chromium/src
0
Fork 0
Code Activity

Reduce platform-like buildflags in sandbox code

Browse Source 
Sandbox code is difficult to follow if there are too many
conditional defines and it is ok for chromium to support
a sandbox type that it doesn't use in some configurations.

This CL makes two sandbox types (kPrintBackend and kScreenAI)
always be defined and supported on the platforms where they
are used (they are always used in official Chrome builds on
these platforms).

Both ENABLE_SCREEN_AI_SERVICE and ENABLE_OOP_PRINTING are
always enabled on linux, cros, mac and win.

Additionally some buildflags were tested where they were always
true, so those ifdefs are removed (e.g. in
utility_process_sandbox_browsertest.cc).

Bug: 41494527
Change-Id: Ief90cf997da5677b54e064abd7a45f6eaf3cfebe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6015430
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Mark Rowe <markrowe@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1386974}
This commit is contained in:
Alex Gough
2024-11-22 19:31:13 +00:00
committed by Chromium LUCI CQ
parent 5022af4918
commit 53fc1475f0
18 changed files with 76 additions and 187 deletions

8
content/browser/sandbox_parameters_mac.mm

@ -27,13 +27,11 @@
#include "content/public/common/content_client.h"
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/mac/sandbox_compiler.h"
#include "sandbox/policy/mac/params.h"
#include "sandbox/policy/mac/sandbox_mac.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/switches.h"
#include "services/screen_ai/buildflags/buildflags.h"
namespace content {
@ -216,9 +214,7 @@ bool SetupSandboxParameters(sandbox::mojom::Sandbox sandbox_type,
case sandbox::mojom::Sandbox::kAudio:
case sandbox::mojom::Sandbox::kCdm:
case sandbox::mojom::Sandbox::kMirroring:
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
#endif
case sandbox::mojom::Sandbox::kPrintCompositor:
case sandbox::mojom::Sandbox::kRenderer:
case sandbox::mojom::Sandbox::kService:
@ -235,10 +231,8 @@ bool SetupSandboxParameters(sandbox::mojom::Sandbox sandbox_type,
case sandbox::mojom::Sandbox::kNoSandbox:
NOTREACHED() << "Unhandled parameters for sandbox_type "
<< static_cast<int>(sandbox_type);
// Setup parameters for sandbox types handled by embedders below.
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
// Setup parameters for sandbox types handled by embedders below.
case sandbox::mojom::Sandbox::kScreenAI:
#endif
case sandbox::mojom::Sandbox::kSpeechRecognition:
case sandbox::mojom::Sandbox::kOnDeviceTranslation:
SetupCommonSandboxParameters(compiler, command_line);

23
content/browser/utility_process_sandbox_browsertest.cc

@ -23,7 +23,6 @@
#include "media/gpu/buildflags.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/linux/sandbox_linux.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/sandbox_type.h"
@ -49,12 +48,10 @@ std::vector<Sandbox> GetSandboxTypesToTest() {
for (Sandbox t = Sandbox::kNoSandbox; t <= Sandbox::kMaxValue;
t = static_cast<Sandbox>(static_cast<int>(t) + 1)) {
// These sandbox types can't be spawned in a utility process.
if (t == Sandbox::kRenderer || t == Sandbox::kGpu)
if (t == Sandbox::kRenderer || t == Sandbox::kGpu ||
t == Sandbox::kZygoteIntermediateSandbox) {
continue;
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
if (t == Sandbox::kZygoteIntermediateSandbox)
continue;
#endif
}
types.push_back(t);
}
return types;
@ -127,9 +124,6 @@ class UtilityProcessSandboxBrowserTest
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kHardwareVideoDecoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case Sandbox::kHardwareVideoEncoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kIme:
case Sandbox::kTts:
@ -138,17 +132,14 @@ class UtilityProcessSandboxBrowserTest
case Sandbox::kLibassistant:
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kNetwork:
#if BUILDFLAG(ENABLE_PRINTING)
case Sandbox::kPrintBackend:
#endif
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
case Sandbox::kScreenAI:
#endif
#if BUILDFLAG(IS_LINUX)
case Sandbox::kVideoEffects:
case Sandbox::kOnDeviceTranslation:
#endif
case Sandbox::kHardwareVideoEncoding:
case Sandbox::kNetwork:
case Sandbox::kPrintBackend:
case Sandbox::kScreenAI:
case Sandbox::kSpeechRecognition: {
constexpr int kExpectedPartialSandboxFlags =
SandboxLinux::kSeccompBPF | SandboxLinux::kYama |

14
content/browser/utility_sandbox_delegate.cc

@ -13,9 +13,7 @@
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "content/public/common/zygote/zygote_buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "services/screen_ai/buildflags/buildflags.h"
#if BUILDFLAG(IS_WIN)
#include "content/public/browser/content_browser_client.h"
@ -73,9 +71,6 @@ UtilitySandboxedProcessLauncherDelegate::
sandbox_type_ == sandbox::mojom::Sandbox::kNetwork ||
sandbox_type_ == sandbox::mojom::Sandbox::kOnDeviceModelExecution ||
sandbox_type_ == sandbox::mojom::Sandbox::kCdm ||
#if BUILDFLAG(ENABLE_OOP_PRINTING)
sandbox_type_ == sandbox::mojom::Sandbox::kPrintBackend ||
#endif
sandbox_type_ == sandbox::mojom::Sandbox::kPrintCompositor ||
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
sandbox_type_ == sandbox::mojom::Sandbox::kPpapi ||
@ -97,8 +92,10 @@ UtilitySandboxedProcessLauncherDelegate::
sandbox_type_ == sandbox::mojom::Sandbox::kLibassistant ||
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
sandbox_type_ == sandbox::mojom::Sandbox::kScreenAI ||
sandbox_type_ == sandbox::mojom::Sandbox::kPrintBackend ||
#endif
#if BUILDFLAG(IS_LINUX)
sandbox_type_ == sandbox::mojom::Sandbox::kVideoEffects ||
@ -164,10 +161,9 @@ ZygoteCommunication* UtilitySandboxedProcessLauncherDelegate::GetZygote() {
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type_ == sandbox::mojom::Sandbox::kAudio ||
#if BUILDFLAG(ENABLE_OOP_PRINTING)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
sandbox_type_ == sandbox::mojom::Sandbox::kPrintBackend ||
#endif
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
sandbox_type_ == sandbox::mojom::Sandbox::kScreenAI ||
#endif
#if BUILDFLAG(IS_LINUX)

15
content/browser/utility_sandbox_delegate_win.cc

@ -13,7 +13,6 @@
#include "content/public/common/content_switches.h"
#include "content/public/common/sandboxed_process_launcher_delegate.h"
#include "content/utility/sandbox_delegate_data.mojom.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/features.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/win/sandbox_win.h"
@ -21,7 +20,6 @@
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/sandbox_types.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/screen_ai/buildflags/buildflags.h"
namespace content {
namespace {
@ -103,7 +101,6 @@ bool NetworkInitializeConfig(sandbox::TargetConfig* config) {
return true;
}
#if BUILDFLAG(ENABLE_OOP_PRINTING)
// Sets the sandbox policy for the print backend service process.
bool PrintBackendInitializeConfig(sandbox::TargetConfig* config) {
DCHECK(!config->IsConfigured());
@ -117,7 +114,6 @@ bool PrintBackendInitializeConfig(sandbox::TargetConfig* config) {
config->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
return true;
}
#endif
std::string UtilityAppContainerId(base::CommandLine& cmd_line) {
return base::WideToUTF8(cmd_line.GetProgram().value());
@ -197,7 +193,6 @@ bool XrCompositingInitializeConfig(sandbox::TargetConfig* config,
return true;
}
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
bool ScreenAIInitializeConfig(sandbox::TargetConfig* config,
sandbox::mojom::Sandbox sandbox_type) {
DCHECK(!config->IsConfigured());
@ -214,7 +209,6 @@ bool ScreenAIInitializeConfig(sandbox::TargetConfig* config,
return true;
}
#endif // BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
// Adds preload-libraries to the delegate blob for utility_main() to access
// before lockdown is initialized.
@ -253,7 +247,6 @@ bool UtilitySandboxedProcessLauncherDelegate::GetAppContainerId(
case sandbox::mojom::Sandbox::kXrCompositing:
*appcontainer_id = UtilityAppContainerId(cmd_line_);
return true;
#if BUILDFLAG(ENABLE_PRINTING)
case sandbox::mojom::Sandbox::kPrintCompositor:
if (base::FeatureList::IsEnabled(
sandbox::policy::features::kPrintCompositorLPAC)) {
@ -261,7 +254,6 @@ bool UtilitySandboxedProcessLauncherDelegate::GetAppContainerId(
return true;
}
return false;
#endif
default:
return false;
}
@ -320,13 +312,11 @@ bool UtilitySandboxedProcessLauncherDelegate::InitializeConfig(
}
}
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
if (sandbox_type_ == sandbox::mojom::Sandbox::kScreenAI) {
if (!ScreenAIInitializeConfig(config, sandbox_type_)) {
return false;
}
}
#endif
if (sandbox_type_ == sandbox::mojom::Sandbox::kSpeechRecognition) {
auto result = config->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
@ -374,15 +364,13 @@ bool UtilitySandboxedProcessLauncherDelegate::InitializeConfig(
return false;
}
}
#if BUILDFLAG(ENABLE_OOP_PRINTING)
if (sandbox_type_ == sandbox::mojom::Sandbox::kPrintBackend) {
if (!PrintBackendInitializeConfig(config)) {
return false;
}
}
#endif
#if BUILDFLAG(ENABLE_PRINTING)
if (sandbox_type_ == sandbox::mojom::Sandbox::kPrintCompositor &&
base::FeatureList::IsEnabled(
sandbox::policy::features::kPrintCompositorLPAC) &&
@ -394,7 +382,6 @@ bool UtilitySandboxedProcessLauncherDelegate::InitializeConfig(
return false;
}
}
#endif
return GetContentClient()->browser()->PreSpawnChild(
config, sandbox_type_,

22
content/utility/utility_main.cc

@ -34,7 +34,6 @@
#include "sandbox/policy/sandbox.h"
#include "sandbox/policy/sandbox_type.h"
#include "services/on_device_model/on_device_model_service.h"
#include "services/screen_ai/buildflags/buildflags.h"
#include "services/tracing/public/cpp/trace_startup.h"
#include "services/video_effects/public/cpp/buildflags.h"
@ -51,6 +50,7 @@
#include "sandbox/policy/linux/sandbox_linux.h"
#include "services/audio/audio_sandbox_hook_linux.h"
#include "services/network/network_sandbox_hook_linux.h"
#include "services/screen_ai/buildflags/buildflags.h"
// gn check is not smart enough to realize that this include only applies to
// Linux/ChromeOS and the BUILD.gn dependencies correctly account for that.
#include "third_party/angle/src/gpu_info_util/SystemInfo.h" //nogncheck
@ -58,8 +58,14 @@
#if BUILDFLAG(ENABLE_PRINTING)
#include "printing/sandbox/print_backend_sandbox_hook_linux.h"
#endif
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#include "services/screen_ai/public/cpp/utilities.h" // nogncheck
#include "services/screen_ai/sandbox/screen_ai_sandbox_hook_linux.h" // nogncheck
#endif
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#include "media/gpu/sandbox/hardware_video_decoding_sandbox_hook_linux.h"
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
@ -78,12 +84,6 @@
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if (BUILDFLAG(ENABLE_SCREEN_AI_SERVICE) && \
(BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)))
#include "services/screen_ai/public/cpp/utilities.h" // nogncheck
#include "services/screen_ai/sandbox/screen_ai_sandbox_hook_linux.h" // nogncheck
#endif
#if BUILDFLAG(IS_MAC)
#include "base/message_loop/message_pump_apple.h"
#endif
@ -277,10 +277,12 @@ int UtilityMain(MainFunctionParams parameters) {
pre_sandbox_hook = base::BindOnce(&network::NetworkPreSandboxHook,
GetNetworkContextsParentDirectories());
break;
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
#if BUILDFLAG(ENABLE_OOP_PRINTING)
pre_sandbox_hook = base::BindOnce(&printing::PrintBackendPreSandboxHook);
break;
#else
NOTREACHED();
#endif // BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kAudio:
pre_sandbox_hook = base::BindOnce(&audio::AudioPreSandboxHook);
@ -300,13 +302,15 @@ int UtilityMain(MainFunctionParams parameters) {
&on_device_translation::OnDeviceTranslationSandboxHook);
break;
#endif // BUILDFLAG(ENABLE_ON_DEVICE_TRANSLATION) && BUILDFLAG(IS_LINUX)
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
case sandbox::mojom::Sandbox::kScreenAI:
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
pre_sandbox_hook =
base::BindOnce(&screen_ai::ScreenAIPreSandboxHook,
parameters.command_line->GetSwitchValuePath(
screen_ai::GetBinaryPathSwitch()));
break;
#else
NOTREACHED();
#endif
#if BUILDFLAG(IS_LINUX)
case sandbox::mojom::Sandbox::kVideoEffects:

22
sandbox/policy/BUILD.gn

@ -7,9 +7,6 @@ import("//build/config/cast.gni")
import("//build/config/chromeos/ui_mode.gni")
import("//build/config/sanitizers/sanitizers.gni")
import("//chromeos/ash/components/assistant/assistant.gni")
import("//components/nacl/features.gni")
import("//printing/buildflags/buildflags.gni")
import("//services/screen_ai/buildflags/features.gni")
import("//testing/test.gni")
# Most consumers of sandbox::policy should depend on this target.
@ -31,9 +28,7 @@ component("policy") {
"//base",
"//build:chromeos_buildflags",
"//ppapi/buildflags",
"//printing/buildflags",
"//sandbox/policy/mojom",
"//services/screen_ai/buildflags",
]
public_deps = [ "//sandbox:common" ]
if (is_android) {
@ -78,10 +73,14 @@ component("policy") {
"linux/bpf_on_device_translation_policy_linux.h",
"linux/bpf_ppapi_policy_linux.cc",
"linux/bpf_ppapi_policy_linux.h",
"linux/bpf_print_backend_policy_linux.cc",
"linux/bpf_print_backend_policy_linux.h",
"linux/bpf_print_compositor_policy_linux.cc",
"linux/bpf_print_compositor_policy_linux.h",
"linux/bpf_renderer_policy_linux.cc",
"linux/bpf_renderer_policy_linux.h",
"linux/bpf_screen_ai_policy_linux.cc",
"linux/bpf_screen_ai_policy_linux.h",
"linux/bpf_service_policy_linux.cc",
"linux/bpf_service_policy_linux.h",
"linux/bpf_speech_recognition_policy_linux.cc",
@ -105,18 +104,6 @@ component("policy") {
if (is_linux) {
deps += [ "//net" ] # TODO(crbug.com/40220507): remove this.
}
if (enable_oop_printing) {
sources += [
"linux/bpf_print_backend_policy_linux.cc",
"linux/bpf_print_backend_policy_linux.h",
]
}
if (enable_screen_ai_service) {
sources += [
"linux/bpf_screen_ai_policy_linux.cc",
"linux/bpf_screen_ai_policy_linux.h",
]
}
configs += [
"//media:media_config",
"//media/audio:platform_config",
@ -226,7 +213,6 @@ source_set("tests") {
"//base",
"//base/test:test_support",
"//ppapi/buildflags:buildflags",
"//printing/buildflags",
"//sandbox/policy/mojom",
"//testing/gtest",
]

4
sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc

@ -47,7 +47,6 @@
#include "base/process/process.h"
#include "base/task/sequenced_task_runner.h"
#include "base/threading/thread.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/switches.h"
@ -170,9 +169,6 @@ const SandboxConfig* GetConfigForSandboxType(sandbox::mojom::Sandbox type) {
case sandbox::mojom::Sandbox::kAudio:
case sandbox::mojom::Sandbox::kCdm:
case sandbox::mojom::Sandbox::kOnDeviceModelExecution:
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
#endif
case sandbox::mojom::Sandbox::kPrintCompositor:
case sandbox::mojom::Sandbox::kService:
case sandbox::mojom::Sandbox::kSpeechRecognition:

4
sandbox/policy/linux/sandbox_linux.cc

@ -64,10 +64,6 @@
#include <sanitizer/common_interface_defs.h>
#endif
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/ash/components/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox {
namespace policy {

22
sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc

@ -20,7 +20,6 @@
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/bpf_dsl/trap_registry.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
@ -52,14 +51,11 @@
#include "sandbox/policy/linux/bpf_print_backend_policy_linux.h"
#include "sandbox/policy/linux/bpf_print_compositor_policy_linux.h"
#include "sandbox/policy/linux/bpf_renderer_policy_linux.h"
#include "sandbox/policy/linux/bpf_screen_ai_policy_linux.h"
#include "sandbox/policy/linux/bpf_service_policy_linux.h"
#include "sandbox/policy/linux/bpf_speech_recognition_policy_linux.h"
#include "sandbox/policy/linux/bpf_utility_policy_linux.h"
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#include "sandbox/policy/linux/bpf_screen_ai_policy_linux.h"
#endif
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/ash/components/assistant/buildflags.h"
#include "sandbox/policy/features.h"
@ -204,10 +200,8 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
return std::make_unique<CdmProcessPolicy>();
case sandbox::mojom::Sandbox::kPrintCompositor:
return std::make_unique<PrintCompositorProcessPolicy>();
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
return std::make_unique<PrintBackendProcessPolicy>();
#endif
case sandbox::mojom::Sandbox::kNetwork:
return std::make_unique<NetworkProcessPolicy>();
case sandbox::mojom::Sandbox::kAudio:
@ -222,7 +216,7 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
case sandbox::mojom::Sandbox::kOnDeviceTranslation:
return std::make_unique<OnDeviceTranslationProcessPolicy>();
#endif // BUILDFLAG(IS_LINUX)
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case sandbox::mojom::Sandbox::kScreenAI:
return std::make_unique<ScreenAIProcessPolicy>();
#endif
@ -301,7 +295,6 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kHardwareVideoEncoding:
#if BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kIme:
case sandbox::mojom::Sandbox::kTts:
@ -310,24 +303,21 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
case sandbox::mojom::Sandbox::kLibassistant:
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case sandbox::mojom::Sandbox::kScreenAI:
case sandbox::mojom::Sandbox::kHardwareVideoEncoding:
#endif
case sandbox::mojom::Sandbox::kAudio:
#if BUILDFLAG(IS_LINUX)
case sandbox::mojom::Sandbox::kVideoEffects:
case sandbox::mojom::Sandbox::kOnDeviceTranslation:
#endif // BUILDFLAG(IS_LINUX)
case sandbox::mojom::Sandbox::kAudio:
case sandbox::mojom::Sandbox::kService:
case sandbox::mojom::Sandbox::kServiceWithJit:
case sandbox::mojom::Sandbox::kSpeechRecognition:
case sandbox::mojom::Sandbox::kNetwork:
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
#endif
case sandbox::mojom::Sandbox::kOnDeviceModelExecution:
#if BUILDFLAG(IS_LINUX)
case sandbox::mojom::Sandbox::kOnDeviceTranslation:
#endif // BUILDFLAG(IS_LINUX)
case sandbox::mojom::Sandbox::kUtility:
case sandbox::mojom::Sandbox::kNoSandbox:
case sandbox::mojom::Sandbox::kZygoteIntermediateSandbox:

6
sandbox/policy/mac/BUILD.gn

@ -3,7 +3,6 @@
# found in the LICENSE file.
import("//build/config/python.gni")
import("//printing/buildflags/buildflags.gni")
sb_files = [
"audio.sb",
@ -13,6 +12,7 @@ sb_files = [
"mirroring.sb",
"network.sb",
"on_device_model_execution.sb",
"print_backend.sb",
"print_compositor.sb",
"renderer.sb",
"screen_ai.sb",
@ -21,10 +21,6 @@ sb_files = [
"utility.sb",
]
if (enable_oop_printing) {
sb_files += [ "print_backend.sb" ]
}
action_foreach("package_sb_files") {
script = "package_sb_file.py"
sources = sb_files

10
sandbox/policy/mac/sandbox_mac.mm

@ -14,7 +14,6 @@
#include "base/logging.h"
#include "base/notreached.h"
#include "base/posix/eintr_wrapper.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/features.h"
#include "sandbox/policy/mac/audio.sb.h"
#include "sandbox/policy/mac/cdm.sb.h"
@ -23,15 +22,10 @@
#include "sandbox/policy/mac/mirroring.sb.h"
#include "sandbox/policy/mac/network.sb.h"
#include "sandbox/policy/mac/on_device_model_execution.sb.h"
#include "services/screen_ai/buildflags/buildflags.h"
#if BUILDFLAG(ENABLE_OOP_PRINTING)
#include "sandbox/policy/mac/print_backend.sb.h"
#endif
#include "sandbox/policy/mac/print_compositor.sb.h"
#include "sandbox/policy/mac/renderer.sb.h"
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#include "sandbox/policy/mac/screen_ai.sb.h"
#endif
#include "sandbox/policy/mac/on_device_translation.sb.h"
#include "sandbox/policy/mac/speech_recognition.sb.h"
#include "sandbox/policy/mac/utility.sb.h"
@ -74,19 +68,15 @@ std::string GetSandboxProfile(sandbox::mojom::Sandbox sandbox_type) {
case sandbox::mojom::Sandbox::kNetwork:
profile += kSeatbeltPolicyString_network;
break;
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
profile += kSeatbeltPolicyString_print_backend;
break;
#endif
case sandbox::mojom::Sandbox::kPrintCompositor:
profile += kSeatbeltPolicyString_print_compositor;
break;
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
case sandbox::mojom::Sandbox::kScreenAI:
profile += kSeatbeltPolicyString_screen_ai;
break;
#endif
case sandbox::mojom::Sandbox::kSpeechRecognition:
profile += kSeatbeltPolicyString_speech_recognition;
break;

8
sandbox/policy/mojom/BUILD.gn

@ -6,8 +6,6 @@ import("//build/config/chromeos/ui_mode.gni")
import("//chromeos/ash/components/assistant/assistant.gni")
import("//mojo/public/tools/bindings/mojom.gni")
import("//ppapi/buildflags/buildflags.gni")
import("//printing/buildflags/buildflags.gni")
import("//services/screen_ai/buildflags/features.gni")
mojom("mojom") {
generate_java = true
@ -25,16 +23,10 @@ mojom("mojom") {
}
enabled_features = []
if (enable_oop_printing) {
enabled_features += [ "enable_oop_printing" ]
}
if (enable_ppapi && !is_win) {
enabled_features += [ "enable_ppapi_sandbox" ]
}
if (enable_cros_libassistant) {
enabled_features += [ "enable_cros_libassistant" ]
}
if (enable_screen_ai_service) {
enabled_features += [ "enable_screen_ai_service" ]
}
}

8
sandbox/policy/mojom/sandbox.mojom

@ -67,9 +67,6 @@ enum Sandbox {
// Like kService but allows loading of the optimization guide library.
[EnableIf=is_linux] kVideoEffects,
// Like kUtility but allows loading of screen AI library.
[EnableIf=enable_screen_ai_service] kScreenAI,
// The PPAPI plugin process. (Unsandboxed on Windows.)
[EnableIf=enable_ppapi_sandbox] kPpapi,
@ -93,7 +90,10 @@ enum Sandbox {
[EnableIf=is_win] kPdfConversion,
// Interfaces with operating system print drivers.
[EnableIf=enable_oop_printing] kPrintBackend,
[EnableIf=is_chromeos|is_linux|is_mac|is_win] kPrintBackend,
// Like kUtility but allows loading of screen AI library.
[EnableIf=is_chromeos|is_linux|is_mac|is_win] kScreenAI,
// |kXrCompositing| hosts XR Device Service on Windows.
[EnableIf=is_win] kXrCompositing,

37
sandbox/policy/sandbox_type.cc

@ -11,10 +11,13 @@
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/switches.h"
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/ash/components/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox {
namespace policy {
using sandbox::mojom::Sandbox;
@ -71,9 +74,6 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
case Sandbox::kNetwork:
case Sandbox::kOnDeviceModelExecution:
case Sandbox::kCdm:
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case Sandbox::kPrintBackend:
#endif
case Sandbox::kPrintCompositor:
case Sandbox::kAudio:
#if BUILDFLAG(IS_FUCHSIA)
@ -104,7 +104,9 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
#if BUILDFLAG(IS_MAC)
case Sandbox::kMirroring:
#endif // BUILDFLAG(IS_MAC)
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
case Sandbox::kPrintBackend:
case Sandbox::kScreenAI:
#endif
case Sandbox::kSpeechRecognition:
@ -197,10 +199,6 @@ std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
#endif
case Sandbox::kCdm:
return switches::kCdmSandbox;
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case Sandbox::kPrintBackend:
return switches::kPrintBackendSandbox;
#endif
case Sandbox::kPrintCompositor:
return switches::kPrintCompositorSandbox;
case Sandbox::kUtility:
@ -217,7 +215,10 @@ std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
return switches::kServiceSandboxWithJit;
case Sandbox::kSpeechRecognition:
return switches::kSpeechRecognitionSandbox;
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
case Sandbox::kPrintBackend:
return switches::kPrintBackendSandbox;
case Sandbox::kScreenAI:
return switches::kScreenAISandbox;
#endif
@ -309,10 +310,6 @@ sandbox::mojom::Sandbox UtilitySandboxTypeFromString(
#endif
if (sandbox_string == switches::kCdmSandbox)
return Sandbox::kCdm;
#if BUILDFLAG(ENABLE_OOP_PRINTING)
if (sandbox_string == switches::kPrintBackendSandbox)
return Sandbox::kPrintBackend;
#endif
if (sandbox_string == switches::kPrintCompositorSandbox)
return Sandbox::kPrintCompositor;
#if BUILDFLAG(IS_WIN)
@ -328,16 +325,22 @@ sandbox::mojom::Sandbox UtilitySandboxTypeFromString(
return Sandbox::kWindowsSystemProxyResolver;
#endif
#if BUILDFLAG(IS_MAC)
if (sandbox_string == switches::kMirroringSandbox)
if (sandbox_string == switches::kMirroringSandbox) {
return Sandbox::kMirroring;
}
#endif
if (sandbox_string == switches::kAudioSandbox)
return Sandbox::kAudio;
if (sandbox_string == switches::kSpeechRecognitionSandbox)
return Sandbox::kSpeechRecognition;
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
if (sandbox_string == switches::kScreenAISandbox)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
if (sandbox_string == switches::kPrintBackendSandbox) {
return Sandbox::kPrintBackend;
}
if (sandbox_string == switches::kScreenAISandbox) {
return Sandbox::kScreenAI;
}
#endif
#if BUILDFLAG(IS_LINUX)
if (sandbox_string == switches::kVideoEffectsSandbox) {

4
sandbox/policy/sandbox_type_unittest.cc

@ -7,7 +7,6 @@
#include "base/command_line.h"
#include "build/build_config.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/switches.h"
#include "testing/gtest/include/gtest/gtest.h"
@ -104,7 +103,8 @@ TEST(SandboxTypeTest, Utility) {
SandboxTypeFromCommandLine(command_line12));
#endif
#if BUILDFLAG(ENABLE_OOP_PRINTING)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
base::CommandLine command_line13(command_line);
SetCommandLineFlagsForSandboxType(&command_line13, Sandbox::kPrintBackend);
EXPECT_EQ(Sandbox::kPrintBackend, SandboxTypeFromCommandLine(command_line13));

19
sandbox/policy/switches.cc

@ -6,11 +6,6 @@
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "printing/buildflags/buildflags.h"
#if BUILDFLAG(IS_WIN)
#include "base/command_line.h"
#endif
namespace sandbox {
namespace policy {
@ -29,20 +24,20 @@ const char kOnDeviceModelExecutionSandbox[] = "on_device_model_execution";
const char kPpapiSandbox[] = "ppapi";
const char kUtilitySandbox[] = "utility";
const char kCdmSandbox[] = "cdm";
#if BUILDFLAG(ENABLE_PRINTING)
const char kPrintBackendSandbox[] = "print_backend";
#endif
const char kPrintCompositorSandbox[] = "print_compositor";
const char kAudioSandbox[] = "audio";
const char kServiceSandbox[] = "service";
const char kServiceSandboxWithJit[] = "service_with_jit";
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
const char kScreenAISandbox[] = "screen_ai";
#endif
const char kVideoEffectsSandbox[] = "video_effects";
const char kSpeechRecognitionSandbox[] = "speech_recognition";
const char kVideoCaptureSandbox[] = "video_capture";
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
const char kPrintBackendSandbox[] = "print_backend";
const char kScreenAISandbox[] = "screen_ai";
#endif
#if BUILDFLAG(IS_WIN)
const char kPdfConversionSandbox[] = "pdf_conversion";
const char kXrCompositingSandbox[] = "xr_compositing";
@ -66,9 +61,7 @@ const char kHardwareVideoEncodingSandbox[] = "hardware_video_encoding";
const char kImeSandbox[] = "ime";
const char kTtsSandbox[] = "tts";
const char kNearbySandbox[] = "nearby";
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
const char kLibassistantSandbox[] = "libassistant";
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)

20
sandbox/policy/switches.h

@ -7,13 +7,7 @@
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/policy/export.h"
#include "services/screen_ai/buildflags/buildflags.h"
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/ash/components/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox {
namespace policy {
@ -32,20 +26,20 @@ SANDBOX_POLICY_EXPORT extern const char kOnDeviceModelExecutionSandbox[];
SANDBOX_POLICY_EXPORT extern const char kPpapiSandbox[];
SANDBOX_POLICY_EXPORT extern const char kUtilitySandbox[];
SANDBOX_POLICY_EXPORT extern const char kCdmSandbox[];
#if BUILDFLAG(ENABLE_PRINTING)
SANDBOX_POLICY_EXPORT extern const char kPrintBackendSandbox[];
#endif
SANDBOX_POLICY_EXPORT extern const char kPrintCompositorSandbox[];
SANDBOX_POLICY_EXPORT extern const char kAudioSandbox[];
SANDBOX_POLICY_EXPORT extern const char kServiceSandbox[];
SANDBOX_POLICY_EXPORT extern const char kServiceSandboxWithJit[];
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
SANDBOX_POLICY_EXPORT extern const char kScreenAISandbox[];
#endif
SANDBOX_POLICY_EXPORT extern const char kVideoEffectsSandbox[];
SANDBOX_POLICY_EXPORT extern const char kSpeechRecognitionSandbox[];
SANDBOX_POLICY_EXPORT extern const char kVideoCaptureSandbox[];
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
SANDBOX_POLICY_EXPORT extern const char kPrintBackendSandbox[];
SANDBOX_POLICY_EXPORT extern const char kScreenAISandbox[];
#endif
#if BUILDFLAG(IS_WIN)
SANDBOX_POLICY_EXPORT extern const char kPdfConversionSandbox[];
SANDBOX_POLICY_EXPORT extern const char kXrCompositingSandbox[];
@ -69,9 +63,7 @@ SANDBOX_POLICY_EXPORT extern const char kHardwareVideoEncodingSandbox[];
SANDBOX_POLICY_EXPORT extern const char kImeSandbox[];
SANDBOX_POLICY_EXPORT extern const char kTtsSandbox[];
SANDBOX_POLICY_EXPORT extern const char kNearbySandbox[];
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
SANDBOX_POLICY_EXPORT extern const char kLibassistantSandbox[];
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)

17
sandbox/policy/win/sandbox_win.cc

@ -52,8 +52,6 @@
#include "base/win/win_util.h"
#include "base/win/windows_version.h"
#include "build/build_config.h"
#include "ppapi/buildflags/buildflags.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/features.h"
#include "sandbox/policy/features.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
@ -64,7 +62,6 @@
#include "sandbox/win/src/app_container.h"
#include "sandbox/win/src/process_mitigations.h"
#include "sandbox/win/src/sandbox.h"
#include "services/screen_ai/buildflags/buildflags.h"
namespace sandbox {
namespace policy {
@ -353,11 +350,9 @@ std::wstring GetAppContainerProfileName(const std::string& appcontainer_id,
case Sandbox::kOnDeviceModelExecution:
sandbox_base_name = std::string("cr.sb.odm");
break;
#if BUILDFLAG(ENABLE_PRINTING)
case Sandbox::kPrintCompositor:
sandbox_base_name = std::string("cr.sb.prnc");
break;
#endif
case Sandbox::kWindowsSystemProxyResolver:
sandbox_base_name = std::string("cr.sb.pxy");
break;
@ -392,11 +387,9 @@ ResultCode SetupAppContainerProfile(AppContainer* container,
sandbox_type != Sandbox::kMediaFoundationCdm &&
sandbox_type != Sandbox::kNetwork &&
sandbox_type != Sandbox::kOnDeviceModelExecution &&
#if BUILDFLAG(ENABLE_PRINTING)
!(sandbox_type == Sandbox::kPrintCompositor &&
base::FeatureList::IsEnabled(
sandbox::policy::features::kPrintCompositorLPAC)) &&
#endif
sandbox_type != Sandbox::kWindowsSystemProxyResolver) {
return SBOX_ERROR_UNSUPPORTED;
}
@ -461,13 +454,11 @@ ResultCode SetupAppContainerProfile(AppContainer* container,
container->SetEnableLowPrivilegeAppContainer(true);
}
#if BUILDFLAG(ENABLE_PRINTING)
if (sandbox_type == Sandbox::kPrintCompositor) {
container->AddCapability(kLpacCom);
container->AddCapability(L"lpacPrinting");
container->SetEnableLowPrivilegeAppContainer(true);
}
#endif
if (sandbox_type == Sandbox::kWindowsSystemProxyResolver) {
container->AddCapability(base::win::WellKnownCapability::kInternetClient);
@ -513,9 +504,7 @@ ResultCode GenerateConfigForSandboxedProcess(const base::CommandLine& cmd_line,
// Post-startup mitigations.
mitigations = MITIGATION_DLL_SEARCH_ORDER;
if (!cmd_line.HasSwitch(switches::kAllowThirdPartyModules) &&
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
sandbox_type != Sandbox::kScreenAI &&
#endif
sandbox_type != Sandbox::kSpeechRecognition &&
sandbox_type != Sandbox::kMediaFoundationCdm) {
mitigations |= MITIGATION_FORCE_MS_SIGNED_BINS;
@ -817,12 +806,10 @@ bool SandboxWin::IsAppContainerEnabledForSandbox(
return true;
}
#if BUILDFLAG(ENABLE_PRINTING)
if (sandbox_type == Sandbox::kPrintCompositor) {
return base::FeatureList::IsEnabled(
sandbox::policy::features::kPrintCompositorLPAC);
}
#endif
if (sandbox_type == Sandbox::kWindowsSystemProxyResolver)
return true;
@ -1079,16 +1066,12 @@ std::string SandboxWin::GetSandboxTypeInEnglish(
return "CDM";
case Sandbox::kPrintCompositor:
return "Print Compositor";
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case Sandbox::kPrintBackend:
return "Print Backend";
#endif
case Sandbox::kAudio:
return "Audio";
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
case Sandbox::kScreenAI:
return "Screen AI";
#endif
case Sandbox::kSpeechRecognition:
return "Speech Recognition";
case Sandbox::kPdfConversion: