_broker::BrokerCommandSet allowed_command_set) {
+ syscall_broker::BrokerCommandSet allowed_command_set) {
base::CommandLine::StringVector exec =
base::CommandLine::ForCurrentProcess()->GetArgs();
base::CommandLine::Reset();
@@ -107,8 +106,8 @@
base::CommandLine::ForCurrentProcess()->InitFromArgv(exec);
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
- std::string new_process_type =
- command_line->GetSwitchValueASCII(switches::kProcessType);
+ std::string new_process_type = command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType);
if (!new_process_type.empty()) {
new_process_type.append("-broker");
} else {
@@ -117,7 +116,8 @@
VLOG(3) << "UpdateProcessTypeAndEnableSandbox: Updating process type to "
<< new_process_type;
- command_line->AppendSwitchASCII(switches::kProcessType, new_process_type);
+ command_line->AppendSwitchASCII(service_manager::switches::kProcessType,
+ new_process_type);
if (broker_side_hook)
CHECK(std::move(broker_side_hook).Run(options));
@@ -138,7 +138,7 @@
seccomp_bpf_with_tsync_supported_(false),
yama_is_enforcing_(false),
initialize_sandbox_ran_(false),
- setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()),
+ setuid_sandbox_client_(SetuidSandboxClient::Create()),
broker_process_(nullptr) {
if (!setuid_sandbox_client_) {
LOG(FATAL) << "Failed to instantiate the setuid sandbox client.";
@@ -227,11 +227,11 @@
sandbox_status_flags_ |= kPIDNS;
if (setuid_sandbox_client_->IsInNewNETNamespace())
sandbox_status_flags_ |= kNetNS;
- } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) {
+ } else if (NamespaceSandbox::InNewUserNamespace()) {
sandbox_status_flags_ |= kUserNS;
- if (sandbox::NamespaceSandbox::InNewPidNamespace())
+ if (NamespaceSandbox::InNewPidNamespace())
sandbox_status_flags_ |= kPIDNS;
- if (sandbox::NamespaceSandbox::InNewNetNamespace())
+ if (NamespaceSandbox::InNewNetNamespace())
sandbox_status_flags_ |= kNetNS;
}
@@ -263,7 +263,7 @@
<< "pre-initialized properly.";
const bool is_single_threaded =
- sandbox::ThreadHelpers::IsSingleThreaded(proc_fd.get());
+ ThreadHelpers::IsSingleThreaded(proc_fd.get());
return is_single_threaded;
}
@@ -272,7 +272,7 @@
return seccomp_bpf_started_;
}
-sandbox::SetuidSandboxClient* SandboxLinux::setuid_sandbox_client() const {
+SetuidSandboxClient* SandboxLinux::setuid_sandbox_client() const {
return setuid_sandbox_client_.get();
}
@@ -296,10 +296,10 @@
CHECK(std::move(hook).Run(options));
// If we allow threads *and* have multiple threads, try to use TSYNC.
- sandbox::SandboxBPF::SeccompLevel seccomp_level =
+ SandboxBPF::SeccompLevel seccomp_level =
options.allow_threads_during_sandbox_init && !IsSingleThreaded()
- ? sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED
- : sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED;
+ ? SandboxBPF::SeccompLevel::MULTI_THREADED
+ : SandboxBPF::SeccompLevel::SINGLE_THREADED;
// If the kernel supports the sandbox, and if the command line says we
// should enable it, enable it or die.
@@ -323,8 +323,8 @@
initialize_sandbox_ran_ = true;
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
- const std::string process_type =
- command_line->GetSwitchValueASCII(switches::kProcessType);
+ const std::string process_type = command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType);
// We need to make absolutely sure that our sandbox is "sealed" before
// returning.
@@ -369,7 +369,7 @@
LOG(ERROR) << error_message;
// This will return if /proc/self eventually reports this process is
// single-threaded, or crash if it does not after a number of retries.
- sandbox::ThreadHelpers::AssertSingleThreaded();
+ ThreadHelpers::AssertSingleThreaded();
} else {
LOG(ERROR) << error_message;
return false;
@@ -397,7 +397,7 @@
<< "InitializeSandbox() called after unexpected directories have been "
<< "opened. This breaks the security of the setuid sandbox.";
- sandbox::InitLibcLocaltimeFunctions();
+ InitLibcLocaltimeFunctions();
// Attempt to limit the future size of the address space of the process.
// Fine to call with multiple threads as we don't use RLIMIT_STACK.
@@ -451,7 +451,7 @@
}
#endif
- return static_cast<rlim_t>(sandbox::kDataSizeLimit);
+ return static_cast<rlim_t>(kDataSizeLimit);
}
bool SandboxLinux::LimitAddressSpace(int* error) {
@@ -471,7 +471,7 @@
rlim_t process_data_size_limit = GetProcessDataSizeLimit(sandbox_type);
// Fine to call with multiple threads as we don't use RLIMIT_STACK.
- *error = sandbox::ResourceLimits::Lower(RLIMIT_DATA, process_data_size_limit);
+ *error = ResourceLimits::Lower(RLIMIT_DATA, process_data_size_limit);
// Cache the resource limit before turning on the sandbox.
base::SysInfo::AmountOfVirtualMemory();
@@ -485,12 +485,12 @@
}
void SandboxLinux::StartBrokerProcess(
- const sandbox::syscall_broker::BrokerCommandSet& allowed_command_set,
- std::vector<sandbox::syscall_broker::BrokerFilePermission> permissions,
+ const syscall_broker::BrokerCommandSet& allowed_command_set,
+ std::vector<syscall_broker::BrokerFilePermission> permissions,
PreSandboxHook broker_side_hook,
const Options& options) {
// Leaked at shutdown, so use bare |new|.
- broker_process_ = new sandbox::syscall_broker::BrokerProcess(
+ broker_process_ = new syscall_broker::BrokerProcess(
BPFBasePolicy::GetFSDeniedErrno(), allowed_command_set, permissions);
// The initialization callback will perform generic initialization and then
@@ -501,7 +501,7 @@
}
bool SandboxLinux::HasOpenDirectories() const {
- return sandbox::ProcUtil::HasOpenDirectory(proc_fd_);
+ return ProcUtil::HasOpenDirectory(proc_fd_);
}
void SandboxLinux::SealSandbox() {
@@ -527,8 +527,7 @@
DCHECK(thread);
base::ScopedFD proc_fd(OpenProc(proc_fd_));
PCHECK(proc_fd.is_valid());
- CHECK(
- sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread));
+ CHECK(ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread));
}
bool SandboxLinux::EngageNamespaceSandboxInternal(bool from_zygote) {
@@ -541,30 +540,31 @@
if (from_zygote) {
// Check being in a new PID namespace created by the namespace sandbox and
// being the init process.
- CHECK(sandbox::NamespaceSandbox::InNewPidNamespace());
+ CHECK(NamespaceSandbox::InNewPidNamespace());
const pid_t pid = getpid();
CHECK_EQ(1, pid);
}
// After we successfully move to a new user ns, we don't allow this function
// to fail.
- if (!sandbox::Credentials::MoveToNewUserNS()) {
+ if (!Credentials::MoveToNewUserNS()) {
return false;
}
// Note: this requires SealSandbox() to be called later in this process to be
// safe, as this class is keeping a file descriptor to /proc/.
- CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_));
+ CHECK(Credentials::DropFileSystemAccess(proc_fd_));
// Now we drop all capabilities that we can. In the zygote process, we need
// to keep CAP_SYS_ADMIN, to place each child in its own PID namespace
// later on.
- std::vector<sandbox::Credentials::Capability> caps;
+ std::vector<Credentials::Capability> caps;
if (from_zygote) {
- caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN);
+ caps.push_back(Credentials::Capability::SYS_ADMIN);
}
- CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps));
+ CHECK(Credentials::SetCapabilities(proc_fd_, caps));
return true;
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/linux/sandbox_linux.h b/sandbox/policy/linux/sandbox_linux.h
similarity index 90%
rename from services/service_manager/sandbox/linux/sandbox_linux.h
rename to sandbox/policy/linux/sandbox_linux.h
index 6a17f9ed..3f818b9 100644
--- a/services/service_manager/sandbox/linux/sandbox_linux.h
+++ b/sandbox/policy/linux/sandbox_linux.h
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_LINUX_H_
+#ifndef SANDBOX_POLICY_LINUX_SANDBOX_LINUX_H_
+#define SANDBOX_POLICY_LINUX_SANDBOX_LINUX_H_
#include <memory>
#include <string>
@@ -14,10 +14,10 @@
#include "base/posix/global_descriptors.h"
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/sanitizer_buildflags.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/sanitizer_buildflags.h"
#if BUILDFLAG(USING_SANITIZER)
#include <sanitizer/common_interface_defs.h>
@@ -36,7 +36,8 @@
class SetuidSandboxClient;
} // namespace sandbox
-namespace service_manager {
+namespace sandbox {
+namespace policy {
// A singleton class to represent and change our sandboxing state for the
// three main Linux sandboxes.
@@ -48,7 +49,7 @@
// InitializeSandbox(). InitializeSandbox() is also responsible for "sealing"
// the first layer of sandboxing. That is, InitializeSandbox must always be
// called to have any meaningful sandboxing at all.
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxLinux {
+class SANDBOX_POLICY_EXPORT SandboxLinux {
public:
// This is a list of sandbox IPC methods which the renderer may send to the
// sandbox host. See
@@ -184,14 +185,14 @@
// NULL.
// There is no StartSetuidSandbox(), the SetuidSandboxClient instance should
// be used directly.
- sandbox::SetuidSandboxClient* setuid_sandbox_client() const;
+ SetuidSandboxClient* setuid_sandbox_client() const;
// Check the policy and eventually start the seccomp-bpf sandbox. Fine to be
// called with threads, as long as
// |options.allow_threads_during_sandbox_init| is true and the kernel
// supports seccomp's TSYNC feature. If TSYNC is not available we treat
// multiple threads as a fatal error.
- bool StartSeccompBPF(service_manager::SandboxType sandbox_type,
+ bool StartSeccompBPF(SandboxType sandbox_type,
PreSandboxHook hook,
const Options& options);
@@ -227,12 +228,12 @@
// This should never be destroyed, as after the sandbox is started it is
// vital to the process.
void StartBrokerProcess(
- const sandbox::syscall_broker::BrokerCommandSet& allowed_command_set,
- std::vector<sandbox::syscall_broker::BrokerFilePermission> permissions,
+ const syscall_broker::BrokerCommandSet& allowed_command_set,
+ std::vector<syscall_broker::BrokerFilePermission> permissions,
PreSandboxHook broker_side_hook,
const Options& options);
- sandbox::syscall_broker::BrokerProcess* broker_process() const {
+ syscall_broker::BrokerProcess* broker_process() const {
return broker_process_;
}
@@ -257,7 +258,7 @@
// GetStatus() makes promises as to how the sandbox will behave. This
// checks that no promises have been broken.
- void CheckForBrokenPromises(service_manager::SandboxType sandbox_type);
+ void CheckForBrokenPromises(SandboxType sandbox_type);
// Stop |thread| and make sure it does not appear in /proc/self/tasks/
// anymore.
@@ -283,15 +284,16 @@
bool seccomp_bpf_with_tsync_supported_; // Accurate if pre_initialized_.
bool yama_is_enforcing_; // Accurate if pre_initialized_.
bool initialize_sandbox_ran_; // InitializeSandbox() was called.
- std::unique_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
+ std::unique_ptr<SetuidSandboxClient> setuid_sandbox_client_;
#if BUILDFLAG(USING_SANITIZER)
std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
#endif
- sandbox::syscall_broker::BrokerProcess* broker_process_; // Leaked as global.
+ syscall_broker::BrokerProcess* broker_process_; // Leaked as global.
DISALLOW_COPY_AND_ASSIGN(SandboxLinux);
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_LINUX_H_
+#endif // SANDBOX_POLICY_LINUX_SANDBOX_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc
similarity index 80%
rename from services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
rename to sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc
index 1c16d68..a65aedb 100644
--- a/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
+++ b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h"
+#include "sandbox/policy/linux/sandbox_seccomp_bpf_linux.h"
#include <errno.h>
#include <fcntl.h>
@@ -20,9 +20,9 @@
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/bpf_dsl/trap_registry.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "sandbox/sandbox_buildflags.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#if BUILDFLAG(USE_SECCOMP_BPF)
@@ -34,32 +34,29 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/bpf_audio_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_network_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_sharing_service_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_utility_policy_linux.h"
+#include "sandbox/policy/linux/bpf_audio_policy_linux.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cdm_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_gpu_policy_linux.h"
+#include "sandbox/policy/linux/bpf_network_policy_linux.h"
+#include "sandbox/policy/linux/bpf_ppapi_policy_linux.h"
+#include "sandbox/policy/linux/bpf_print_compositor_policy_linux.h"
+#include "sandbox/policy/linux/bpf_renderer_policy_linux.h"
+#include "sandbox/policy/linux/bpf_sharing_service_policy_linux.h"
+#include "sandbox/policy/linux/bpf_speech_recognition_policy_linux.h"
+#include "sandbox/policy/linux/bpf_utility_policy_linux.h"
#if !defined(OS_NACL_NONSFI)
-#include "services/service_manager/sandbox/chromecast_sandbox_whitelist_buildflags.h"
+#include "sandbox/policy/chromecast_sandbox_whitelist_buildflags.h"
#endif // !defined(OS_NACL_NONSFI)
#if defined(OS_CHROMEOS)
-#include "services/service_manager/sandbox/linux/bpf_ime_policy_linux.h"
-#include "services/service_manager/sandbox/linux/bpf_tts_policy_linux.h"
+#include "sandbox/policy/linux/bpf_ime_policy_linux.h"
+#include "sandbox/policy/linux/bpf_tts_policy_linux.h"
#endif // defined(OS_CHROMEOS)
-using sandbox::BaselinePolicy;
-using sandbox::SandboxBPF;
-using sandbox::SyscallSets;
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
@@ -73,7 +70,8 @@
#endif // BUILDFLAG(USE_SECCOMP_BPF)
-namespace service_manager {
+namespace sandbox {
+namespace policy {
#if BUILDFLAG(USE_SECCOMP_BPF)
namespace {
@@ -248,9 +246,9 @@
#endif // !defined(OS_NACL_NONSFI)
bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
- std::unique_ptr<sandbox::bpf_dsl::Policy> policy,
+ std::unique_ptr<bpf_dsl::Policy> policy,
base::ScopedFD proc_fd,
- sandbox::SandboxBPF::SeccompLevel seccomp_level) {
+ SandboxBPF::SeccompLevel seccomp_level) {
#if BUILDFLAG(USE_SECCOMP_BPF)
if (IsSeccompBPFDesired() && SupportsSandbox()) {
CHECK(policy);
@@ -269,8 +267,7 @@
}
#if !defined(OS_NACL_NONSFI)
-std::unique_ptr<sandbox::bpf_dsl::Policy>
-SandboxSeccompBPF::GetBaselinePolicy() {
+std::unique_ptr<bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() {
#if BUILDFLAG(USE_SECCOMP_BPF)
return std::make_unique<BaselinePolicy>();
#else
@@ -279,4 +276,5 @@
}
#endif // !defined(OS_NACL_NONSFI)
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.h
similarity index 72%
rename from services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h
rename to sandbox/policy/linux/sandbox_seccomp_bpf_linux.h
index e9f1688c..46a985e 100644
--- a/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h
+++ b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.h
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
+#ifndef SANDBOX_POLICY_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
+#define SANDBOX_POLICY_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
#include <memory>
@@ -13,19 +13,20 @@
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/policy.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/linux/bpf_base_policy_linux.h"
+#include "sandbox/policy/sandbox_type.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
// This class has two main sets of APIs. One can be used to start the sandbox
// for internal content process types, the other is indirectly exposed as
// a public content/ API and uses a supplied policy.
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxSeccompBPF {
+class SANDBOX_POLICY_EXPORT SandboxSeccompBPF {
public:
struct Options {
- bool use_amd_specific_policies = false; // For ChromiumOS.
+ bool use_amd_specific_policies = false; // For ChromiumOS.
bool use_intel_specific_policies = false; // For ChromiumOS.
// Options for GPU's PreSandboxHook.
@@ -61,18 +62,19 @@
// This is the API to enable a seccomp-bpf sandbox by using an
// external policy.
static bool StartSandboxWithExternalPolicy(
- std::unique_ptr<sandbox::bpf_dsl::Policy> policy,
+ std::unique_ptr<bpf_dsl::Policy> policy,
base::ScopedFD proc_fd,
- sandbox::SandboxBPF::SeccompLevel seccomp_level =
- sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED);
+ SandboxBPF::SeccompLevel seccomp_level =
+ SandboxBPF::SeccompLevel::SINGLE_THREADED);
// The "baseline" policy can be a useful base to build a sandbox policy.
- static std::unique_ptr<sandbox::bpf_dsl::Policy> GetBaselinePolicy();
+ static std::unique_ptr<bpf_dsl::Policy> GetBaselinePolicy();
private:
DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxSeccompBPF);
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
+#endif // SANDBOX_POLICY_LINUX_SANDBOX_SECCOMP_BPF_LINUX_H_
diff --git a/services/service_manager/sandbox/mac/BUILD.gn b/sandbox/policy/mac/BUILD.gn
similarity index 93%
rename from services/service_manager/sandbox/mac/BUILD.gn
rename to sandbox/policy/mac/BUILD.gn
index 6bb2025..c3d9df3 100644
--- a/services/service_manager/sandbox/mac/BUILD.gn
+++ b/sandbox/policy/mac/BUILD.gn
@@ -29,6 +29,6 @@
source_set("packaged_sb_files") {
sources = get_target_outputs(":package_sb_files")
- defines = [ "SERVICE_MANAGER_SANDBOX_IMPL" ]
+ defines = [ "SANDBOX_POLICY_IMPL" ]
deps = [ ":package_sb_files" ]
}
diff --git a/services/service_manager/sandbox/mac/DEPS b/sandbox/policy/mac/DEPS
similarity index 100%
rename from services/service_manager/sandbox/mac/DEPS
rename to sandbox/policy/mac/DEPS
diff --git a/services/service_manager/sandbox/mac/OWNERS b/sandbox/policy/mac/OWNERS
similarity index 100%
rename from services/service_manager/sandbox/mac/OWNERS
rename to sandbox/policy/mac/OWNERS
diff --git a/services/service_manager/sandbox/mac/audio.sb b/sandbox/policy/mac/audio.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/audio.sb
rename to sandbox/policy/mac/audio.sb
diff --git a/services/service_manager/sandbox/mac/cdm.sb b/sandbox/policy/mac/cdm.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/cdm.sb
rename to sandbox/policy/mac/cdm.sb
diff --git a/services/service_manager/sandbox/mac/common.sb b/sandbox/policy/mac/common.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/common.sb
rename to sandbox/policy/mac/common.sb
diff --git a/services/service_manager/sandbox/mac/gpu.sb b/sandbox/policy/mac/gpu.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/gpu.sb
rename to sandbox/policy/mac/gpu.sb
diff --git a/services/service_manager/sandbox/mac/gpu_v2.sb b/sandbox/policy/mac/gpu_v2.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/gpu_v2.sb
rename to sandbox/policy/mac/gpu_v2.sb
diff --git a/services/service_manager/sandbox/mac/nacl_loader.sb b/sandbox/policy/mac/nacl_loader.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/nacl_loader.sb
rename to sandbox/policy/mac/nacl_loader.sb
diff --git a/services/service_manager/sandbox/mac/network.sb b/sandbox/policy/mac/network.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/network.sb
rename to sandbox/policy/mac/network.sb
diff --git a/services/service_manager/sandbox/mac/package_sb_file.py b/sandbox/policy/mac/package_sb_file.py
similarity index 87%
rename from services/service_manager/sandbox/mac/package_sb_file.py
rename to sandbox/policy/mac/package_sb_file.py
index 098d689..934fd22 100755
--- a/services/service_manager/sandbox/mac/package_sb_file.py
+++ b/sandbox/policy/mac/package_sb_file.py
@@ -11,12 +11,12 @@
"""
header = '// Generated by package_sb_file.py. Do not edit !!!\n\n'
-namespace = 'namespace service_manager {\n\n'
-namespace_end = '\n} // namespace service_manager\n'
-h_include = '#include "services/service_manager/sandbox/export.h"\n'
-h_definition = ('SERVICE_MANAGER_SANDBOX_EXPORT\n' +
+namespace = 'namespace sandbox {\nnamespace policy{\n\n'
+namespace_end = '\n} // namespace policy\n} // namespace sandbox\n'
+h_include = '#include "sandbox/policy/export.h"\n'
+h_definition = ('SANDBOX_POLICY_EXPORT\n' +
'extern const char kSeatbeltPolicyString_%s[];\n\n')
-cc_include = '#include "services/service_manager/sandbox/mac/%s.sb.h"\n'
+cc_include = '#include "sandbox/policy/mac/%s.sb.h"\n'
cc_definition = 'const char kSeatbeltPolicyString_%s[] = \n'
cc_definition_end = '"";\n' # Add "" so the definition has some content
# (the empty string) if the sb file is empty.
diff --git a/services/service_manager/sandbox/mac/ppapi.sb b/sandbox/policy/mac/ppapi.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/ppapi.sb
rename to sandbox/policy/mac/ppapi.sb
diff --git a/services/service_manager/sandbox/mac/print_compositor.sb b/sandbox/policy/mac/print_compositor.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/print_compositor.sb
rename to sandbox/policy/mac/print_compositor.sb
diff --git a/services/service_manager/sandbox/mac/renderer.sb b/sandbox/policy/mac/renderer.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/renderer.sb
rename to sandbox/policy/mac/renderer.sb
diff --git a/services/service_manager/sandbox/mac/sandbox_mac.h b/sandbox/policy/mac/sandbox_mac.h
similarity index 85%
rename from services/service_manager/sandbox/mac/sandbox_mac.h
rename to sandbox/policy/mac/sandbox_mac.h
index dd2d9e1b..37fe74b 100644
--- a/services/service_manager/sandbox/mac/sandbox_mac.h
+++ b/sandbox/policy/mac/sandbox_mac.h
@@ -2,21 +2,22 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICE_MANAGER_SANDBOX_MAC_SANDBOX_MAC_H_
-#define SERVICE_MANAGER_SANDBOX_MAC_SANDBOX_MAC_H_
+#ifndef SANDBOX_POLICY_MAC_SANDBOX_MAC_H_
+#define SANDBOX_POLICY_MAC_SANDBOX_MAC_H_
#include "base/gtest_prod_util.h"
#include "base/macros.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/sandbox_type.h"
namespace base {
class FilePath;
}
-namespace service_manager {
+namespace sandbox {
+namespace policy {
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxMac {
+class SANDBOX_POLICY_EXPORT SandboxMac {
public:
// Warm up System APIs that empirically need to be accessed before the
// sandbox is turned on. |sandbox_type| is the type of sandbox to warm up.
@@ -67,6 +68,7 @@
DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxMac);
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICE_MANAGER_SANDBOX_MAC_SANDBOX_MAC_H_
+#endif // SANDBOX_POLICY_MAC_SANDBOX_MAC_H_
diff --git a/services/service_manager/sandbox/mac/sandbox_mac.mm b/sandbox/policy/mac/sandbox_mac.mm
similarity index 76%
rename from services/service_manager/sandbox/mac/sandbox_mac.mm
rename to sandbox/policy/mac/sandbox_mac.mm
index 511d7ed..0decae68 100644
--- a/services/service_manager/sandbox/mac/sandbox_mac.mm
+++ b/sandbox/policy/mac/sandbox_mac.mm
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
#import <Cocoa/Cocoa.h>
#include <stddef.h>
@@ -38,21 +38,22 @@
#include "base/strings/utf_string_conversions.h"
#include "base/system/sys_info.h"
#include "sandbox/mac/sandbox_compiler.h"
-#include "services/service_manager/sandbox/mac/audio.sb.h"
-#include "services/service_manager/sandbox/mac/cdm.sb.h"
-#include "services/service_manager/sandbox/mac/common.sb.h"
-#include "services/service_manager/sandbox/mac/gpu.sb.h"
-#include "services/service_manager/sandbox/mac/gpu_v2.sb.h"
-#include "services/service_manager/sandbox/mac/nacl_loader.sb.h"
-#include "services/service_manager/sandbox/mac/network.sb.h"
-#include "services/service_manager/sandbox/mac/ppapi.sb.h"
-#include "services/service_manager/sandbox/mac/print_compositor.sb.h"
-#include "services/service_manager/sandbox/mac/renderer.sb.h"
-#include "services/service_manager/sandbox/mac/utility.sb.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/mac/audio.sb.h"
+#include "sandbox/policy/mac/cdm.sb.h"
+#include "sandbox/policy/mac/common.sb.h"
+#include "sandbox/policy/mac/gpu.sb.h"
+#include "sandbox/policy/mac/gpu_v2.sb.h"
+#include "sandbox/policy/mac/nacl_loader.sb.h"
+#include "sandbox/policy/mac/network.sb.h"
+#include "sandbox/policy/mac/ppapi.sb.h"
+#include "sandbox/policy/mac/print_compositor.sb.h"
+#include "sandbox/policy/mac/renderer.sb.h"
+#include "sandbox/policy/mac/utility.sb.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
// Static variable declarations.
const char* SandboxMac::kSandboxBrowserPID = "BROWSER_PID";
@@ -153,7 +154,7 @@
if (sandbox_data.empty())
return false;
- sandbox::SandboxCompiler compiler(sandbox_data);
+ SandboxCompiler compiler(sandbox_data);
// Enable verbose logging if enabled on the command line. (See common.sb
// for details).
@@ -195,7 +196,7 @@
if (!compiler.InsertBooleanParam(kSandboxMacOS1013, macos_1013))
return false;
- if (sandbox_type == service_manager::SandboxType::kGpu) {
+ if (sandbox_type == SandboxType::kGpu) {
base::FilePath bundle_path =
SandboxMac::GetCanonicalPath(base::mac::FrameworkBundlePath());
if (!compiler.InsertStringParam(kSandboxBundleVersionPath,
@@ -229,44 +230,44 @@
// static
std::string SandboxMac::GetSandboxProfile(SandboxType sandbox_type) {
- std::string profile =
- std::string(service_manager::kSeatbeltPolicyString_common);
+ std::string profile = std::string(kSeatbeltPolicyString_common);
switch (sandbox_type) {
- case service_manager::SandboxType::kAudio:
- profile += service_manager::kSeatbeltPolicyString_audio;
+ case SandboxType::kAudio:
+ profile += kSeatbeltPolicyString_audio;
break;
- case service_manager::SandboxType::kCdm:
- profile += service_manager::kSeatbeltPolicyString_cdm;
+ case SandboxType::kCdm:
+ profile += kSeatbeltPolicyString_cdm;
break;
- case service_manager::SandboxType::kGpu:
- profile += service_manager::kSeatbeltPolicyString_gpu_v2;
+ case SandboxType::kGpu:
+ profile += kSeatbeltPolicyString_gpu_v2;
break;
- case service_manager::SandboxType::kNaClLoader:
- profile += service_manager::kSeatbeltPolicyString_nacl_loader;
+ case SandboxType::kNaClLoader:
+ profile += kSeatbeltPolicyString_nacl_loader;
break;
- case service_manager::SandboxType::kNetwork:
- profile += service_manager::kSeatbeltPolicyString_network;
+ case SandboxType::kNetwork:
+ profile += kSeatbeltPolicyString_network;
break;
- case service_manager::SandboxType::kPpapi:
- profile += service_manager::kSeatbeltPolicyString_ppapi;
+ case SandboxType::kPpapi:
+ profile += kSeatbeltPolicyString_ppapi;
break;
- case service_manager::SandboxType::kPrintCompositor:
- profile += service_manager::kSeatbeltPolicyString_print_compositor;
+ case SandboxType::kPrintCompositor:
+ profile += kSeatbeltPolicyString_print_compositor;
break;
- case service_manager::SandboxType::kUtility:
- profile += service_manager::kSeatbeltPolicyString_utility;
+ case SandboxType::kUtility:
+ profile += kSeatbeltPolicyString_utility;
break;
- case service_manager::SandboxType::kRenderer:
- profile += service_manager::kSeatbeltPolicyString_renderer;
+ case SandboxType::kRenderer:
+ profile += kSeatbeltPolicyString_renderer;
break;
- case service_manager::SandboxType::kNoSandbox:
- case service_manager::SandboxType::kVideoCapture:
- case service_manager::SandboxType::kSpeechRecognition:
+ case SandboxType::kNoSandbox:
+ case SandboxType::kVideoCapture:
+ case SandboxType::kSpeechRecognition:
CHECK(false);
break;
}
return profile;
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/mac/utility.sb b/sandbox/policy/mac/utility.sb
similarity index 100%
rename from services/service_manager/sandbox/mac/utility.sb
rename to sandbox/policy/mac/utility.sb
diff --git a/services/service_manager/sandbox/sandbox.cc b/sandbox/policy/sandbox.cc
similarity index 81%
rename from services/service_manager/sandbox/sandbox.cc
rename to sandbox/policy/sandbox.cc
index c1af5077..aa11fe4 100644
--- a/services/service_manager/sandbox/sandbox.cc
+++ b/sandbox/policy/sandbox.cc
@@ -2,32 +2,33 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/sandbox.h"
+#include "sandbox/policy/sandbox.h"
#include "base/command_line.h"
#include "build/build_config.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#if defined(OS_ANDROID)
#include "base/android/jni_android.h"
#endif // defined(OS_ANDROID)
#if defined(OS_LINUX)
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#endif // defined(OS_LINUX)
#if defined(OS_MACOSX)
#include "sandbox/mac/seatbelt.h"
-#include "services/service_manager/sandbox/mac/sandbox_mac.h"
+#include "sandbox/policy/mac/sandbox_mac.h"
#endif // defined(OS_MACOSX)
#if defined(OS_WIN)
#include "base/process/process_info.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#endif // defined(OS_WIN)
-namespace service_manager {
+namespace sandbox {
+namespace policy {
#if defined(OS_LINUX)
bool Sandbox::Initialize(SandboxType sandbox_type,
@@ -54,8 +55,8 @@
#if defined(OS_WIN)
bool Sandbox::Initialize(SandboxType sandbox_type,
- sandbox::SandboxInterfaceInfo* sandbox_info) {
- sandbox::BrokerServices* broker_services = sandbox_info->broker_services;
+ SandboxInterfaceInfo* sandbox_info) {
+ BrokerServices* broker_services = sandbox_info->broker_services;
if (broker_services) {
if (!SandboxWin::InitBrokerServices(broker_services))
return false;
@@ -66,10 +67,9 @@
// broken. This has to run before threads and windows are created.
if (!IsUnsandboxedSandboxType(sandbox_type)) {
// Precreate the desktop and window station used by the renderers.
- scoped_refptr<sandbox::TargetPolicy> policy =
- broker_services->CreatePolicy();
- sandbox::ResultCode result = policy->CreateAlternateDesktop(true);
- CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result);
+ scoped_refptr<TargetPolicy> policy = broker_services->CreatePolicy();
+ ResultCode result = policy->CreateAlternateDesktop(true);
+ CHECK(SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result);
}
return true;
}
@@ -81,7 +81,8 @@
// static
bool Sandbox::IsProcessSandboxed() {
auto* command_line = base::CommandLine::ForCurrentProcess();
- bool is_browser = !command_line->HasSwitch(switches::kProcessType);
+ bool is_browser =
+ !command_line->HasSwitch(service_manager::switches::kProcessType);
if (!is_browser &&
base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoSandbox)) {
@@ -115,7 +116,7 @@
SandboxLinux::Status::kSeccompBPF | SandboxLinux::Status::kSeccompTSYNC;
return (status & kLayer1Flags) != 0 && (status & kLayer2Flags) != 0;
#elif defined(OS_MACOSX)
- return sandbox::Seatbelt::IsSandboxed();
+ return Seatbelt::IsSandboxed();
#elif defined(OS_WIN)
return base::GetCurrentProcessIntegrityLevel() < base::MEDIUM_INTEGRITY;
#else
@@ -123,4 +124,5 @@
#endif
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/sandbox.h b/sandbox/policy/sandbox.h
similarity index 77%
rename from services/service_manager/sandbox/sandbox.h
rename to sandbox/policy/sandbox.h
index 535df98..45287ff 100644
--- a/services/service_manager/sandbox/sandbox.h
+++ b/sandbox/policy/sandbox.h
@@ -2,15 +2,15 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICE_MANAGER_SANDBOX_SANDBOX_H_
-#define SERVICE_MANAGER_SANDBOX_SANDBOX_H_
+#ifndef SANDBOX_POLICY_SANDBOX_H_
+#define SANDBOX_POLICY_SANDBOX_H_
#include "build/build_config.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/sandbox_type.h"
#if defined(OS_LINUX)
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#endif
#if defined(OS_MACOSX)
@@ -21,8 +21,8 @@
struct SandboxInterfaceInfo;
} // namespace sandbox
-namespace service_manager {
-
+namespace sandbox {
+namespace policy {
// Interface to the service manager sandboxes across the various platforms.
//
// Ideally, this API would abstract away the platform differences, but there
@@ -32,7 +32,7 @@
// * The means of specifying the additional resources that are permitted.
// * The need to "warmup" other resources before engaing the sandbox.
-class SERVICE_MANAGER_SANDBOX_EXPORT Sandbox {
+class SANDBOX_POLICY_EXPORT Sandbox {
public:
#if defined(OS_LINUX)
static bool Initialize(SandboxType sandbox_type,
@@ -49,15 +49,15 @@
#endif // defined(OS_MACOSX)
#if defined(OS_WIN)
- static bool Initialize(service_manager::SandboxType sandbox_type,
- sandbox::SandboxInterfaceInfo* sandbox_info);
+ static bool Initialize(SandboxType sandbox_type,
+ SandboxInterfaceInfo* sandbox_info);
#endif // defined(OS_WIN)
// Returns true if the current process is running with a sandbox, and false
// if the process is not sandboxed. This should be used to assert that code is
// not running at high-privilege (e.g. in the browser process):
//
- // DCHECK(service_manager::Sandbox::IsProcessSandboxed());
+ // DCHECK(Sandbox::IsProcessSandboxed());
//
// The definition of what constitutes a sandbox, and the relative strength of
// the restrictions placed on the process, and a per-platform implementation
@@ -68,6 +68,7 @@
static bool IsProcessSandboxed();
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICE_MANAGER_SANDBOX_SANDBOX_H_
+#endif // SANDBOX_POLICY_SANDBOX_H_
diff --git a/services/service_manager/sandbox/sandbox_delegate.h b/sandbox/policy/sandbox_delegate.h
similarity index 71%
rename from services/service_manager/sandbox/sandbox_delegate.h
rename to sandbox/policy/sandbox_delegate.h
index 9d32a52c..d827c94 100644
--- a/services/service_manager/sandbox/sandbox_delegate.h
+++ b/sandbox/policy/sandbox_delegate.h
@@ -2,20 +2,19 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_
+#ifndef SANDBOX_POLICY_SANDBOX_DELEGATE_H_
+#define SANDBOX_POLICY_SANDBOX_DELEGATE_H_
#include <string>
#include "base/process/process.h"
#include "build/build_config.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
namespace sandbox {
class TargetPolicy;
-}
-namespace service_manager {
+namespace policy {
class SandboxDelegate {
public:
@@ -23,7 +22,7 @@
// Returns the SandboxType to enforce on the process, or
// SandboxType::kNoSandbox to run without a sandbox policy.
- virtual service_manager::SandboxType GetSandboxType() = 0;
+ virtual SandboxType GetSandboxType() = 0;
#if defined(OS_WIN)
// Whether to disable the default policy specified in
@@ -35,13 +34,14 @@
virtual bool GetAppContainerId(std::string* appcontainer_id) = 0;
// Called right before spawning the process. Returns false on failure.
- virtual bool PreSpawnTarget(sandbox::TargetPolicy* policy) = 0;
+ virtual bool PreSpawnTarget(TargetPolicy* policy) = 0;
// Called right after the process is launched, but before its thread is run.
virtual void PostSpawnTarget(base::ProcessHandle process) = 0;
#endif // defined(OS_WIN)
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_DELEGATE_H_
+#endif // SANDBOX_POLICY_SANDBOX_DELEGATE_H_
diff --git a/services/service_manager/sandbox/sandbox_type.cc b/sandbox/policy/sandbox_type.cc
similarity index 89%
rename from services/service_manager/sandbox/sandbox_type.cc
rename to sandbox/policy/sandbox_type.cc
index de79b63..3aa4153 100644
--- a/services/service_manager/sandbox/sandbox_type.cc
+++ b/sandbox/policy/sandbox_type.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
#include <string>
@@ -10,10 +10,11 @@
#include "base/feature_list.h"
#include "base/logging.h"
#include "base/notreached.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/switches.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
bool IsUnsandboxedSandboxType(SandboxType sandbox_type) {
switch (sandbox_type) {
@@ -23,8 +24,7 @@
case SandboxType::kNoSandboxAndElevatedPrivileges:
return true;
case SandboxType::kXrCompositing:
- return !base::FeatureList::IsEnabled(
- service_manager::features::kXRSandbox);
+ return !base::FeatureList::IsEnabled(features::kXRSandbox);
case SandboxType::kProxyResolver:
case SandboxType::kPdfConversion:
case SandboxType::kIconReader:
@@ -42,8 +42,7 @@
#if defined(OS_MACOSX)
return false;
#else
- return !base::FeatureList::IsEnabled(
- service_manager::features::kNetworkServiceSandbox);
+ return !base::FeatureList::IsEnabled(features::kNetworkServiceSandbox);
#endif // defined(OS_MACOSX)
case SandboxType::kRenderer:
case SandboxType::kUtility:
@@ -76,7 +75,8 @@
SandboxType sandbox_type) {
switch (sandbox_type) {
case SandboxType::kNoSandbox:
- if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ if (command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kUtilityProcess) {
DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
command_line->AppendSwitchASCII(
@@ -92,20 +92,24 @@
break;
#endif
case SandboxType::kRenderer:
- DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ DCHECK(command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kRendererProcess);
break;
case SandboxType::kGpu:
- DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ DCHECK(command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kGpuProcess);
break;
case SandboxType::kPpapi:
- if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ if (command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kUtilityProcess) {
command_line->AppendSwitchASCII(switches::kServiceSandboxType,
switches::kPpapiSandbox);
} else {
- DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ DCHECK(command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kPpapiPluginProcess);
}
break;
@@ -129,7 +133,8 @@
case SandboxType::kSharingService:
#endif
case SandboxType::kSpeechRecognition:
- DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
+ DCHECK(command_line->GetSwitchValueASCII(
+ service_manager::switches::kProcessType) ==
switches::kUtilityProcess);
DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
command_line->AppendSwitchASCII(
@@ -161,7 +166,7 @@
#endif
std::string process_type =
- command_line.GetSwitchValueASCII(switches::kProcessType);
+ command_line.GetSwitchValueASCII(service_manager::switches::kProcessType);
if (process_type.empty())
return SandboxType::kNoSandbox;
@@ -326,4 +331,5 @@
switches::kEnableAudioServiceSandbox);
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/sandbox_type.h b/sandbox/policy/sandbox_type.h
similarity index 75%
rename from services/service_manager/sandbox/sandbox_type.h
rename to sandbox/policy/sandbox_type.h
index b35e395..6dc54192 100644
--- a/services/service_manager/sandbox/sandbox_type.h
+++ b/sandbox/policy/sandbox_type.h
@@ -2,16 +2,17 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_TYPE_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_TYPE_H_
+#ifndef SANDBOX_POLICY_SANDBOX_TYPE_H_
+#define SANDBOX_POLICY_SANDBOX_TYPE_H_
#include <string>
#include "base/command_line.h"
#include "build/build_config.h"
-#include "services/service_manager/sandbox/export.h"
+#include "sandbox/policy/export.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
// Defines the sandbox types known within the servicemanager.
enum class SandboxType {
@@ -96,26 +97,26 @@
kMaxValue = kVideoCapture
};
-SERVICE_MANAGER_SANDBOX_EXPORT bool IsUnsandboxedSandboxType(
- SandboxType sandbox_type);
+SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(SandboxType sandbox_type);
-SERVICE_MANAGER_SANDBOX_EXPORT void SetCommandLineFlagsForSandboxType(
+SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(
base::CommandLine* command_line,
SandboxType sandbox_type);
-SERVICE_MANAGER_SANDBOX_EXPORT SandboxType
+SANDBOX_POLICY_EXPORT SandboxType
SandboxTypeFromCommandLine(const base::CommandLine& command_line);
-SERVICE_MANAGER_SANDBOX_EXPORT std::string StringFromUtilitySandboxType(
+SANDBOX_POLICY_EXPORT std::string StringFromUtilitySandboxType(
SandboxType sandbox_type);
-SERVICE_MANAGER_SANDBOX_EXPORT SandboxType
+SANDBOX_POLICY_EXPORT SandboxType
UtilitySandboxTypeFromString(const std::string& sandbox_string);
-SERVICE_MANAGER_SANDBOX_EXPORT void EnableAudioSandbox(bool enable);
+SANDBOX_POLICY_EXPORT void EnableAudioSandbox(bool enable);
-SERVICE_MANAGER_SANDBOX_EXPORT bool IsAudioSandboxEnabled();
+SANDBOX_POLICY_EXPORT bool IsAudioSandboxEnabled();
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_SANDBOX_TYPE_H_
+#endif // SANDBOX_POLICY_SANDBOX_TYPE_H_
diff --git a/services/service_manager/tests/sandbox/sandbox_type_unittest.cc b/sandbox/policy/sandbox_type_unittest.cc
similarity index 91%
rename from services/service_manager/tests/sandbox/sandbox_type_unittest.cc
rename to sandbox/policy/sandbox_type_unittest.cc
index 4618680..51a47066 100644
--- a/services/service_manager/tests/sandbox/sandbox_type_unittest.cc
+++ b/sandbox/policy/sandbox_type_unittest.cc
@@ -2,14 +2,15 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
#include "base/command_line.h"
#include "build/build_config.h"
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "testing/gtest/include/gtest/gtest.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
TEST(SandboxTypeTest, Empty) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
@@ -35,7 +36,7 @@
TEST(SandboxTypeTest, Renderer) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType,
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
switches::kRendererProcess);
EXPECT_EQ(SandboxType::kRenderer, SandboxTypeFromCommandLine(command_line));
@@ -50,7 +51,7 @@
TEST(SandboxTypeTest, Utility) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType,
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
switches::kUtilityProcess);
EXPECT_EQ(SandboxType::kUtility, SandboxTypeFromCommandLine(command_line));
@@ -122,7 +123,8 @@
TEST(SandboxTypeTest, GPU) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType, switches::kGpuProcess);
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
+ switches::kGpuProcess);
SetCommandLineFlagsForSandboxType(&command_line, SandboxType::kGpu);
EXPECT_EQ(SandboxType::kGpu, SandboxTypeFromCommandLine(command_line));
@@ -135,7 +137,7 @@
TEST(SandboxTypeTest, PPAPIBroker) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType,
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
switches::kPpapiBrokerProcess);
EXPECT_EQ(SandboxType::kNoSandbox, SandboxTypeFromCommandLine(command_line));
@@ -148,7 +150,7 @@
TEST(SandboxTypeTest, PPAPIPlugin) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType,
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
switches::kPpapiPluginProcess);
SetCommandLineFlagsForSandboxType(&command_line, SandboxType::kPpapi);
EXPECT_EQ(SandboxType::kPpapi, SandboxTypeFromCommandLine(command_line));
@@ -162,7 +164,8 @@
TEST(SandboxTypeTest, Nonesuch) {
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- command_line.AppendSwitchASCII(switches::kProcessType, "nonesuch");
+ command_line.AppendSwitchASCII(service_manager::switches::kProcessType,
+ "nonesuch");
// If tested here would CHECK.
command_line.AppendSwitchASCII(switches::kServiceSandboxType, "network");
@@ -185,4 +188,5 @@
#endif
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/switches.cc b/sandbox/policy/switches.cc
similarity index 97%
rename from services/service_manager/sandbox/switches.cc
rename to sandbox/policy/switches.cc
index e635d4e8..b7ce9920 100644
--- a/services/service_manager/sandbox/switches.cc
+++ b/sandbox/policy/switches.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/switches.h"
+#include "sandbox/policy/switches.h"
#include "build/build_config.h"
@@ -11,7 +11,8 @@
#include "base/win/windows_version.h"
#endif
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace switches {
// Type of sandbox to apply to the process running the service, one of the
@@ -136,4 +137,5 @@
#endif
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/switches.h b/sandbox/policy/switches.h
new file mode 100644
index 0000000..ae0d64b
--- /dev/null
+++ b/sandbox/policy/switches.h
@@ -0,0 +1,93 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_SWITCHES_H_
+#define SANDBOX_POLICY_SWITCHES_H_
+
+#include "build/build_config.h"
+#include "sandbox/policy/export.h"
+#include "services/service_manager/embedder/switches.h"
+
+namespace sandbox {
+namespace policy {
+namespace switches {
+
+// Type of sandbox to apply to the process running the service, one of the
+// values in the next block.
+SANDBOX_POLICY_EXPORT extern const char kServiceSandboxType[];
+
+// Must be in sync with "sandbox_type" values as used in service manager's
+// manifest.json catalog files.
+SANDBOX_POLICY_EXPORT extern const char kNoneSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kNoneSandboxAndElevatedPrivileges[];
+SANDBOX_POLICY_EXPORT extern const char kNetworkSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kPpapiSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kUtilitySandbox[];
+SANDBOX_POLICY_EXPORT extern const char kCdmSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kPrintCompositorSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kAudioSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kSharingServiceSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kSpeechRecognitionSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kVideoCaptureSandbox[];
+
+#if defined(OS_WIN)
+SANDBOX_POLICY_EXPORT extern const char kPdfConversionSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kProxyResolverSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kXrCompositingSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kIconReaderSandbox[];
+#endif // OS_WIN
+
+#if defined(OS_CHROMEOS)
+SANDBOX_POLICY_EXPORT extern const char kImeSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kTtsSandbox[];
+#endif // OS_CHROMEOS
+
+// Flags owned by the service manager sandbox.
+SANDBOX_POLICY_EXPORT extern const char kAllowNoSandboxJob[];
+SANDBOX_POLICY_EXPORT extern const char kAllowSandboxDebugging[];
+SANDBOX_POLICY_EXPORT extern const char kDisableGpuSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kDisableNamespaceSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kDisableSeccompFilterSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kDisableSetuidSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kDisableWin32kLockDown[];
+SANDBOX_POLICY_EXPORT extern const char kEnableAudioServiceSandbox[];
+SANDBOX_POLICY_EXPORT extern const char kGpuSandboxAllowSysVShm[];
+SANDBOX_POLICY_EXPORT extern const char kGpuSandboxFailuresFatal[];
+SANDBOX_POLICY_EXPORT extern const char kNoSandbox[];
+#if defined(OS_LINUX)
+SANDBOX_POLICY_EXPORT extern const char kNoZygoteSandbox[];
+#endif
+#if defined(OS_WIN)
+SANDBOX_POLICY_EXPORT extern const char kAllowThirdPartyModules[];
+SANDBOX_POLICY_EXPORT extern const char kAddGpuAppContainerCaps[];
+SANDBOX_POLICY_EXPORT extern const char kNoSandboxAndElevatedPrivileges[];
+SANDBOX_POLICY_EXPORT extern const char kAddXrAppContainerCaps[];
+#endif
+#if defined(OS_MACOSX)
+SANDBOX_POLICY_EXPORT extern const char kEnableSandboxLogging[];
+#endif
+
+// Flags spied upon from other layers.
+SANDBOX_POLICY_EXPORT extern const char kGpuProcess[];
+SANDBOX_POLICY_EXPORT extern const char kNaClBrokerProcess[];
+SANDBOX_POLICY_EXPORT extern const char kNaClLoaderProcess[];
+SANDBOX_POLICY_EXPORT extern const char kPpapiBrokerProcess[];
+SANDBOX_POLICY_EXPORT extern const char kPpapiPluginProcess[];
+SANDBOX_POLICY_EXPORT extern const char kRendererProcess[];
+SANDBOX_POLICY_EXPORT extern const char kUtilityProcess[];
+SANDBOX_POLICY_EXPORT extern const char kCloudPrintServiceProcess[];
+SANDBOX_POLICY_EXPORT extern const char kZygoteProcessType[];
+
+} // namespace switches
+
+#if defined(OS_WIN)
+// Returns whether Win32k lockdown is enabled for child processes or not.
+// Not really a switch, but uses one under the covers.
+SANDBOX_POLICY_EXPORT bool IsWin32kLockdownEnabled();
+#endif
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_SWITCHES_H_
diff --git a/services/service_manager/sandbox/win/OWNERS b/sandbox/policy/win/OWNERS
similarity index 100%
rename from services/service_manager/sandbox/win/OWNERS
rename to sandbox/policy/win/OWNERS
diff --git a/services/service_manager/sandbox/win/sandbox_diagnostics.cc b/sandbox/policy/win/sandbox_diagnostics.cc
similarity index 88%
rename from services/service_manager/sandbox/win/sandbox_diagnostics.cc
rename to sandbox/policy/win/sandbox_diagnostics.cc
index 140a9b1..dc41fa6 100644
--- a/services/service_manager/sandbox/win/sandbox_diagnostics.cc
+++ b/sandbox/policy/win/sandbox_diagnostics.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/win/sandbox_diagnostics.h"
+#include "sandbox/policy/win/sandbox_diagnostics.h"
#include <stddef.h>
@@ -13,14 +13,15 @@
#include "base/json/json_reader.h"
#include "base/values.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
// Runs on a non-sandbox thread to ensure that response callback is not
// invoked from sandbox process and job tracker thread, and that conversion
// work does not block process or job registration. Converts |policies|
// into base::Value form, then invokes |response| on the same sequence.
static void ConvertToValuesAndRespond(
- std::unique_ptr<sandbox::PolicyList> policies,
+ std::unique_ptr<PolicyList> policies,
base::OnceCallback<void(base::Value)> response) {
base::Value policy_values(base::Value::Type::LIST);
for (auto&& item : *policies) {
@@ -52,7 +53,7 @@
// This is called by the sandbox's process and job tracking thread and must
// return quickly.
void ServiceManagerDiagnosticsReceiver::ReceiveDiagnostics(
- std::unique_ptr<sandbox::PolicyList> policies) {
+ std::unique_ptr<PolicyList> policies) {
// Need to run the conversion work on the origin thread.
origin_task_runner_->PostTask(
FROM_HERE, base::BindOnce(&ConvertToValuesAndRespond, std::move(policies),
@@ -61,9 +62,10 @@
// This is called by the sandbox's process and job tracking thread and must
// return quickly so we post to the origin thread.
-void ServiceManagerDiagnosticsReceiver::OnError(sandbox::ResultCode error) {
+void ServiceManagerDiagnosticsReceiver::OnError(ResultCode error) {
origin_task_runner_->PostTask(
FROM_HERE, base::BindOnce(&RespondWithEmptyList, std::move(response_)));
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/services/service_manager/sandbox/win/sandbox_diagnostics.h b/sandbox/policy/win/sandbox_diagnostics.h
similarity index 60%
rename from services/service_manager/sandbox/win/sandbox_diagnostics.h
rename to sandbox/policy/win/sandbox_diagnostics.h
index 1f89e7ee..68b01a9 100644
--- a/services/service_manager/sandbox/win/sandbox_diagnostics.h
+++ b/sandbox/policy/win/sandbox_diagnostics.h
@@ -2,10 +2,10 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_WIN_SANDBOX_DIAGNOSTICS_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_WIN_SANDBOX_DIAGNOSTICS_H_
+#ifndef SANDBOX_POLICY_WIN_SANDBOX_DIAGNOSTICS_H_
+#define SANDBOX_POLICY_WIN_SANDBOX_DIAGNOSTICS_H_
-#include "services/service_manager/sandbox/win/sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include <stddef.h>
@@ -19,11 +19,11 @@
#include "sandbox/constants.h"
#include "sandbox/win/src/sandbox.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
-// Mediates response from sandbox::BrokerServices->GetPolicyDiagnostics.
-class ServiceManagerDiagnosticsReceiver
- : public sandbox::PolicyDiagnosticsReceiver {
+// Mediates response from BrokerServices->GetPolicyDiagnostics.
+class ServiceManagerDiagnosticsReceiver : public PolicyDiagnosticsReceiver {
public:
~ServiceManagerDiagnosticsReceiver() final;
ServiceManagerDiagnosticsReceiver(
@@ -32,17 +32,17 @@
// This is called by the sandbox's process and job tracking thread and must
// return quickly.
- void ReceiveDiagnostics(
- std::unique_ptr<sandbox::PolicyList> policies) override;
+ void ReceiveDiagnostics(std::unique_ptr<PolicyList> policies) override;
// This is called by the sandbox's process and job tracking thread and must
// return quickly.
- void OnError(sandbox::ResultCode error) override;
+ void OnError(ResultCode error) override;
private:
base::OnceCallback<void(base::Value)> response_;
scoped_refptr<base::SequencedTaskRunner> origin_task_runner_;
};
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_WIN_SANDBOX_DIAGNOSTICS_H_
+#endif // SANDBOX_POLICY_WIN_SANDBOX_DIAGNOSTICS_H_
diff --git a/services/service_manager/sandbox/win/sandbox_win.cc b/sandbox/policy/win/sandbox_win.cc
similarity index 77%
rename from services/service_manager/sandbox/win/sandbox_win.cc
rename to sandbox/policy/win/sandbox_win.cc
index fb2664df..2d40cdb 100644
--- a/services/service_manager/sandbox/win/sandbox_win.cc
+++ b/sandbox/policy/win/sandbox_win.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/win/sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include <stddef.h>
@@ -39,6 +39,10 @@
#include "base/win/scoped_handle.h"
#include "base/win/win_util.h"
#include "base/win/windows_version.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
+#include "sandbox/policy/win/sandbox_diagnostics.h"
#include "sandbox/win/src/app_container_profile.h"
#include "sandbox/win/src/job.h"
#include "sandbox/win/src/process_mitigations.h"
@@ -47,15 +51,12 @@
#include "sandbox/win/src/sandbox_policy_base.h"
#include "sandbox/win/src/sandbox_policy_diagnostic.h"
#include "sandbox/win/src/win_utils.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
-#include "services/service_manager/sandbox/win/sandbox_diagnostics.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
-sandbox::BrokerServices* g_broker_services = NULL;
+BrokerServices* g_broker_services = NULL;
HANDLE g_job_object_handle = NULL;
@@ -156,9 +157,9 @@
// chrome.exe and chrome.dll.
class PolicyTraceHelper : public base::trace_event::ConvertableToTraceFormat {
public:
- PolicyTraceHelper(sandbox::TargetPolicy* policy) {
+ PolicyTraceHelper(TargetPolicy* policy) {
// |info| must live until JsonString() output is copied.
- std::unique_ptr<sandbox::PolicyInfo> info = policy->GetPolicyInfo();
+ std::unique_ptr<PolicyInfo> info = policy->GetPolicyInfo();
json_string_ = std::string(info->JsonString());
}
~PolicyTraceHelper() override = default;
@@ -179,8 +180,8 @@
bool AddDirectory(int path,
const wchar_t* sub_dir,
bool children,
- sandbox::TargetPolicy::Semantics access,
- sandbox::TargetPolicy* policy) {
+ TargetPolicy::Semantics access,
+ TargetPolicy* policy) {
base::FilePath directory;
if (!base::PathService::Get(path, &directory))
return false;
@@ -188,10 +189,10 @@
if (sub_dir)
directory = base::MakeAbsoluteFilePath(directory.Append(sub_dir));
- sandbox::ResultCode result;
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access,
+ ResultCode result;
+ result = policy->AddRule(TargetPolicy::SUBSYS_FILES, access,
directory.value().c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return false;
std::wstring directory_str = directory.value() + L"\\";
@@ -199,9 +200,9 @@
directory_str += L"*";
// Otherwise, add the version of the path that ends with a separator.
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access,
+ result = policy->AddRule(TargetPolicy::SUBSYS_FILES, access,
directory_str.c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return false;
return true;
@@ -247,7 +248,7 @@
// is also loaded in this process.
void BlocklistAddOneDll(const wchar_t* module_name,
bool check_in_browser,
- sandbox::TargetPolicy* policy) {
+ TargetPolicy* policy) {
if (check_in_browser) {
HMODULE module = ::GetModuleHandleW(module_name);
if (module) {
@@ -277,7 +278,7 @@
// Adds policy rules for unloaded the known dlls that cause chrome to crash.
// Eviction of injected DLLs is done by the sandbox so that the injected module
// does not get a chance to execute any code.
-void AddGenericDllEvictionPolicy(sandbox::TargetPolicy* policy) {
+void AddGenericDllEvictionPolicy(TargetPolicy* policy) {
for (int ix = 0; ix != base::size(kTroublesomeDlls); ++ix)
BlocklistAddOneDll(kTroublesomeDlls[ix], true, policy);
}
@@ -337,7 +338,7 @@
// TODO(pastarmovj): Even though the number are low, this flag is still
// necessary in some limited set of cases. Remove it once Windows 7 is no
// longer supported together with the rest of the checks in this function.
- return !cmd_line.HasSwitch(service_manager::switches::kAllowNoSandboxJob);
+ return !cmd_line.HasSwitch(switches::kAllowNoSandboxJob);
}
// Allow running without the sandbox in this case. This slightly reduces the
@@ -347,44 +348,44 @@
}
// Adds the generic policy rules to a sandbox TargetPolicy.
-sandbox::ResultCode AddGenericPolicy(sandbox::TargetPolicy* policy) {
- sandbox::ResultCode result;
+ResultCode AddGenericPolicy(sandbox::TargetPolicy* policy) {
+ ResultCode result;
// Add the policy for the client side of a pipe. It is just a file
// in the \pipe\ namespace. We restrict it to pipes that start with
// "chrome." so the sandboxed process cannot connect to system services.
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
- sandbox::TargetPolicy::FILES_ALLOW_ANY,
- L"\\??\\pipe\\chrome.*");
- if (result != sandbox::SBOX_ALL_OK)
+ result =
+ policy->AddRule(TargetPolicy::SUBSYS_FILES, TargetPolicy::FILES_ALLOW_ANY,
+ L"\\??\\pipe\\chrome.*");
+ if (result != SBOX_ALL_OK)
return result;
// Allow the server side of sync sockets, which are pipes that have
// the "chrome.sync" namespace and a randomly generated suffix.
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
- sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
+ result = policy->AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
+ TargetPolicy::NAMEDPIPES_ALLOW_ANY,
L"\\\\.\\pipe\\chrome.sync.*");
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
// Add the policy for debug message only in debug
#ifndef NDEBUG
base::FilePath app_dir;
if (!base::PathService::Get(base::DIR_MODULE, &app_dir))
- return sandbox::SBOX_ERROR_GENERIC;
+ return SBOX_ERROR_GENERIC;
wchar_t long_path_buf[MAX_PATH];
DWORD long_path_return_value =
GetLongPathName(app_dir.value().c_str(), long_path_buf, MAX_PATH);
if (long_path_return_value == 0 || long_path_return_value >= MAX_PATH)
- return sandbox::SBOX_ERROR_NO_SPACE;
+ return SBOX_ERROR_NO_SPACE;
base::FilePath debug_message(long_path_buf);
debug_message = debug_message.AppendASCII("debug_message.exe");
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS,
- sandbox::TargetPolicy::PROCESS_MIN_EXEC,
+ result = policy->AddRule(TargetPolicy::SUBSYS_PROCESS,
+ TargetPolicy::PROCESS_MIN_EXEC,
debug_message.value().c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
#endif // NDEBUG
@@ -392,12 +393,12 @@
#if !defined(OFFICIAL_BUILD)
base::FilePath exe;
if (!base::PathService::Get(base::FILE_EXE, &exe))
- return sandbox::SBOX_ERROR_GENERIC;
+ return SBOX_ERROR_GENERIC;
base::FilePath pdb_path = exe.DirName().Append(L"*.pdb");
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
- sandbox::TargetPolicy::FILES_ALLOW_READONLY,
+ result = policy->AddRule(TargetPolicy::SUBSYS_FILES,
+ TargetPolicy::FILES_ALLOW_READONLY,
pdb_path.value().c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
#endif
@@ -415,56 +416,54 @@
CHECK(coverage_dir.size() == coverage_dir_size);
base::FilePath sancov_path =
base::FilePath(coverage_dir).Append(L"*.sancov");
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
- sandbox::TargetPolicy::FILES_ALLOW_ANY,
+ result = policy->AddRule(TargetPolicy::SUBSYS_FILES,
+ TargetPolicy::FILES_ALLOW_ANY,
sancov_path.value().c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
}
#endif
AddGenericDllEvictionPolicy(policy);
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
-void LogLaunchWarning(sandbox::ResultCode last_warning, DWORD last_error) {
+void LogLaunchWarning(ResultCode last_warning, DWORD last_error) {
base::UmaHistogramSparse("Process.Sandbox.Launch.WarningResultCode",
last_warning);
base::UmaHistogramSparse("Process.Sandbox.Launch.Warning", last_error);
}
-sandbox::ResultCode AddPolicyForSandboxedProcess(
- sandbox::TargetPolicy* policy) {
- sandbox::ResultCode result = sandbox::SBOX_ALL_OK;
+ResultCode AddPolicyForSandboxedProcess(TargetPolicy* policy) {
+ ResultCode result = sandbox::SBOX_ALL_OK;
// Win8+ adds a device DeviceApi that we don't need.
if (base::win::GetVersion() >= base::win::Version::WIN8)
result = policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi");
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
// On 2003/Vista+ the initial token has to be restricted if the main
// token is restricted.
- result = policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
- sandbox::USER_LOCKDOWN);
- if (result != sandbox::SBOX_ALL_OK)
+ result = policy->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN);
+ if (result != SBOX_ALL_OK)
return result;
// Prevents the renderers from manipulating low-integrity processes.
- result = policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
- if (result != sandbox::SBOX_ALL_OK)
+ result = policy->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED);
+ if (result != SBOX_ALL_OK)
return result;
- result = policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
- if (result != sandbox::SBOX_ALL_OK)
+ result = policy->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
+ if (result != SBOX_ALL_OK)
return result;
policy->SetLockdownDefaultDacl();
result = policy->SetAlternateDesktop(true);
- if (result != sandbox::SBOX_ALL_OK) {
+ if (result != SBOX_ALL_OK) {
// We ignore the result of setting the alternate desktop, however log
// a launch warning.
LogLaunchWarning(result, ::GetLastError());
DLOG(WARNING) << "Failed to apply desktop security to the renderer";
- result = sandbox::SBOX_ALL_OK;
+ result = SBOX_ALL_OK;
}
return result;
@@ -582,17 +581,16 @@
{"RendererAppContainer", base::FEATURE_DISABLED_BY_DEFAULT});
}
-sandbox::ResultCode SetJobMemoryLimit(const base::CommandLine& cmd_line,
- sandbox::TargetPolicy* policy) {
- DCHECK_NE(policy->GetJobLevel(), sandbox::JOB_NONE);
+ResultCode SetJobMemoryLimit(const base::CommandLine& cmd_line,
+ TargetPolicy* policy) {
+ DCHECK_NE(policy->GetJobLevel(), JOB_NONE);
#ifdef _WIN64
- size_t memory_limit = static_cast<size_t>(sandbox::kDataSizeLimit);
+ size_t memory_limit = static_cast<size_t>(kDataSizeLimit);
// Note that this command line flag hasn't been fetched by all
// callers of SetJobLevel, only those in this file.
- SandboxType sandbox_type =
- service_manager::SandboxTypeFromCommandLine(cmd_line);
+ SandboxType sandbox_type = SandboxTypeFromCommandLine(cmd_line);
if (sandbox_type == SandboxType::kGpu ||
sandbox_type == SandboxType::kRenderer) {
int64_t GB = 1024 * 1024 * 1024;
@@ -614,16 +612,15 @@
}
return policy->SetJobMemoryLimit(memory_limit);
#else
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
#endif
}
// Generate a unique sandbox AC profile for the appcontainer based on the SHA1
// hash of the appcontainer_id. This does not need to be secure so using SHA1
// isn't a security concern.
-base::string16 GetAppContainerProfileName(
- const std::string& appcontainer_id,
- service_manager::SandboxType sandbox_type) {
+base::string16 GetAppContainerProfileName(const std::string& appcontainer_id,
+ SandboxType sandbox_type) {
DCHECK(sandbox_type == SandboxType::kGpu ||
sandbox_type == SandboxType::kXrCompositing);
auto sha1 = base::SHA1HashString(appcontainer_id);
@@ -640,19 +637,18 @@
return base::UTF8ToWide(profile_name);
}
-sandbox::ResultCode SetupAppContainerProfile(
- sandbox::AppContainerProfile* profile,
- const base::CommandLine& command_line,
- service_manager::SandboxType sandbox_type) {
+ResultCode SetupAppContainerProfile(AppContainerProfile* profile,
+ const base::CommandLine& command_line,
+ SandboxType sandbox_type) {
if (sandbox_type != SandboxType::kGpu &&
sandbox_type != SandboxType::kXrCompositing)
- return sandbox::SBOX_ERROR_UNSUPPORTED;
+ return SBOX_ERROR_UNSUPPORTED;
if (sandbox_type == SandboxType::kGpu &&
!profile->AddImpersonationCapability(L"chromeInstallFiles")) {
DLOG(ERROR) << "AppContainerProfile::AddImpersonationCapability("
"chromeInstallFiles) failed";
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
}
if ((sandbox_type == SandboxType::kXrCompositing ||
@@ -660,32 +656,31 @@
!profile->AddCapability(L"lpacPnpNotifications")) {
DLOG(ERROR)
<< "AppContainerProfile::AddCapability(lpacPnpNotifications) failed";
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
}
if (sandbox_type == SandboxType::kXrCompositing &&
!profile->AddCapability(L"chromeInstallFiles")) {
DLOG(ERROR)
<< "AppContainerProfile::AddCapability(chromeInstallFiles) failed";
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
}
std::vector<base::string16> base_caps = {
- L"lpacChromeInstallFiles", L"registryRead",
+ L"lpacChromeInstallFiles",
+ L"registryRead",
};
if (sandbox_type == SandboxType::kGpu) {
auto cmdline_caps = base::SplitString(
- command_line.GetSwitchValueNative(
- service_manager::switches::kAddGpuAppContainerCaps),
+ command_line.GetSwitchValueNative(switches::kAddGpuAppContainerCaps),
L",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
base_caps.insert(base_caps.end(), cmdline_caps.begin(), cmdline_caps.end());
}
if (sandbox_type == SandboxType::kXrCompositing) {
auto cmdline_caps = base::SplitString(
- command_line.GetSwitchValueNative(
- service_manager::switches::kAddXrAppContainerCaps),
+ command_line.GetSwitchValueNative(switches::kAddXrAppContainerCaps),
L",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
base_caps.insert(base_caps.end(), cmdline_caps.begin(), cmdline_caps.end());
}
@@ -693,31 +688,31 @@
for (const auto& cap : base_caps) {
if (!profile->AddCapability(cap.c_str())) {
DLOG(ERROR) << "AppContainerProfile::AddCapability() failed";
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_CAPABILITY;
}
}
// Enable LPAC for GPU process, but not for XRCompositor service.
if (sandbox_type == SandboxType::kGpu &&
- base::FeatureList::IsEnabled(service_manager::features::kGpuLPAC)) {
+ base::FeatureList::IsEnabled(features::kGpuLPAC)) {
profile->SetEnableLowPrivilegeAppContainer(true);
}
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
} // namespace
// static
-sandbox::ResultCode SandboxWin::SetJobLevel(const base::CommandLine& cmd_line,
- sandbox::JobLevel job_level,
- uint32_t ui_exceptions,
- sandbox::TargetPolicy* policy) {
+ResultCode SandboxWin::SetJobLevel(const base::CommandLine& cmd_line,
+ JobLevel job_level,
+ uint32_t ui_exceptions,
+ TargetPolicy* policy) {
if (!ShouldSetJobLevel(cmd_line))
- return policy->SetJobLevel(sandbox::JOB_NONE, 0);
+ return policy->SetJobLevel(JOB_NONE, 0);
- sandbox::ResultCode ret = policy->SetJobLevel(job_level, ui_exceptions);
- if (ret != sandbox::SBOX_ALL_OK)
+ ResultCode ret = policy->SetJobLevel(job_level, ui_exceptions);
+ if (ret != SBOX_ALL_OK)
return ret;
return SetJobMemoryLimit(cmd_line, policy);
@@ -726,12 +721,11 @@
// TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
// Just have to figure out what needs to be warmed up first.
// static
-sandbox::ResultCode SandboxWin::AddBaseHandleClosePolicy(
- sandbox::TargetPolicy* policy) {
+ResultCode SandboxWin::AddBaseHandleClosePolicy(TargetPolicy* policy) {
if (base::FeatureList::IsEnabled(kEnableCsrssLockdownFeature)) {
// Close all ALPC ports.
- sandbox::ResultCode ret = policy->SetDisconnectCsrss();
- if (ret != sandbox::SBOX_ALL_OK) {
+ ResultCode ret = policy->SetDisconnectCsrss();
+ if (ret != SBOX_ALL_OK) {
return ret;
}
}
@@ -743,66 +737,62 @@
}
// static
-sandbox::ResultCode SandboxWin::AddAppContainerPolicy(
- sandbox::TargetPolicy* policy,
- const wchar_t* sid) {
+ResultCode SandboxWin::AddAppContainerPolicy(TargetPolicy* policy,
+ const wchar_t* sid) {
if (IsAppContainerEnabled())
return policy->SetLowBox(sid);
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
// static
-sandbox::ResultCode SandboxWin::AddWin32kLockdownPolicy(
- sandbox::TargetPolicy* policy,
- bool enable_opm) {
+ResultCode SandboxWin::AddWin32kLockdownPolicy(TargetPolicy* policy,
+ bool enable_opm) {
#if !defined(NACL_WIN64)
- if (!service_manager::IsWin32kLockdownEnabled())
- return sandbox::SBOX_ALL_OK;
+ if (!IsWin32kLockdownEnabled())
+ return SBOX_ALL_OK;
- sandbox::MitigationFlags flags = policy->GetProcessMitigations();
+ MitigationFlags flags = policy->GetProcessMitigations();
// Check not enabling twice. Should not happen.
- DCHECK_EQ(0U, flags & sandbox::MITIGATION_WIN32K_DISABLE);
+ DCHECK_EQ(0U, flags & MITIGATION_WIN32K_DISABLE);
- flags |= sandbox::MITIGATION_WIN32K_DISABLE;
- sandbox::ResultCode result = policy->SetProcessMitigations(flags);
- if (result != sandbox::SBOX_ALL_OK)
+ flags |= MITIGATION_WIN32K_DISABLE;
+ ResultCode result = policy->SetProcessMitigations(flags);
+ if (result != SBOX_ALL_OK)
return result;
- result =
- policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
- enable_opm ? sandbox::TargetPolicy::IMPLEMENT_OPM_APIS
- : sandbox::TargetPolicy::FAKE_USER_GDI_INIT,
- nullptr);
- if (result != sandbox::SBOX_ALL_OK)
+ result = policy->AddRule(TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
+ enable_opm ? TargetPolicy::IMPLEMENT_OPM_APIS
+ : TargetPolicy::FAKE_USER_GDI_INIT,
+ nullptr);
+ if (result != SBOX_ALL_OK)
return result;
if (enable_opm)
policy->SetEnableOPMRedirection();
return result;
#else
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
#endif
}
// static
-sandbox::ResultCode SandboxWin::AddAppContainerProfileToPolicy(
+ResultCode SandboxWin::AddAppContainerProfileToPolicy(
const base::CommandLine& command_line,
- service_manager::SandboxType sandbox_type,
+ SandboxType sandbox_type,
const std::string& appcontainer_id,
- sandbox::TargetPolicy* policy) {
+ TargetPolicy* policy) {
if (base::win::GetVersion() < base::win::Version::WIN10_RS1)
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
base::string16 profile_name =
GetAppContainerProfileName(appcontainer_id, sandbox_type);
- sandbox::ResultCode result =
+ ResultCode result =
policy->AddAppContainerProfile(profile_name.c_str(), true);
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
- scoped_refptr<sandbox::AppContainerProfile> profile =
- policy->GetAppContainerProfile();
+ scoped_refptr<AppContainerProfile> profile = policy->GetAppContainerProfile();
result = SetupAppContainerProfile(profile.get(), command_line, sandbox_type);
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
DWORD granted_access;
@@ -813,9 +803,9 @@
&granted_access, &granted_access_status) &&
granted_access_status;
if (!access_check)
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_ACCESS_CHECK;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_ACCESS_CHECK;
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
// static
@@ -826,17 +816,16 @@
return false;
if (base::win::GetVersion() < base::win::Version::WIN10_RS1)
return false;
- return base::FeatureList::IsEnabled(
- service_manager::features::kGpuAppContainer);
+ return base::FeatureList::IsEnabled(features::kGpuAppContainer);
}
// static
-bool SandboxWin::InitBrokerServices(sandbox::BrokerServices* broker_services) {
+bool SandboxWin::InitBrokerServices(BrokerServices* broker_services) {
// TODO(abarth): DCHECK(CalledOnValidThread());
// See <http://b/1287166>.
DCHECK(broker_services);
DCHECK(!g_broker_services);
- sandbox::ResultCode result = broker_services->Init();
+ ResultCode result = broker_services->Init();
g_broker_services = broker_services;
// In non-official builds warn about dangerous uses of DuplicateHandle. This
@@ -865,38 +854,36 @@
}
#endif
- return sandbox::SBOX_ALL_OK == result;
+ return SBOX_ALL_OK == result;
}
// static
-bool SandboxWin::InitTargetServices(sandbox::TargetServices* target_services) {
+bool SandboxWin::InitTargetServices(TargetServices* target_services) {
DCHECK(target_services);
- sandbox::ResultCode result = target_services->Init();
- return sandbox::SBOX_ALL_OK == result;
+ ResultCode result = target_services->Init();
+ return SBOX_ALL_OK == result;
}
// static
-sandbox::ResultCode SandboxWin::StartSandboxedProcess(
+ResultCode SandboxWin::StartSandboxedProcess(
base::CommandLine* cmd_line,
const std::string& process_type,
const base::HandlesToInheritVector& handles_to_inherit,
- service_manager::SandboxDelegate* delegate,
+ SandboxDelegate* delegate,
base::Process* process) {
const base::CommandLine& launcher_process_command_line =
*base::CommandLine::ForCurrentProcess();
// Propagate the --allow-no-job flag if present.
- if (launcher_process_command_line.HasSwitch(
- service_manager::switches::kAllowNoSandboxJob) &&
- !cmd_line->HasSwitch(service_manager::switches::kAllowNoSandboxJob)) {
- cmd_line->AppendSwitch(service_manager::switches::kAllowNoSandboxJob);
+ if (launcher_process_command_line.HasSwitch(switches::kAllowNoSandboxJob) &&
+ !cmd_line->HasSwitch(switches::kAllowNoSandboxJob)) {
+ cmd_line->AppendSwitch(switches::kAllowNoSandboxJob);
}
- service_manager::SandboxType sandbox_type = delegate->GetSandboxType();
- if (service_manager::IsUnsandboxedSandboxType(sandbox_type) ||
- cmd_line->HasSwitch(service_manager::switches::kNoSandbox) ||
- launcher_process_command_line.HasSwitch(
- service_manager::switches::kNoSandbox)) {
+ SandboxType sandbox_type = delegate->GetSandboxType();
+ if (IsUnsandboxedSandboxType(sandbox_type) ||
+ cmd_line->HasSwitch(switches::kNoSandbox) ||
+ launcher_process_command_line.HasSwitch(switches::kNoSandbox)) {
base::LaunchOptions options;
options.handles_to_inherit = handles_to_inherit;
BOOL in_job = true;
@@ -910,80 +897,78 @@
// process shutdown, in which case TerminateProcess would fail.
// https://crbug.com/820996
if (!g_job_object_handle) {
- sandbox::Job job_obj;
- DWORD result = job_obj.Init(sandbox::JOB_UNPROTECTED, nullptr, 0, 0);
+ Job job_obj;
+ DWORD result = job_obj.Init(JOB_UNPROTECTED, nullptr, 0, 0);
if (result != ERROR_SUCCESS)
- return sandbox::SBOX_ERROR_CANNOT_INIT_JOB;
+ return SBOX_ERROR_CANNOT_INIT_JOB;
g_job_object_handle = job_obj.Take().Take();
}
options.job_handle = g_job_object_handle;
}
*process = base::LaunchProcess(*cmd_line, options);
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
- scoped_refptr<sandbox::TargetPolicy> policy =
- g_broker_services->CreatePolicy();
+ scoped_refptr<TargetPolicy> policy = g_broker_services->CreatePolicy();
// Add any handles to be inherited to the policy.
for (HANDLE handle : handles_to_inherit)
policy->AddHandleToShare(handle);
// Pre-startup mitigations.
- sandbox::MitigationFlags mitigations =
- sandbox::MITIGATION_HEAP_TERMINATE |
- sandbox::MITIGATION_BOTTOM_UP_ASLR |
- sandbox::MITIGATION_DEP |
- sandbox::MITIGATION_DEP_NO_ATL_THUNK |
- sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
- sandbox::MITIGATION_SEHOP |
- sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
- sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
- sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
- sandbox::MITIGATION_RESTRICT_INDIRECT_BRANCH_PREDICTION;
+ MitigationFlags mitigations =
+ MITIGATION_HEAP_TERMINATE |
+ MITIGATION_BOTTOM_UP_ASLR |
+ MITIGATION_DEP |
+ MITIGATION_DEP_NO_ATL_THUNK |
+ MITIGATION_EXTENSION_POINT_DISABLE |
+ MITIGATION_SEHOP |
+ MITIGATION_NONSYSTEM_FONT_DISABLE |
+ MITIGATION_IMAGE_LOAD_NO_REMOTE |
+ MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
+ MITIGATION_RESTRICT_INDIRECT_BRANCH_PREDICTION;
- sandbox::ResultCode result = policy->SetProcessMitigations(mitigations);
- if (result != sandbox::SBOX_ALL_OK)
+ ResultCode result = policy->SetProcessMitigations(mitigations);
+ if (result != SBOX_ALL_OK)
return result;
#if !defined(NACL_WIN64)
- if (process_type == service_manager::switches::kRendererProcess &&
- service_manager::IsWin32kLockdownEnabled()) {
+ if (process_type == switches::kRendererProcess && IsWin32kLockdownEnabled()) {
result = SandboxWin::AddWin32kLockdownPolicy(policy.get(), false);
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
}
#endif
// Post-startup mitigations.
- mitigations = sandbox::MITIGATION_DLL_SEARCH_ORDER;
+ mitigations = MITIGATION_DLL_SEARCH_ORDER;
if (!cmd_line->HasSwitch(switches::kAllowThirdPartyModules))
- mitigations |= sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;
+ mitigations |= MITIGATION_FORCE_MS_SIGNED_BINS;
if (sandbox_type == SandboxType::kNetwork ||
sandbox_type == SandboxType::kAudio ||
sandbox_type == SandboxType::kIconReader) {
- mitigations |= sandbox::MITIGATION_DYNAMIC_CODE_DISABLE;
+ mitigations |= MITIGATION_DYNAMIC_CODE_DISABLE;
}
// TODO(wfh): Relax strict handle checks for network process until root cause
// for this crash can be resolved. See https://crbug.com/939590.
if (sandbox_type != SandboxType::kNetwork)
- mitigations |= sandbox::MITIGATION_STRICT_HANDLE_CHECKS;
+ mitigations |= MITIGATION_STRICT_HANDLE_CHECKS;
result = policy->SetDelayedProcessMitigations(mitigations);
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
- result = SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy.get());
- if (result != sandbox::SBOX_ALL_OK)
+ result = SetJobLevel(*cmd_line, JOB_LOCKDOWN, 0, policy.get());
+ if (result != SBOX_ALL_OK)
return result;
if (!delegate->DisableDefaultPolicy()) {
result = AddPolicyForSandboxedProcess(policy.get());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
}
- if (process_type == service_manager::switches::kGpuProcess &&
+ if (process_type == switches::kGpuProcess &&
base::FeatureList::IsEnabled(
{"GpuLockdownDefaultDacl", base::FEATURE_ENABLED_BY_DEFAULT})) {
policy->SetLockdownDefaultDacl();
@@ -991,16 +976,16 @@
}
#if !defined(NACL_WIN64)
- if (process_type == service_manager::switches::kRendererProcess ||
- process_type == service_manager::switches::kPpapiPluginProcess ||
+ if (process_type == switches::kRendererProcess ||
+ process_type == switches::kPpapiPluginProcess ||
sandbox_type == SandboxType::kPrintCompositor) {
AddDirectory(base::DIR_WINDOWS_FONTS, NULL, true,
- sandbox::TargetPolicy::FILES_ALLOW_READONLY, policy.get());
+ TargetPolicy::FILES_ALLOW_READONLY, policy.get());
}
#endif
result = AddGenericPolicy(policy.get());
- if (result != sandbox::SBOX_ALL_OK) {
+ if (result != SBOX_ALL_OK) {
NOTREACHED();
return result;
}
@@ -1010,21 +995,21 @@
delegate->GetAppContainerId(&appcontainer_id)) {
result = AddAppContainerProfileToPolicy(*cmd_line, sandbox_type,
appcontainer_id, policy.get());
- DCHECK(result == sandbox::SBOX_ALL_OK);
- if (result != sandbox::SBOX_ALL_OK)
+ DCHECK(result == SBOX_ALL_OK);
+ if (result != SBOX_ALL_OK)
return result;
}
// Allow the renderer, gpu and utility processes to access the log file.
- if (process_type == service_manager::switches::kRendererProcess ||
- process_type == service_manager::switches::kGpuProcess ||
- process_type == service_manager::switches::kUtilityProcess) {
+ if (process_type == switches::kRendererProcess ||
+ process_type == switches::kGpuProcess ||
+ process_type == switches::kUtilityProcess) {
if (logging::IsLoggingToFileEnabled()) {
DCHECK(base::FilePath(logging::GetLogFileFullPath()).IsAbsolute());
- result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
- sandbox::TargetPolicy::FILES_ALLOW_ANY,
+ result = policy->AddRule(TargetPolicy::SUBSYS_FILES,
+ TargetPolicy::FILES_ALLOW_ANY,
logging::GetLogFileFullPath().c_str());
- if (result != sandbox::SBOX_ALL_OK)
+ if (result != SBOX_ALL_OK)
return result;
}
}
@@ -1037,12 +1022,12 @@
#endif
if (!delegate->PreSpawnTarget(policy.get()))
- return sandbox::SBOX_ERROR_DELEGATE_PRE_SPAWN;
+ return SBOX_ERROR_DELEGATE_PRE_SPAWN;
TRACE_EVENT_BEGIN0("startup", "StartProcessWithAccess::LAUNCHPROCESS");
PROCESS_INFORMATION temp_process_info = {};
- sandbox::ResultCode last_warning = sandbox::SBOX_ALL_OK;
+ ResultCode last_warning = sandbox::SBOX_ALL_OK;
DWORD last_error = ERROR_SUCCESS;
result = g_broker_services->SpawnTarget(
cmd_line->GetProgram().value().c_str(),
@@ -1060,9 +1045,9 @@
"policy",
std::make_unique<PolicyTraceHelper>(policy.get()));
- if (sandbox::SBOX_ALL_OK != result) {
+ if (SBOX_ALL_OK != result) {
base::UmaHistogramSparse("Process.Sandbox.Launch.Error", last_error);
- if (result == sandbox::SBOX_ERROR_GENERIC)
+ if (result == SBOX_ERROR_GENERIC)
DPLOG(ERROR) << "Failed to launch process";
else
DLOG(ERROR) << "Failed to launch process. Error: " << result;
@@ -1076,18 +1061,18 @@
cmd_line->GetCommandLineString());
}
- if (sandbox::SBOX_ALL_OK != last_warning)
+ if (SBOX_ALL_OK != last_warning)
LogLaunchWarning(last_warning, last_error);
delegate->PostSpawnTarget(target.process_handle());
CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1));
*process = base::Process(target.TakeProcessHandle());
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
// static
-sandbox::ResultCode SandboxWin::GetPolicyDiagnostics(
+ResultCode SandboxWin::GetPolicyDiagnostics(
base::OnceCallback<void(base::Value)> response) {
CHECK(g_broker_services);
CHECK(!response.is_null());
@@ -1098,7 +1083,7 @@
void BlocklistAddOneDllForTesting(const wchar_t* module_name,
bool check_in_browser,
- sandbox::TargetPolicy* policy) {
+ TargetPolicy* policy) {
BlocklistAddOneDll(module_name, check_in_browser, policy);
}
@@ -1142,4 +1127,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/policy/win/sandbox_win.h b/sandbox/policy/win/sandbox_win.h
new file mode 100644
index 0000000..d4cd7a03
--- /dev/null
+++ b/sandbox/policy/win/sandbox_win.h
@@ -0,0 +1,101 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_POLICY_WIN_SANDBOX_WIN_H_
+#define SANDBOX_POLICY_WIN_SANDBOX_WIN_H_
+
+#include <stdint.h>
+
+#include <string>
+
+#include "base/bind.h"
+#include "base/callback_forward.h"
+#include "base/process/launch.h"
+#include "base/process/process_handle.h"
+#include "sandbox/policy/export.h"
+#include "sandbox/policy/sandbox_delegate.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/win/src/sandbox_types.h"
+#include "sandbox/win/src/security_level.h"
+
+namespace base {
+class CommandLine;
+class Value;
+} // namespace base
+
+namespace sandbox {
+class BrokerServices;
+class TargetPolicy;
+class TargetServices;
+} // namespace sandbox
+
+namespace sandbox {
+namespace policy {
+
+class SANDBOX_POLICY_EXPORT SandboxWin {
+ public:
+ static ResultCode StartSandboxedProcess(
+ base::CommandLine* cmd_line,
+ const std::string& process_type,
+ const base::HandlesToInheritVector& handles_to_inherit,
+ SandboxDelegate* delegate,
+ base::Process* process);
+
+ // Wrapper around TargetPolicy::SetJobLevel that checks if the
+ // sandbox should be let to run without a job object assigned.
+ static ResultCode SetJobLevel(const base::CommandLine& cmd_line,
+ JobLevel job_level,
+ uint32_t ui_exceptions,
+ TargetPolicy* policy);
+
+ // Closes handles that are opened at process creation and initialization.
+ static ResultCode AddBaseHandleClosePolicy(TargetPolicy* policy);
+
+ // Add AppContainer policy for |sid| on supported OS.
+ static ResultCode AddAppContainerPolicy(TargetPolicy* policy,
+ const wchar_t* sid);
+
+ // Add the win32k lockdown policy on supported OS.
+ static ResultCode AddWin32kLockdownPolicy(TargetPolicy* policy,
+ bool enable_opm);
+
+ // Add the AppContainer sandbox profile to the policy. |sandbox_type|
+ // determines what policy is enabled. |appcontainer_id| is used to create
+ // a unique package SID, it can be anything the caller wants.
+ static ResultCode AddAppContainerProfileToPolicy(
+ const base::CommandLine& command_line,
+ SandboxType sandbox_type,
+ const std::string& appcontainer_id,
+ TargetPolicy* policy);
+
+ // Returns whether the AppContainer sandbox is enabled or not for a specific
+ // sandbox type from |command_line| and |sandbox_type|.
+ static bool IsAppContainerEnabledForSandbox(
+ const base::CommandLine& command_line,
+ SandboxType sandbox_type);
+
+ static bool InitBrokerServices(BrokerServices* broker_services);
+ static bool InitTargetServices(TargetServices* target_services);
+
+ // Report diagnostic information about policies applied to sandboxed
+ // processes. This is a snapshot and may describe processes which
+ // have subsequently finished. This can be invoked on any sequence and posts
+ // to |response| to the origin sequence on completion. |response|
+ // will be an empty value if an error is encountered.
+ static ResultCode GetPolicyDiagnostics(
+ base::OnceCallback<void(base::Value)> response);
+
+ // Provides a friendly name for the sandbox for chrome://sandbox and tracing.
+ static std::string GetSandboxTypeInEnglish(SandboxType sandbox_type);
+};
+
+SANDBOX_POLICY_EXPORT
+void BlocklistAddOneDllForTesting(const wchar_t* module_name,
+ bool check_in_browser,
+ TargetPolicy* policy);
+
+} // namespace policy
+} // namespace sandbox
+
+#endif // SANDBOX_POLICY_WIN_SANDBOX_WIN_H_
diff --git a/services/service_manager/tests/sandbox/sandbox_win_unittest.cc b/sandbox/policy/win/sandbox_win_unittest.cc
similarity index 62%
rename from services/service_manager/tests/sandbox/sandbox_win_unittest.cc
rename to sandbox/policy/win/sandbox_win_unittest.cc
index b66ca4cb..0af60795a 100644
--- a/services/service_manager/tests/sandbox/sandbox_win_unittest.cc
+++ b/sandbox/policy/win/sandbox_win_unittest.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "services/service_manager/sandbox/win/sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include <algorithm>
#include <vector>
@@ -23,16 +23,17 @@
#include "base/test/scoped_feature_list.h"
#include "base/win/windows_version.h"
#include "build/build_config.h"
+#include "sandbox/policy/features.h"
+#include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/switches.h"
#include "sandbox/win/src/app_container_profile_base.h"
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/sandbox_policy_diagnostic.h"
#include "sandbox/win/src/sid.h"
-#include "services/service_manager/sandbox/features.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-#include "services/service_manager/sandbox/switches.h"
#include "testing/gtest/include/gtest/gtest.h"
-namespace service_manager {
+namespace sandbox {
+namespace policy {
namespace {
@@ -46,90 +47,68 @@
constexpr wchar_t kRegistryRead[] = L"registryRead";
constexpr wchar_t klpacPnpNotifications[] = L"lpacPnpNotifications";
-class TestTargetPolicy : public sandbox::TargetPolicy {
+class TestTargetPolicy : public TargetPolicy {
public:
void AddRef() override {}
void Release() override {}
- sandbox::ResultCode SetTokenLevel(sandbox::TokenLevel initial,
- sandbox::TokenLevel lockdown) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode SetTokenLevel(sandbox::TokenLevel initial,
+ TokenLevel lockdown) override {
+ return SBOX_ALL_OK;
}
- sandbox::TokenLevel GetInitialTokenLevel() const override {
- return sandbox::TokenLevel{};
+ TokenLevel GetInitialTokenLevel() const override { return TokenLevel{}; }
+ TokenLevel GetLockdownTokenLevel() const override { return TokenLevel{}; }
+ ResultCode SetJobLevel(sandbox::JobLevel job_level,
+ uint32_t ui_exceptions) override {
+ return SBOX_ALL_OK;
}
- sandbox::TokenLevel GetLockdownTokenLevel() const override {
- return sandbox::TokenLevel{};
+ JobLevel GetJobLevel() const override { return sandbox::JobLevel{}; }
+ ResultCode SetJobMemoryLimit(size_t memory_limit) override {
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode SetJobLevel(sandbox::JobLevel job_level,
- uint32_t ui_exceptions) override {
- return sandbox::SBOX_ALL_OK;
- }
- sandbox::JobLevel GetJobLevel() const override { return sandbox::JobLevel{}; }
- sandbox::ResultCode SetJobMemoryLimit(size_t memory_limit) override {
- return sandbox::SBOX_ALL_OK;
- }
- sandbox::ResultCode SetAlternateDesktop(bool alternate_winstation) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode SetAlternateDesktop(bool alternate_winstation) override {
+ return SBOX_ALL_OK;
}
base::string16 GetAlternateDesktop() const override {
return base::string16();
}
- sandbox::ResultCode CreateAlternateDesktop(
- bool alternate_winstation) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode CreateAlternateDesktop(bool alternate_winstation) override {
+ return SBOX_ALL_OK;
}
void DestroyAlternateDesktop() override {}
- sandbox::ResultCode SetIntegrityLevel(
- sandbox::IntegrityLevel level) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode SetIntegrityLevel(IntegrityLevel level) override {
+ return SBOX_ALL_OK;
}
- sandbox::IntegrityLevel GetIntegrityLevel() const override {
- return sandbox::IntegrityLevel{};
+ IntegrityLevel GetIntegrityLevel() const override { return IntegrityLevel{}; }
+ ResultCode SetDelayedIntegrityLevel(IntegrityLevel level) override {
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode SetDelayedIntegrityLevel(
- sandbox::IntegrityLevel level) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode SetLowBox(const wchar_t* sid) override { return SBOX_ALL_OK; }
+ ResultCode SetProcessMitigations(MitigationFlags flags) override {
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode SetLowBox(const wchar_t* sid) override {
- return sandbox::SBOX_ALL_OK;
+ MitigationFlags GetProcessMitigations() override { return MitigationFlags{}; }
+ ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override {
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode SetProcessMitigations(
- sandbox::MitigationFlags flags) override {
- return sandbox::SBOX_ALL_OK;
+ MitigationFlags GetDelayedProcessMitigations() const override {
+ return MitigationFlags{};
}
- sandbox::MitigationFlags GetProcessMitigations() override {
- return sandbox::MitigationFlags{};
- }
- sandbox::ResultCode SetDelayedProcessMitigations(
- sandbox::MitigationFlags flags) override {
- return sandbox::SBOX_ALL_OK;
- }
- sandbox::MitigationFlags GetDelayedProcessMitigations() const override {
- return sandbox::MitigationFlags{};
- }
- sandbox::ResultCode SetDisconnectCsrss() override {
- return sandbox::SBOX_ALL_OK;
- }
+ ResultCode SetDisconnectCsrss() override { return SBOX_ALL_OK; }
void SetStrictInterceptions() override {}
- sandbox::ResultCode SetStdoutHandle(HANDLE handle) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode SetStdoutHandle(HANDLE handle) override { return SBOX_ALL_OK; }
+ ResultCode SetStderrHandle(HANDLE handle) override { return SBOX_ALL_OK; }
+ ResultCode AddRule(SubSystem subsystem,
+ Semantics semantics,
+ const wchar_t* pattern) override {
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode SetStderrHandle(HANDLE handle) override {
- return sandbox::SBOX_ALL_OK;
- }
- sandbox::ResultCode AddRule(SubSystem subsystem,
- Semantics semantics,
- const wchar_t* pattern) override {
- return sandbox::SBOX_ALL_OK;
- }
- sandbox::ResultCode AddDllToUnload(const wchar_t* dll_name) override {
+ ResultCode AddDllToUnload(const wchar_t* dll_name) override {
blocklisted_dlls_.push_back(dll_name);
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ALL_OK;
}
- sandbox::ResultCode AddKernelObjectToClose(
- const wchar_t* handle_type,
- const wchar_t* handle_name) override {
- return sandbox::SBOX_ALL_OK;
+ ResultCode AddKernelObjectToClose(const wchar_t* handle_type,
+ const wchar_t* handle_name) override {
+ return SBOX_ALL_OK;
}
void AddHandleToShare(HANDLE handle) override {}
void SetLockdownDefaultDacl() override {}
@@ -137,26 +116,24 @@
void SetEnableOPMRedirection() override {}
bool GetEnableOPMRedirection() override { return false; }
- sandbox::ResultCode AddAppContainerProfile(const wchar_t* package_name,
- bool create_profile) override {
+ ResultCode AddAppContainerProfile(const wchar_t* package_name,
+ bool create_profile) override {
if (create_profile) {
- app_container_profile_ = sandbox::AppContainerProfileBase::Create(
- package_name, L"Sandbox", L"Sandbox");
- } else {
app_container_profile_ =
- sandbox::AppContainerProfileBase::Open(package_name);
+ AppContainerProfileBase::Create(package_name, L"Sandbox", L"Sandbox");
+ } else {
+ app_container_profile_ = AppContainerProfileBase::Open(package_name);
}
if (!app_container_profile_)
- return sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE;
- return sandbox::SBOX_ALL_OK;
+ return SBOX_ERROR_CREATE_APPCONTAINER_PROFILE;
+ return SBOX_ALL_OK;
}
- scoped_refptr<sandbox::AppContainerProfile> GetAppContainerProfile()
- override {
+ scoped_refptr<AppContainerProfile> GetAppContainerProfile() override {
return app_container_profile_;
}
- scoped_refptr<sandbox::AppContainerProfileBase> GetAppContainerProfileBase() {
+ scoped_refptr<AppContainerProfileBase> GetAppContainerProfileBase() {
return app_container_profile_;
}
@@ -166,20 +143,20 @@
return blocklisted_dlls_;
}
- std::unique_ptr<sandbox::PolicyInfo> GetPolicyInfo() override {
- return std::unique_ptr<sandbox::PolicyDiagnostic>();
+ std::unique_ptr<PolicyInfo> GetPolicyInfo() override {
+ return std::unique_ptr<PolicyDiagnostic>();
}
private:
std::vector<std::wstring> blocklisted_dlls_;
- scoped_refptr<sandbox::AppContainerProfileBase> app_container_profile_;
+ scoped_refptr<AppContainerProfileBase> app_container_profile_;
};
-std::vector<sandbox::Sid> GetCapabilitySids(
+std::vector<Sid> GetCapabilitySids(
const std::initializer_list<base::string16>& capabilities) {
- std::vector<sandbox::Sid> sids;
+ std::vector<Sid> sids;
for (const auto& capability : capabilities) {
- sids.emplace_back(sandbox::Sid::FromNamedCapability(capability.c_str()));
+ sids.emplace_back(Sid::FromNamedCapability(capability.c_str()));
}
return sids;
}
@@ -214,8 +191,7 @@
return !!result;
}
-void EqualSidList(const std::vector<sandbox::Sid>& left,
- const std::vector<sandbox::Sid>& right) {
+void EqualSidList(const std::vector<Sid>& left, const std::vector<Sid>& right) {
EXPECT_EQ(left.size(), right.size());
auto result = std::mismatch(left.cbegin(), left.cend(), right.cbegin(),
[](const auto& left_sid, const auto& right_sid) {
@@ -226,7 +202,7 @@
}
void CheckCapabilities(
- sandbox::AppContainerProfileBase* profile,
+ AppContainerProfileBase* profile,
const std::initializer_list<base::string16>& additional_capabilities) {
auto additional_caps = GetCapabilitySids(additional_capabilities);
auto impersonation_caps =
@@ -260,11 +236,11 @@
command_line->SetProgram(path);
}
- sandbox::ResultCode CreateAppContainerProfile(
+ ResultCode CreateAppContainerProfile(
const base::CommandLine& base_command_line,
bool access_check_fail,
- service_manager::SandboxType sandbox_type,
- scoped_refptr<sandbox::AppContainerProfileBase>* profile) {
+ SandboxType sandbox_type,
+ scoped_refptr<AppContainerProfileBase>* profile) {
base::FilePath path;
base::CommandLine command_line(base_command_line);
@@ -276,10 +252,9 @@
}
TestTargetPolicy policy;
- sandbox::ResultCode result =
- service_manager::SandboxWin::AddAppContainerProfileToPolicy(
- command_line, sandbox_type, kAppContainerId, &policy);
- if (result == sandbox::SBOX_ALL_OK)
+ ResultCode result = SandboxWin::AddAppContainerProfileToPolicy(
+ command_line, sandbox_type, kAppContainerId, &policy);
+ if (result == SBOX_ALL_OK)
*profile = policy.GetAppContainerProfileBase();
return result;
}
@@ -293,13 +268,13 @@
if (base::win::GetVersion() < base::win::Version::WIN10_RS1)
return;
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- EXPECT_FALSE(service_manager::SandboxWin::IsAppContainerEnabledForSandbox(
- command_line, SandboxType::kGpu));
+ EXPECT_FALSE(SandboxWin::IsAppContainerEnabledForSandbox(command_line,
+ SandboxType::kGpu));
base::test::ScopedFeatureList features;
- features.InitAndEnableFeature(service_manager::features::kGpuAppContainer);
- EXPECT_TRUE(service_manager::SandboxWin::IsAppContainerEnabledForSandbox(
- command_line, SandboxType::kGpu));
- EXPECT_FALSE(service_manager::SandboxWin::IsAppContainerEnabledForSandbox(
+ features.InitAndEnableFeature(features::kGpuAppContainer);
+ EXPECT_TRUE(SandboxWin::IsAppContainerEnabledForSandbox(command_line,
+ SandboxType::kGpu));
+ EXPECT_FALSE(SandboxWin::IsAppContainerEnabledForSandbox(
command_line, SandboxType::kNoSandbox));
}
@@ -307,11 +282,10 @@
if (base::win::GetVersion() < base::win::Version::WIN10_RS1)
return;
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- scoped_refptr<sandbox::AppContainerProfileBase> profile;
- sandbox::ResultCode result = CreateAppContainerProfile(
- command_line, true, SandboxType::kGpu, &profile);
- EXPECT_EQ(sandbox::SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_ACCESS_CHECK,
- result);
+ scoped_refptr<AppContainerProfileBase> profile;
+ ResultCode result = CreateAppContainerProfile(command_line, true,
+ SandboxType::kGpu, &profile);
+ EXPECT_EQ(SBOX_ERROR_CREATE_APPCONTAINER_PROFILE_ACCESS_CHECK, result);
EXPECT_EQ(nullptr, profile);
}
@@ -319,12 +293,12 @@
if (base::win::GetVersion() < base::win::Version::WIN10_RS1)
return;
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
- scoped_refptr<sandbox::AppContainerProfileBase> profile;
- sandbox::ResultCode result = CreateAppContainerProfile(
- command_line, false, SandboxType::kGpu, &profile);
- ASSERT_EQ(sandbox::SBOX_ALL_OK, result);
+ scoped_refptr<AppContainerProfileBase> profile;
+ ResultCode result = CreateAppContainerProfile(command_line, false,
+ SandboxType::kGpu, &profile);
+ ASSERT_EQ(SBOX_ALL_OK, result);
ASSERT_NE(nullptr, profile);
- auto package_sid = sandbox::Sid::FromSddlString(kPackageSid);
+ auto package_sid = Sid::FromSddlString(kPackageSid);
ASSERT_TRUE(package_sid.IsValid());
EXPECT_TRUE(
::EqualSid(package_sid.GetPSID(), profile->GetPackageSid().GetPSID()));
@@ -337,11 +311,11 @@
return;
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
base::test::ScopedFeatureList features;
- features.InitAndDisableFeature(service_manager::features::kGpuLPAC);
- scoped_refptr<sandbox::AppContainerProfileBase> profile;
- sandbox::ResultCode result = CreateAppContainerProfile(
- command_line, false, SandboxType::kGpu, &profile);
- ASSERT_EQ(sandbox::SBOX_ALL_OK, result);
+ features.InitAndDisableFeature(features::kGpuLPAC);
+ scoped_refptr<AppContainerProfileBase> profile;
+ ResultCode result = CreateAppContainerProfile(command_line, false,
+ SandboxType::kGpu, &profile);
+ ASSERT_EQ(SBOX_ALL_OK, result);
ASSERT_NE(nullptr, profile);
EXPECT_FALSE(profile->GetEnableLowPrivilegeAppContainer());
}
@@ -352,10 +326,10 @@
base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
command_line.AppendSwitchASCII(switches::kAddGpuAppContainerCaps,
" cap1 , cap2 ,");
- scoped_refptr<sandbox::AppContainerProfileBase> profile;
- sandbox::ResultCode result = CreateAppContainerProfile(
- command_line, false, SandboxType::kGpu, &profile);
- ASSERT_EQ(sandbox::SBOX_ALL_OK, result);
+ scoped_refptr<AppContainerProfileBase> profile;
+ ResultCode result = CreateAppContainerProfile(command_line, false,
+ SandboxType::kGpu, &profile);
+ ASSERT_EQ(SBOX_ALL_OK, result);
ASSERT_NE(nullptr, profile);
CheckCapabilities(profile.get(), {L"cap1", L"cap2"});
}
@@ -418,4 +392,5 @@
}
}
-} // namespace service_manager
+} // namespace policy
+} // namespace sandbox
diff --git a/sandbox/win/BUILD.gn b/sandbox/win/BUILD.gn
index 2557f5c..952e8b0 100644
--- a/sandbox/win/BUILD.gn
+++ b/sandbox/win/BUILD.gn
@@ -226,6 +226,7 @@
deps = [
":sandbox",
"//base/test:test_support",
+ "//sandbox/policy:tests",
"//testing/gtest",
]
diff --git a/services/audio/BUILD.gn b/services/audio/BUILD.gn
index dd49117..74d5b1a 100644
--- a/services/audio/BUILD.gn
+++ b/services/audio/BUILD.gn
@@ -70,8 +70,8 @@
"//base",
"//media",
"//media/webrtc",
+ "//sandbox/policy",
"//services/audio/public/mojom",
- "//services/service_manager/sandbox",
]
if (is_linux) {
diff --git a/services/audio/DEPS b/services/audio/DEPS
index 5c8ac887..4e45e6d0 100644
--- a/services/audio/DEPS
+++ b/services/audio/DEPS
@@ -5,5 +5,4 @@
"+media/webrtc",
"+sandbox",
"+services/audio/public",
- "+services/service_manager/sandbox",
]
diff --git a/services/audio/audio_sandbox_hook_linux.cc b/services/audio/audio_sandbox_hook_linux.cc
index dad4537..e7928a96 100644
--- a/services/audio/audio_sandbox_hook_linux.cc
+++ b/services/audio/audio_sandbox_hook_linux.cc
@@ -174,9 +174,9 @@
} // namespace
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options) {
+bool AudioPreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
LoadAudioLibraries();
- auto* instance = service_manager::SandboxLinux::GetInstance();
+ auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
#if defined(USE_PULSEAUDIO)
@@ -188,7 +188,7 @@
sandbox::syscall_broker::COMMAND_UNLINK,
}),
GetAudioFilePermissions(),
- service_manager::SandboxLinux::PreSandboxHook(),
+ sandbox::policy::SandboxLinux::PreSandboxHook(),
options);
// TODO(https://crbug.com/850878) enable namespace sandbox. Currently, if
diff --git a/services/audio/audio_sandbox_hook_linux.h b/services/audio/audio_sandbox_hook_linux.h
index 528ceaa..65a17cc 100644
--- a/services/audio/audio_sandbox_hook_linux.h
+++ b/services/audio/audio_sandbox_hook_linux.h
@@ -5,13 +5,13 @@
#ifndef SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
#define SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace audio {
// Load audio shared libraries and setup allowed commands and filesystem
// permissions for audio service sandboxed process.
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options);
+bool AudioPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace audio
diff --git a/services/network/BUILD.gn b/services/network/BUILD.gn
index cf02b9ba..d033ebd8 100644
--- a/services/network/BUILD.gn
+++ b/services/network/BUILD.gn
@@ -233,6 +233,7 @@
"//mojo/public/cpp/system",
"//net",
"//net:extras",
+ "//sandbox/policy",
"//services/network/public/cpp",
"//services/network/public/cpp/cert_verifier:cert_verifier_creation",
"//services/network/public/cpp/cert_verifier:mojo_cert_verifier",
@@ -241,7 +242,6 @@
"//services/network/trust_tokens",
"//services/service_manager/public/cpp",
"//services/service_manager/public/mojom",
- "//services/service_manager/sandbox:sandbox",
"//third_party/webrtc_overrides:webrtc_component",
"//url",
]
@@ -257,10 +257,7 @@
}
if (is_linux) {
- deps += [
- "//sandbox/linux:sandbox_services",
- "//services/service_manager/sandbox:sandbox",
- ]
+ deps += [ "//sandbox/linux:sandbox_services" ]
}
if (is_android) {
diff --git a/services/network/DEPS b/services/network/DEPS
index 2849a00..0d167b8 100644
--- a/services/network/DEPS
+++ b/services/network/DEPS
@@ -17,7 +17,6 @@
"+sandbox",
"+services/proxy_resolver/public/mojom",
"+services/service_manager/public",
- "+services/service_manager/sandbox",
"+third_party/boringssl/src/include",
"+url",
]
diff --git a/services/network/network_sandbox_hook_linux.cc b/services/network/network_sandbox_hook_linux.cc
index da2704d..feb61a7 100644
--- a/services/network/network_sandbox_hook_linux.cc
+++ b/services/network/network_sandbox_hook_linux.cc
@@ -13,8 +13,8 @@
namespace network {
-bool NetworkPreSandboxHook(service_manager::SandboxLinux::Options options) {
- auto* instance = service_manager::SandboxLinux::GetInstance();
+bool NetworkPreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
+ auto* instance = sandbox::policy::SandboxLinux::GetInstance();
// TODO(tsepez): remove universal permission under filesytem root.
instance->StartBrokerProcess(
@@ -29,7 +29,7 @@
sandbox::syscall_broker::COMMAND_UNLINK,
}),
{BrokerFilePermission::ReadWriteCreateRecursive("/")},
- service_manager::SandboxLinux::PreSandboxHook(), options);
+ sandbox::policy::SandboxLinux::PreSandboxHook(), options);
instance->EngageNamespaceSandboxIfPossible();
return true;
diff --git a/services/network/network_sandbox_hook_linux.h b/services/network/network_sandbox_hook_linux.h
index c398ac42..0c09336 100644
--- a/services/network/network_sandbox_hook_linux.h
+++ b/services/network/network_sandbox_hook_linux.h
@@ -6,12 +6,12 @@
#define SERVICES_NETWORK_NETWORK_SANDBOX_HOOK_LINUX_H_
#include "base/component_export.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace network {
COMPONENT_EXPORT(NETWORK_SERVICE)
-bool NetworkPreSandboxHook(service_manager::SandboxLinux::Options options);
+bool NetworkPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace network
diff --git a/services/network/network_sandbox_win.cc b/services/network/network_sandbox_win.cc
index 6fd3692..f62a903 100644
--- a/services/network/network_sandbox_win.cc
+++ b/services/network/network_sandbox_win.cc
@@ -4,8 +4,8 @@
#include "services/network/network_sandbox_win.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_types.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
// NOTE: changes to this code need to be reviewed by the security team.
namespace network {
@@ -18,7 +18,7 @@
sandbox::USER_UNPROTECTED);
if (result != sandbox::ResultCode::SBOX_ALL_OK)
return false;
- result = service_manager::SandboxWin::SetJobLevel(
+ result = sandbox::policy::SandboxWin::SetJobLevel(
cmd_line, sandbox::JOB_UNPROTECTED, 0, policy);
if (result != sandbox::ResultCode::SBOX_ALL_OK)
return false;
diff --git a/services/network/network_sandbox_win.h b/services/network/network_sandbox_win.h
index b2e68a3c..0df8a22 100644
--- a/services/network/network_sandbox_win.h
+++ b/services/network/network_sandbox_win.h
@@ -6,8 +6,8 @@
#define SERVICES_NETWORK_NETWORK_SANDBOX_WIN_H_
#include "base/component_export.h"
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox_policy_base.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
// These sandbox-config extension functions should be called from
// UtilitySandboxedProcessLauncherDelegate on Windows (or the appropriate
diff --git a/services/service_manager/BUILD.gn b/services/service_manager/BUILD.gn
index 25d7a7c..4750143 100644
--- a/services/service_manager/BUILD.gn
+++ b/services/service_manager/BUILD.gn
@@ -48,9 +48,9 @@
public_deps = [
"//base",
"//mojo/public/cpp/bindings",
+ "//sandbox/policy",
"//services/service_manager/public/cpp",
"//services/service_manager/public/mojom",
- "//services/service_manager/sandbox",
]
if (!is_ios) {
diff --git a/services/service_manager/embedder/main.cc b/services/service_manager/embedder/main.cc
index d277d1e..01fdee5 100644
--- a/services/service_manager/embedder/main.cc
+++ b/services/service_manager/embedder/main.cc
@@ -33,6 +33,7 @@
#include "mojo/core/embedder/embedder.h"
#include "mojo/core/embedder/scoped_ipc_support.h"
#include "mojo/public/cpp/base/shared_memory_utils.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/embedder/main_delegate.h"
#include "services/service_manager/embedder/process_type.h"
#include "services/service_manager/embedder/set_process_title.h"
@@ -41,7 +42,6 @@
#include "services/service_manager/public/cpp/service.h"
#include "services/service_manager/public/cpp/service_executable/service_executable_environment.h"
#include "services/service_manager/public/cpp/service_executable/switches.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "ui/base/resource/resource_bundle.h"
#include "ui/base/ui_base_paths.h"
#include "ui/base/ui_base_switches.h"
@@ -387,8 +387,8 @@
// sandboxed process. The defines below must be in sync with the
// implementation of mojo::NodeController::CreateSharedBuffer().
#if !defined(OS_MACOSX) && !defined(OS_NACL_SFI) && !defined(OS_FUCHSIA)
- if (service_manager::IsUnsandboxedSandboxType(
- service_manager::SandboxTypeFromCommandLine(command_line))) {
+ if (sandbox::policy::IsUnsandboxedSandboxType(
+ sandbox::policy::SandboxTypeFromCommandLine(command_line))) {
// Unsandboxed processes don't need shared memory brokering... because
// they're not sandboxed.
} else if (mojo_config.force_direct_shared_memory_allocation) {
diff --git a/services/service_manager/public/cpp/manifest.h b/services/service_manager/public/cpp/manifest.h
index 586441b..b731d58 100644
--- a/services/service_manager/public/cpp/manifest.h
+++ b/services/service_manager/public/cpp/manifest.h
@@ -93,7 +93,8 @@
// binary (for example Chromium, or any Content embedder), and the embedder
// handles requests for new instances of the service via
// ServiceProcess::Delegate::RunService(). The service will always run in
- // a child process sandboxed according to SandboxType (see Options below).
+ // a child process sandboxed according to sandbox::policy::SandboxType (see
+ // Options below).
kOutOfProcessBuiltin,
// The service is launched out-of-process from a standalone service
@@ -102,7 +103,8 @@
// "${service_name}.service.exe" on Windows).
//
// Proper sandboxing is currently not supported for standalone service
- // executables, so SandboxType (see Options below) is ignored. This renders
+ // executables, so sandbox::policy::SandboxType (see Options below) is
+ // ignored. This renders
// standalone service executables generally unsuitable for production
// environments.
kStandaloneExecutable,
@@ -151,7 +153,8 @@
// if |execution_mode| is |kOutOfProcessBuiltin| or
// |kStandaloneExecutable|.
//
- // TODO(https://crbug.com/915806): Make this field a SandboxType enum.
+ // TODO(https://crbug.com/915806): Make this field a
+ // sandbox::policy::SandboxType enum.
std::string sandbox_type{"utility"};
};
diff --git a/services/service_manager/public/cpp/service_executable/BUILD.gn b/services/service_manager/public/cpp/service_executable/BUILD.gn
index d62e2b3..0c5a297 100644
--- a/services/service_manager/public/cpp/service_executable/BUILD.gn
+++ b/services/service_manager/public/cpp/service_executable/BUILD.gn
@@ -13,8 +13,8 @@
"//mojo/core/embedder",
"//mojo/public/cpp/platform",
"//mojo/public/cpp/system",
+ "//sandbox/policy",
"//services/service_manager/public/cpp",
- "//services/service_manager/sandbox",
]
public_deps = [
diff --git a/services/service_manager/public/cpp/service_executable/service_executable_environment.cc b/services/service_manager/public/cpp/service_executable/service_executable_environment.cc
index cfb5cc4..af9a635b 100644
--- a/services/service_manager/public/cpp/service_executable/service_executable_environment.cc
+++ b/services/service_manager/public/cpp/service_executable/service_executable_environment.cc
@@ -15,14 +15,14 @@
#include "mojo/public/cpp/platform/platform_channel.h"
#include "mojo/public/cpp/system/invitation.h"
#include "mojo/public/cpp/system/message_pipe.h"
+#include "sandbox/policy/sandbox.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/public/cpp/service_executable/switches.h"
-#include "services/service_manager/sandbox/sandbox.h"
-#include "services/service_manager/sandbox/switches.h"
#if defined(OS_LINUX)
#include "base/rand_util.h"
#include "base/system/sys_info.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
#endif
namespace service_manager {
@@ -34,20 +34,21 @@
#if defined(OS_LINUX)
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
- if (command_line.HasSwitch(switches::kServiceSandboxType)) {
+ if (command_line.HasSwitch(sandbox::policy::switches::kServiceSandboxType)) {
// Warm parts of base in the copy of base in the mojo runner.
base::RandUint64();
base::SysInfo::AmountOfPhysicalMemory();
base::SysInfo::NumberOfProcessors();
// Repeat steps normally performed by the zygote.
- SandboxLinux::Options sandbox_options;
+ sandbox::policy::SandboxLinux::Options sandbox_options;
sandbox_options.engage_namespace_sandbox = true;
- Sandbox::Initialize(
- UtilitySandboxTypeFromString(
- command_line.GetSwitchValueASCII(switches::kServiceSandboxType)),
- SandboxLinux::PreSandboxHook(), sandbox_options);
+ sandbox::policy::Sandbox::Initialize(
+ sandbox::policy::UtilitySandboxTypeFromString(
+ command_line.GetSwitchValueASCII(
+ sandbox::policy::switches::kServiceSandboxType)),
+ sandbox::policy::SandboxLinux::PreSandboxHook(), sandbox_options);
}
#endif
diff --git a/services/service_manager/sandbox/DEPS b/services/service_manager/sandbox/DEPS
deleted file mode 100644
index 804a308..0000000
--- a/services/service_manager/sandbox/DEPS
+++ /dev/null
@@ -1,4 +0,0 @@
-include_rules = [
- "+sandbox/constants.h",
- "+sandbox",
-]
diff --git a/services/service_manager/sandbox/export.h b/services/service_manager/sandbox/export.h
deleted file mode 100644
index 29fa29d..0000000
--- a/services/service_manager/sandbox/export.h
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_EXPORT_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_EXPORT_H_
-
-#if defined(COMPONENT_BUILD)
-#if defined(WIN32)
-
-#if defined(SERVICE_MANAGER_SANDBOX_IMPL)
-#define SERVICE_MANAGER_SANDBOX_EXPORT __declspec(dllexport)
-#else
-#define SERVICE_MANAGER_SANDBOX_EXPORT __declspec(dllimport)
-#endif // defined(SERVICE_MANAGER_SANDBOX_IMPL)
-
-#else // defined(WIN32)
-#if defined(SERVICE_MANAGER_SANDBOX_IMPL)
-#define SERVICE_MANAGER_SANDBOX_EXPORT __attribute__((visibility("default")))
-#else
-#define SERVICE_MANAGER_SANDBOX_EXPORT
-#endif // defined(SERVICE_MANAGER_SANDBOX_IMPL)
-#endif
-
-#else // defined(COMPONENT_BUILD)
-#define SERVICE_MANAGER_SANDBOX_EXPORT
-#endif
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_EXPORT_H_
diff --git a/services/service_manager/sandbox/features.h b/services/service_manager/sandbox/features.h
deleted file mode 100644
index 86735e2..0000000
--- a/services/service_manager/sandbox/features.h
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file defines all the public base::FeatureList features for the content
-// module.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_FEATURES_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_FEATURES_H_
-
-#include "base/feature_list.h"
-#include "build/build_config.h"
-#include "services/service_manager/sandbox/export.h"
-
-namespace service_manager {
-namespace features {
-
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature kAudioServiceSandbox;
-
-#if !defined(OS_MACOSX)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature
- kNetworkServiceSandbox;
-#endif
-
-#if defined(OS_WIN)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature
- kWinSboxDisableExtensionPoints;
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature kGpuAppContainer;
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature kGpuLPAC;
-#endif // defined(OS_WIN)
-
-#if !defined(OS_ANDROID)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const base::Feature kXRSandbox;
-#endif // !defined(OS_ANDROID)
-
-} // namespace features
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_FEATURES_H_
diff --git a/services/service_manager/sandbox/linux/bpf_audio_policy_linux.h b/services/service_manager/sandbox/linux/bpf_audio_policy_linux.h
deleted file mode 100644
index afbab1f9..0000000
--- a/services/service_manager/sandbox/linux/bpf_audio_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT AudioProcessPolicy : public BPFBasePolicy {
- public:
- AudioProcessPolicy();
- ~AudioProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(AudioProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_base_policy_linux.h b/services/service_manager/sandbox/linux/bpf_base_policy_linux.h
deleted file mode 100644
index 8cae352..0000000
--- a/services/service_manager/sandbox/linux/bpf_base_policy_linux.h
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BASE_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BASE_POLICY_LINUX_H_
-
-#include <memory>
-
-#include "base/macros.h"
-#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
-#include "sandbox/linux/bpf_dsl/policy.h"
-#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
-#include "services/service_manager/sandbox/export.h"
-
-namespace service_manager {
-
-// The "baseline" BPF policy. Any other seccomp-bpf policy should inherit
-// from it.
-// It implements the main Policy interface. Due to its nature
-// as a "kernel attack surface reduction" layer, it's implementation-defined.
-class SERVICE_MANAGER_SANDBOX_EXPORT BPFBasePolicy
- : public sandbox::bpf_dsl::Policy {
- public:
- BPFBasePolicy();
- ~BPFBasePolicy() override;
-
- // sandbox::bpf_dsl::Policy:
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
- sandbox::bpf_dsl::ResultExpr InvalidSyscall() const override;
-
- // Get the errno(3) to return for filesystem errors.
- static int GetFSDeniedErrno();
-
- pid_t GetPolicyPid() const { return baseline_policy_->policy_pid(); }
-
- private:
- // Compose the BaselinePolicy from sandbox/.
- std::unique_ptr<sandbox::BaselinePolicy> baseline_policy_;
- DISALLOW_COPY_AND_ASSIGN(BPFBasePolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BASE_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc
deleted file mode 100644
index 68af74e1..0000000
--- a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc
+++ /dev/null
@@ -1,149 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/service_manager/sandbox/linux/bpf_broker_policy_linux.h"
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "sandbox/linux/system_headers/linux_syscalls.h"
-
-using sandbox::bpf_dsl::Allow;
-using sandbox::bpf_dsl::ResultExpr;
-
-namespace service_manager {
-
-BrokerProcessPolicy::BrokerProcessPolicy(
- const sandbox::syscall_broker::BrokerCommandSet& allowed_command_set)
- : allowed_command_set_(allowed_command_set) {}
-
-BrokerProcessPolicy::~BrokerProcessPolicy() {}
-
-ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
- switch (sysno) {
-#if defined(__NR_access)
- case __NR_access:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_ACCESS))
- return Allow();
- break;
-#endif
-#if defined(__NR_faccessat)
- case __NR_faccessat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_ACCESS))
- return Allow();
- break;
-#endif
-#if defined(__NR_mkdir)
- case __NR_mkdir:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_MKDIR))
- return Allow();
- break;
-#endif
-#if defined(__NR_mkdirat)
- case __NR_mkdirat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_MKDIR))
- return Allow();
- break;
-#endif
-#if defined(__NR_open)
- case __NR_open:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_OPEN))
- return Allow();
- break;
-#endif
-#if defined(__NR_openat)
- case __NR_openat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_OPEN))
- return Allow();
- break;
-#endif
-#if defined(__NR_rename)
- case __NR_rename:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_RENAME))
- return Allow();
- break;
-#endif
-#if defined(__NR_renameat)
- case __NR_renameat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_RENAME))
- return Allow();
- break;
-#endif
-#if defined(__NR_stat)
- case __NR_stat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_stat64)
- case __NR_stat64:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_lstat)
- case __NR_lstat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_lstat64)
- case __NR_lstat64:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_fstatat)
- case __NR_fstatat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_newfstatat)
- case __NR_newfstatat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_STAT))
- return Allow();
- break;
-#endif
-#if defined(__NR_readlink)
- case __NR_readlink:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_READLINK))
- return Allow();
- break;
-#endif
-#if defined(__NR_readlinkat)
- case __NR_readlinkat:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_READLINK))
- return Allow();
- break;
-#endif
-#if defined(__NR_rmdir)
- case __NR_rmdir:
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_RMDIR))
- return Allow();
- break;
-#endif
-#if defined(__NR_unlink)
- case __NR_unlink:
- // NOTE: Open() uses unlink() to make "temporary" files.
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_OPEN) ||
- allowed_command_set_.test(sandbox::syscall_broker::COMMAND_UNLINK)) {
- return Allow();
- }
- break;
-#endif
-#if defined(__NR_unlinkat)
- case __NR_unlinkat:
- // NOTE: Open() uses unlink() to make "temporary" files.
- if (allowed_command_set_.test(sandbox::syscall_broker::COMMAND_OPEN) ||
- allowed_command_set_.test(sandbox::syscall_broker::COMMAND_UNLINK)) {
- return Allow();
- }
- break;
-#endif
- default:
- break;
- }
- return BPFBasePolicy::EvaluateSyscall(sysno);
-}
-
-} // namespace service_manager
diff --git a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.h b/services/service_manager/sandbox/linux/bpf_broker_policy_linux.h
deleted file mode 100644
index 8299a3a3..0000000
--- a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.h
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BROKER_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BROKER_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "sandbox/linux/syscall_broker/broker_command.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// A broker policy is one for a privileged syscall broker that allows
-// access, open, openat, and (in the non-Chrome OS case) unlink.
-class SERVICE_MANAGER_SANDBOX_EXPORT BrokerProcessPolicy
- : public BPFBasePolicy {
- public:
- explicit BrokerProcessPolicy(
- const sandbox::syscall_broker::BrokerCommandSet& allowed_command_set);
- ~BrokerProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- const sandbox::syscall_broker::BrokerCommandSet allowed_command_set_;
-
- DISALLOW_COPY_AND_ASSIGN(BrokerProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_BROKER_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h b/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h
deleted file mode 100644
index ea07367a..0000000
--- a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CDM_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CDM_POLICY_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// This policy can be used by the process hosting a Content Decryption Module.
-class CdmProcessPolicy : public BPFBasePolicy {
- public:
- CdmProcessPolicy();
- ~CdmProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(CdmProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CDM_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h b/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h
deleted file mode 100644
index 23980dc6..0000000
--- a/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h"
-
-namespace service_manager {
-
-// This policy is for AMD GPUs running on Chrome OS.
-class SERVICE_MANAGER_SANDBOX_EXPORT CrosAmdGpuProcessPolicy
- : public GpuProcessPolicy {
- public:
- CrosAmdGpuProcessPolicy();
- ~CrosAmdGpuProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(CrosAmdGpuProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_AMD_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h b/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h
deleted file mode 100644
index 36b8b9c..0000000
--- a/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h"
-
-namespace service_manager {
-
-// This policy is for Chrome OS ARM.
-class SERVICE_MANAGER_SANDBOX_EXPORT CrosArmGpuProcessPolicy
- : public GpuProcessPolicy {
- public:
- explicit CrosArmGpuProcessPolicy(bool allow_shmat);
- ~CrosArmGpuProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
-#if defined(__arm__) || defined(__aarch64__)
- const bool allow_shmat_; // Allow shmat(2).
-#endif
- DISALLOW_COPY_AND_ASSIGN(CrosArmGpuProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_CROS_ARM_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h b/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h
deleted file mode 100644
index c1091816..0000000
--- a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT GpuProcessPolicy : public BPFBasePolicy {
- public:
- GpuProcessPolicy();
- ~GpuProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_GPU_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_ime_policy_linux.h b/services/service_manager/sandbox/linux/bpf_ime_policy_linux.h
deleted file mode 100644
index d9a8cd3..0000000
--- a/services/service_manager/sandbox/linux/bpf_ime_policy_linux.h
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_IME_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_IME_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT ImeProcessPolicy : public BPFBasePolicy {
- public:
- ImeProcessPolicy();
- ~ImeProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(ImeProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_IME_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_network_policy_linux.h b/services/service_manager/sandbox/linux/bpf_network_policy_linux.h
deleted file mode 100644
index f532205..0000000
--- a/services/service_manager/sandbox/linux/bpf_network_policy_linux.h
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_NETWORK_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_NETWORK_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT NetworkProcessPolicy
- : public BPFBasePolicy {
- public:
- NetworkProcessPolicy();
- ~NetworkProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(NetworkProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_NETWORK_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h b/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h
deleted file mode 100644
index 103b33e..0000000
--- a/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PPAPI_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PPAPI_POLICY_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// Policy for Pepper plugins such as Flash.
-class PpapiProcessPolicy : public BPFBasePolicy {
- public:
- PpapiProcessPolicy();
- ~PpapiProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(PpapiProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PPAPI_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.h b/services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.h
deleted file mode 100644
index f6617c3..0000000
--- a/services/service_manager/sandbox/linux/bpf_print_compositor_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// This policy can be used by print compositor utility processes.
-class PrintCompositorProcessPolicy : public BPFBasePolicy {
- public:
- PrintCompositorProcessPolicy();
- ~PrintCompositorProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(PrintCompositorProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_PRINT_COMPOSITOR_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h b/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h
deleted file mode 100644
index 86c5142..0000000
--- a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_RENDERER_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_RENDERER_POLICY_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// This policy can be used by both renderer and worker processes.
-class RendererProcessPolicy : public BPFBasePolicy {
- public:
- RendererProcessPolicy();
- ~RendererProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(RendererProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_RENDERER_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.h b/services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.h
deleted file mode 100644
index b12bc82..0000000
--- a/services/service_manager/sandbox/linux/bpf_speech_recognition_policy_linux.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2020 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// The process policy for the sandboxed utility process that loads the Speech
-// On-Device API (SODA). This policy allows the syscalls used by the libsoda.so
-// binary to transcribe audio into text.
-class SERVICE_MANAGER_SANDBOX_EXPORT SpeechRecognitionProcessPolicy
- : public BPFBasePolicy {
- public:
- SpeechRecognitionProcessPolicy();
- ~SpeechRecognitionProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(SpeechRecognitionProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_SPEECH_RECOGNITION_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h b/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h
deleted file mode 100644
index a562a68..0000000
--- a/services/service_manager/sandbox/linux/bpf_tts_policy_linux.h
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2020 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT TtsProcessPolicy : public BPFBasePolicy {
- public:
- TtsProcessPolicy();
- ~TtsProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(TtsProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_TTS_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.h b/services/service_manager/sandbox/linux/bpf_utility_policy_linux.h
deleted file mode 100644
index 34fa171..0000000
--- a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_UTILITY_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_UTILITY_POLICY_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-// This policy can be used by utility processes.
-class UtilityProcessPolicy : public BPFBasePolicy {
- public:
- UtilityProcessPolicy();
- ~UtilityProcessPolicy() override;
-
- sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
- int system_call_number) const override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(UtilityProcessPolicy);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_UTILITY_POLICY_LINUX_H_
diff --git a/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h b/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h
deleted file mode 100644
index 17018f2..0000000
--- a/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
-
-#include "base/macros.h"
-#include "services/service_manager/sandbox/export.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxDebugHandling {
- public:
- // Depending on the command line, set the current process as
- // non dumpable. Also set any signal handlers for sandbox
- // debugging.
- static bool SetDumpableStatusAndHandlers();
-
- private:
- DISALLOW_IMPLICIT_CONSTRUCTORS(SandboxDebugHandling);
-};
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_SANDBOX_DEBUG_HANDLING_LINUX_H_
diff --git a/services/service_manager/sandbox/switches.h b/services/service_manager/sandbox/switches.h
deleted file mode 100644
index 6d66ab6c..0000000
--- a/services/service_manager/sandbox/switches.h
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_
-
-#include "build/build_config.h"
-#include "services/service_manager/embedder/switches.h"
-#include "services/service_manager/sandbox/export.h"
-
-namespace service_manager {
-namespace switches {
-
-// Type of sandbox to apply to the process running the service, one of the
-// values in the next block.
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kServiceSandboxType[];
-
-// Must be in sync with "sandbox_type" values as used in service manager's
-// manifest.json catalog files.
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoneSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char
- kNoneSandboxAndElevatedPrivileges[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNetworkSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kUtilitySandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kCdmSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPrintCompositorSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAudioSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kSharingServiceSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kSpeechRecognitionSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kVideoCaptureSandbox[];
-
-#if defined(OS_WIN)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPdfConversionSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kProxyResolverSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kXrCompositingSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kIconReaderSandbox[];
-#endif // OS_WIN
-
-#if defined(OS_CHROMEOS)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kImeSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kTtsSandbox[];
-#endif // OS_CHROMEOS
-
-// Flags owned by the service manager sandbox.
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowNoSandboxJob[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowSandboxDebugging[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableGpuSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableNamespaceSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSeccompFilterSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSetuidSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableWin32kLockDown[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableAudioServiceSandbox[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxAllowSysVShm[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxFailuresFatal[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoSandbox[];
-#if defined(OS_LINUX)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoZygoteSandbox[];
-#endif
-#if defined(OS_WIN)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAllowThirdPartyModules[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAddGpuAppContainerCaps[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char
- kNoSandboxAndElevatedPrivileges[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAddXrAppContainerCaps[];
-#endif
-#if defined(OS_MACOSX)
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableSandboxLogging[];
-#endif
-
-// Flags spied upon from other layers.
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNaClBrokerProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNaClLoaderProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiBrokerProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiPluginProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kRendererProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kUtilityProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kCloudPrintServiceProcess[];
-SERVICE_MANAGER_SANDBOX_EXPORT extern const char kZygoteProcessType[];
-
-} // namespace switches
-
-#if defined(OS_WIN)
-// Returns whether Win32k lockdown is enabled for child processes or not.
-// Not really a switch, but uses one under the covers.
-SERVICE_MANAGER_SANDBOX_EXPORT bool IsWin32kLockdownEnabled();
-#endif
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANAGER_SANDBOX_SWITCHES_H_
diff --git a/services/service_manager/sandbox/win/sandbox_win.h b/services/service_manager/sandbox/win/sandbox_win.h
deleted file mode 100644
index 6614a82..0000000
--- a/services/service_manager/sandbox/win/sandbox_win.h
+++ /dev/null
@@ -1,102 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANANGER_SANDBOX_WIN_SANDBOX_WIN_H_
-#define SERVICES_SERVICE_MANANGER_SANDBOX_WIN_SANDBOX_WIN_H_
-
-#include <stdint.h>
-
-#include <string>
-
-#include "base/bind.h"
-#include "base/callback_forward.h"
-#include "base/process/launch.h"
-#include "base/process/process_handle.h"
-#include "sandbox/win/src/sandbox_types.h"
-#include "sandbox/win/src/security_level.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/sandbox_delegate.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
-
-namespace base {
-class CommandLine;
-class Value;
-} // namespace base
-
-namespace sandbox {
-class BrokerServices;
-class TargetPolicy;
-class TargetServices;
-} // namespace sandbox
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT SandboxWin {
- public:
- static sandbox::ResultCode StartSandboxedProcess(
- base::CommandLine* cmd_line,
- const std::string& process_type,
- const base::HandlesToInheritVector& handles_to_inherit,
- SandboxDelegate* delegate,
- base::Process* process);
-
- // Wrapper around sandbox::TargetPolicy::SetJobLevel that checks if the
- // sandbox should be let to run without a job object assigned.
- static sandbox::ResultCode SetJobLevel(const base::CommandLine& cmd_line,
- sandbox::JobLevel job_level,
- uint32_t ui_exceptions,
- sandbox::TargetPolicy* policy);
-
- // Closes handles that are opened at process creation and initialization.
- static sandbox::ResultCode AddBaseHandleClosePolicy(
- sandbox::TargetPolicy* policy);
-
- // Add AppContainer policy for |sid| on supported OS.
- static sandbox::ResultCode AddAppContainerPolicy(
- sandbox::TargetPolicy* policy,
- const wchar_t* sid);
-
- // Add the win32k lockdown policy on supported OS.
- static sandbox::ResultCode AddWin32kLockdownPolicy(
- sandbox::TargetPolicy* policy,
- bool enable_opm);
-
- // Add the AppContainer sandbox profile to the policy. |sandbox_type|
- // determines what policy is enabled. |appcontainer_id| is used to create
- // a unique package SID, it can be anything the caller wants.
- static sandbox::ResultCode AddAppContainerProfileToPolicy(
- const base::CommandLine& command_line,
- service_manager::SandboxType sandbox_type,
- const std::string& appcontainer_id,
- sandbox::TargetPolicy* policy);
-
- // Returns whether the AppContainer sandbox is enabled or not for a specific
- // sandbox type from |command_line| and |sandbox_type|.
- static bool IsAppContainerEnabledForSandbox(
- const base::CommandLine& command_line,
- service_manager::SandboxType sandbox_type);
-
- static bool InitBrokerServices(sandbox::BrokerServices* broker_services);
- static bool InitTargetServices(sandbox::TargetServices* target_services);
-
- // Report diagnostic information about policies applied to sandboxed
- // processes. This is a snapshot and may describe processes which
- // have subsequently finished. This can be invoked on any sequence and posts
- // to |response| to the origin sequence on completion. |response|
- // will be an empty value if an error is encountered.
- static sandbox::ResultCode GetPolicyDiagnostics(
- base::OnceCallback<void(base::Value)> response);
-
- // Provides a friendly name for the sandbox for chrome://sandbox and tracing.
- static std::string GetSandboxTypeInEnglish(SandboxType sandbox_type);
-};
-
-SERVICE_MANAGER_SANDBOX_EXPORT
-void BlocklistAddOneDllForTesting(const wchar_t* module_name,
- bool check_in_browser,
- sandbox::TargetPolicy* policy);
-
-} // namespace service_manager
-
-#endif // SERVICES_SERVICE_MANANGER_SANDBOX_WIN_SANDBOX_WIN_H_
diff --git a/services/service_manager/service_instance.cc b/services/service_manager/service_instance.cc
index 2d5bb77..15a07c5 100644
--- a/services/service_manager/service_instance.cc
+++ b/services/service_manager/service_instance.cc
@@ -156,7 +156,7 @@
#if !defined(OS_IOS)
bool ServiceInstance::StartWithProcessHost(
std::unique_ptr<ServiceProcessHost> host,
- SandboxType sandbox_type) {
+ sandbox::policy::SandboxType sandbox_type) {
DCHECK(!service_remote_);
DCHECK(!process_host_);
diff --git a/services/service_manager/service_instance.h b/services/service_manager/service_instance.h
index 20a3700..5600d48 100644
--- a/services/service_manager/service_instance.h
+++ b/services/service_manager/service_instance.h
@@ -24,13 +24,13 @@
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/receiver_set.h"
#include "mojo/public/cpp/bindings/remote.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/cpp/identity.h"
#include "services/service_manager/public/cpp/manifest.h"
#include "services/service_manager/public/mojom/connector.mojom.h"
#include "services/service_manager/public/mojom/service.mojom.h"
#include "services/service_manager/public/mojom/service_control.mojom.h"
#include "services/service_manager/public/mojom/service_manager.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
namespace service_manager {
@@ -65,7 +65,7 @@
#if !defined(OS_IOS)
// Starts this instance from a path to a service executable on disk.
bool StartWithProcessHost(std::unique_ptr<ServiceProcessHost> host,
- SandboxType sandbox_type);
+ sandbox::policy::SandboxType sandbox_type);
#endif // !defined(OS_IOS)
// Binds an endpoint for this instance to receive metadata about its
diff --git a/services/service_manager/service_manager.cc b/services/service_manager/service_manager.cc
index 528789a..df2a420 100644
--- a/services/service_manager/service_manager.cc
+++ b/services/service_manager/service_manager.cc
@@ -20,6 +20,7 @@
#include "base/token.h"
#include "base/trace_event/trace_event.h"
#include "build/build_config.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/cpp/connector.h"
#include "services/service_manager/public/cpp/constants.h"
#include "services/service_manager/public/cpp/manifest_builder.h"
@@ -28,7 +29,6 @@
#include "services/service_manager/public/mojom/service.mojom.h"
#include "services/service_manager/public/mojom/service_control.mojom.h"
#include "services/service_manager/public/mojom/service_manager.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "services/service_manager/service_instance.h"
#include "services/service_manager/service_process_host.h"
@@ -77,16 +77,17 @@
~DefaultServiceProcessHost() override = default;
- mojo::PendingRemote<mojom::Service> Launch(const Identity& identity,
- SandboxType sandbox_type,
- const base::string16& display_name,
- LaunchCallback callback) override {
+ mojo::PendingRemote<mojom::Service> Launch(
+ const Identity& identity,
+ sandbox::policy::SandboxType sandbox_type,
+ const base::string16& display_name,
+ LaunchCallback callback) override {
#if defined(OS_IOS)
return mojo::NullRemote();
#else
// TODO(https://crbug.com/781334): Support sandboxing.
- CHECK_EQ(sandbox_type, SandboxType::kNoSandbox);
- return launcher_.Start(identity, SandboxType::kNoSandbox,
+ CHECK_EQ(sandbox_type, sandbox::policy::SandboxType::kNoSandbox);
+ return launcher_.Start(identity, sandbox::policy::SandboxType::kNoSandbox,
std::move(callback));
#endif // defined(OS_IOS)
}
@@ -308,10 +309,10 @@
case Manifest::ExecutionMode::kOutOfProcessBuiltin: {
auto process_host = delegate_->CreateProcessHostForBuiltinServiceInstance(
target_instance->identity());
- if (!process_host ||
- !target_instance->StartWithProcessHost(
- std::move(process_host),
- UtilitySandboxTypeFromString(manifest->options.sandbox_type))) {
+ if (!process_host || !target_instance->StartWithProcessHost(
+ std::move(process_host),
+ sandbox::policy::UtilitySandboxTypeFromString(
+ manifest->options.sandbox_type))) {
DestroyInstance(target_instance);
return nullptr;
}
@@ -324,10 +325,10 @@
auto process_host = delegate_->CreateProcessHostForServiceExecutable(
service_exe_root.AppendASCII(manifest->service_name +
kServiceExecutableExtension));
- if (!process_host ||
- !target_instance->StartWithProcessHost(
- std::move(process_host),
- UtilitySandboxTypeFromString(manifest->options.sandbox_type))) {
+ if (!process_host || !target_instance->StartWithProcessHost(
+ std::move(process_host),
+ sandbox::policy::UtilitySandboxTypeFromString(
+ manifest->options.sandbox_type))) {
DestroyInstance(target_instance);
return nullptr;
}
diff --git a/services/service_manager/service_manager.h b/services/service_manager/service_manager.h
index c78304d..d4e84ab 100644
--- a/services/service_manager/service_manager.h
+++ b/services/service_manager/service_manager.h
@@ -19,6 +19,7 @@
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "mojo/public/cpp/bindings/remote_set.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/catalog.h"
#include "services/service_manager/public/cpp/identity.h"
#include "services/service_manager/public/cpp/manifest.h"
@@ -28,7 +29,6 @@
#include "services/service_manager/public/mojom/interface_provider.mojom.h"
#include "services/service_manager/public/mojom/service.mojom.h"
#include "services/service_manager/public/mojom/service_manager.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "services/service_manager/service_instance_registry.h"
#include "services/service_manager/service_process_host.h"
diff --git a/services/service_manager/service_process_host.h b/services/service_manager/service_process_host.h
index 28700a4..d848236 100644
--- a/services/service_manager/service_process_host.h
+++ b/services/service_manager/service_process_host.h
@@ -11,9 +11,9 @@
#include "base/process/process_handle.h"
#include "base/strings/string16.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/cpp/identity.h"
#include "services/service_manager/public/mojom/service.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
namespace service_manager {
@@ -37,7 +37,7 @@
using LaunchCallback = base::OnceCallback<void(base::ProcessId)>;
virtual mojo::PendingRemote<mojom::Service> Launch(
const Identity& identity,
- SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
const base::string16& display_name,
LaunchCallback callback) = 0;
};
diff --git a/services/service_manager/service_process_launcher.cc b/services/service_manager/service_process_launcher.cc
index 2a738f1..979cf889 100644
--- a/services/service_manager/service_process_launcher.cc
+++ b/services/service_manager/service_process_launcher.cc
@@ -31,9 +31,9 @@
#include "mojo/public/cpp/platform/platform_channel.h"
#include "mojo/public/cpp/system/core.h"
#include "mojo/public/cpp/system/invitation.h"
+#include "sandbox/policy/switches.h"
#include "services/service_manager/public/cpp/service_executable/switches.h"
#include "services/service_manager/public/mojom/service.mojom.h"
-#include "services/service_manager/sandbox/switches.h"
#include "services/service_manager/switches.h"
#if defined(OS_LINUX)
@@ -56,7 +56,7 @@
base::ProcessId LaunchInBackground(
const Identity& target,
- SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
std::unique_ptr<base::CommandLine> child_command_line,
mojo::PlatformChannel::HandlePassingInfo handle_passing_info,
mojo::PlatformChannel channel,
@@ -95,7 +95,7 @@
mojo::PendingRemote<mojom::Service> ServiceProcessLauncher::Start(
const Identity& target,
- SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
ProcessReadyCallback callback) {
DCHECK(!state_);
@@ -131,7 +131,7 @@
if (!IsUnsandboxedSandboxType(sandbox_type)) {
child_command_line->AppendSwitchASCII(
- switches::kServiceSandboxType,
+ sandbox::policy::switches::kServiceSandboxType,
StringFromUtilitySandboxType(sandbox_type));
}
@@ -174,7 +174,7 @@
base::ProcessId ServiceProcessLauncher::ProcessState::LaunchInBackground(
const Identity& target,
- SandboxType sandbox_type,
+ sandbox::policy::SandboxType sandbox_type,
std::unique_ptr<base::CommandLine> child_command_line,
mojo::PlatformChannel::HandlePassingInfo handle_passing_info,
mojo::PlatformChannel channel,
diff --git a/services/service_manager/service_process_launcher.h b/services/service_manager/service_process_launcher.h
index 1b0b04f..e45b054 100644
--- a/services/service_manager/service_process_launcher.h
+++ b/services/service_manager/service_process_launcher.h
@@ -16,8 +16,8 @@
#include "base/process/process.h"
#include "base/sequenced_task_runner.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
+#include "sandbox/policy/sandbox_type.h"
#include "services/service_manager/public/mojom/service.mojom.h"
-#include "services/service_manager/sandbox/sandbox_type.h"
#include "services/service_manager/service_process_launcher_delegate.h"
namespace mojo {
@@ -48,9 +48,10 @@
// |Start()|s the child process; calls |DidStart()| (on the thread on which
// |Start()| was called) when the child has been started (or failed to start).
- mojo::PendingRemote<mojom::Service> Start(const Identity& target,
- SandboxType sandbox_type,
- ProcessReadyCallback callback);
+ mojo::PendingRemote<mojom::Service> Start(
+ const Identity& target,
+ sandbox::policy::SandboxType sandbox_type,
+ ProcessReadyCallback callback);
// Exposed publicly for use in tests. Creates a new Service pipe, passing the
// ServiceRequest end through |*invitation| with an identifier stashed in
diff --git a/services/service_manager/tests/BUILD.gn b/services/service_manager/tests/BUILD.gn
index 7bbd6967..1317d93a 100644
--- a/services/service_manager/tests/BUILD.gn
+++ b/services/service_manager/tests/BUILD.gn
@@ -31,7 +31,6 @@
"//services/service_manager/public/mojom",
"//services/service_manager/tests/connect",
"//services/service_manager/tests/lifecycle",
- "//services/service_manager/tests/sandbox",
"//services/service_manager/tests/service_manager",
"//services/service_manager/tests/shutdown",
"//testing/gtest",
@@ -69,9 +68,9 @@
deps = [
":interfaces",
"//base",
+ "//sandbox/policy",
"//services/service_manager/public/cpp",
"//services/service_manager/public/mojom",
- "//services/service_manager/sandbox:sandbox",
]
}
}
diff --git a/services/service_manager/tests/sandbox/BUILD.gn b/services/service_manager/tests/sandbox/BUILD.gn
deleted file mode 100644
index 4f8625df..0000000
--- a/services/service_manager/tests/sandbox/BUILD.gn
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright 2017 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-source_set("sandbox") {
- testonly = true
- sources = [ "sandbox_type_unittest.cc" ]
- deps = [
- "//base",
- "//base/test:test_support",
- "//services/service_manager/sandbox",
- "//testing/gtest",
- ]
-
- if (is_win) {
- sources += [ "sandbox_win_unittest.cc" ]
- deps += [ "//sandbox/win:sandbox" ]
- data = [
- "//base/test/data/pe_image/pe_image_test_32.dll",
- "//base/test/data/pe_image/pe_image_test_64.dll",
- "//base/test/data/pe_image/pe_image_test_arm64.dll",
- ]
- }
-}
diff --git a/services/service_manager/tests/sandbox/OWNERS b/services/service_manager/tests/sandbox/OWNERS
deleted file mode 100644
index 83b3e4c8..0000000
--- a/services/service_manager/tests/sandbox/OWNERS
+++ /dev/null
@@ -1,4 +0,0 @@
-file://sandbox/OWNERS
-
-per-file sandbox_win_unittest.cc=set noparent
-per-file sandbox_win_unittest.cc=file://sandbox/win/OWNERS
diff --git a/services/service_manager/tests/sandbox_status_service.cc b/services/service_manager/tests/sandbox_status_service.cc
index 2a6c3eb..3946725b 100644
--- a/services/service_manager/tests/sandbox_status_service.cc
+++ b/services/service_manager/tests/sandbox_status_service.cc
@@ -5,7 +5,7 @@
#include "services/service_manager/tests/sandbox_status_service.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
namespace service_manager {
@@ -22,7 +22,7 @@
void SandboxStatusService::GetSandboxStatus(GetSandboxStatusCallback callback) {
std::move(callback).Run(
- service_manager::SandboxLinux::GetInstance()->GetStatus());
+ sandbox::policy::SandboxLinux::GetInstance()->GetStatus());
}
} // namespace service_manager
diff --git a/services/service_manager/tests/service_process_launcher_unittest.cc b/services/service_manager/tests/service_process_launcher_unittest.cc
index 454cf69..346a023 100644
--- a/services/service_manager/tests/service_process_launcher_unittest.cc
+++ b/services/service_manager/tests/service_process_launcher_unittest.cc
@@ -88,7 +88,7 @@
base::in_place, &service_process_launcher_delegate, test_service_path);
base::RunLoop run_loop;
launcher->Start(
- Identity(), SandboxType::kNoSandbox,
+ Identity(), sandbox::policy::SandboxType::kNoSandbox,
base::BindOnce(&ProcessReadyCallbackAdapter,
true /*expect_process_id_valid*/, run_loop.QuitClosure()));
run_loop.Run();
@@ -116,7 +116,7 @@
base::Optional<ServiceProcessLauncher> launcher(
base::in_place, &service_process_launcher_delegate, test_service_path);
base::RunLoop run_loop;
- launcher->Start(Identity(), SandboxType::kNoSandbox,
+ launcher->Start(Identity(), sandbox::policy::SandboxType::kNoSandbox,
base::BindOnce(&ProcessReadyCallbackAdapter,
false /*expect_process_id_valid*/,
run_loop.QuitClosure()));
diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
index 16d57f7..74bc47b 100644
--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -137553,7 +137553,7 @@
Removed 2020-04.
</obsolete>
<owner>ajgo@chromium.org</owner>
- <owner>src/services/service_manager/sandbox/win/OWNERS</owner>
+ <owner>src/sandbox/policy/win/OWNERS</owner>
<summary>
Size of policy global memory used when policy was committed on Windows for
all outcomes. 0 indicates that no rules were used.
@@ -137566,7 +137566,7 @@
Policy size reduced, metric no longer required. Removed 2020-06.
</obsolete>
<owner>ajgo@chromium.org</owner>
- <owner>src/services/service_manager/sandbox/win/OWNERS</owner>
+ <owner>src/sandbox/policy/win/OWNERS</owner>
<summary>
Size of policy global memory used when policy was committed after successful
process start on Windows. 0 indicates that no rules were used.
diff --git a/weblayer/browser/content_browser_client_impl.cc b/weblayer/browser/content_browser_client_impl.cc
index 6e48d15..25cfb57 100644
--- a/weblayer/browser/content_browser_client_impl.cc
+++ b/weblayer/browser/content_browser_client_impl.cc
@@ -126,8 +126,8 @@
#endif
#if defined(OS_WIN)
+#include "sandbox/policy/win/sandbox_win.h"
#include "sandbox/win/src/sandbox.h"
-#include "services/service_manager/sandbox/win/sandbox_win.h"
#endif
#if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)