Make kNoSandboxAndElevatedPrivileges only available to utilities
Sandbox::kNoSandboxAndElevatedPrivileges had its own command line switch, now it is integrated with how utilities are launched. We only used this sandbox type from utilities so this should work out ok. Additionally we remove two places where the command line switch is sniffed from outside //sandbox and force use of helpers instead. Test expectations in sandbox_integration_tests are adjusted to account for this. Bug: 1269423 Change-Id: I410f814e03bc60a2a424a9bcb55bc55aed39005e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3276784 Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Filip Gorski <fgorski@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#941072}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
f310cddae1
commit
67a1869cc9
chrome/utility
content/utility
sandbox/policy
@ -19,7 +19,8 @@
|
||||
#include "chrome/utility/services.h"
|
||||
#include "content/public/child/child_thread.h"
|
||||
#include "content/public/common/content_switches.h"
|
||||
#include "sandbox/policy/switches.h"
|
||||
#include "sandbox/policy/mojom/sandbox.mojom.h"
|
||||
#include "sandbox/policy/sandbox_type.h"
|
||||
|
||||
#if BUILDFLAG(ENABLE_PRINT_PREVIEW) && defined(OS_WIN)
|
||||
#include "chrome/utility/printing_handler.h"
|
||||
@ -41,9 +42,10 @@ ChromeContentUtilityClient::~ChromeContentUtilityClient() = default;
|
||||
void ChromeContentUtilityClient::ExposeInterfacesToBrowser(
|
||||
mojo::BinderMap* binders) {
|
||||
#if defined(OS_WIN)
|
||||
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
|
||||
utility_process_running_elevated_ = command_line->HasSwitch(
|
||||
sandbox::policy::switches::kNoSandboxAndElevatedPrivileges);
|
||||
auto& cmd_line = *base::CommandLine::ForCurrentProcess();
|
||||
auto sandbox_type = sandbox::policy::SandboxTypeFromCommandLine(cmd_line);
|
||||
utility_process_running_elevated_ =
|
||||
sandbox_type == sandbox::mojom::Sandbox::kNoSandboxAndElevatedPrivileges;
|
||||
#endif
|
||||
|
||||
// If our process runs with elevated privileges, only add elevated Mojo
|
||||
|
@ -16,7 +16,8 @@
|
||||
#include "mojo/public/cpp/bindings/binder_map.h"
|
||||
#include "mojo/public/cpp/bindings/pending_receiver.h"
|
||||
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
|
||||
#include "sandbox/policy/switches.h"
|
||||
#include "sandbox/policy/mojom/sandbox.mojom.h"
|
||||
#include "sandbox/policy/sandbox_type.h"
|
||||
|
||||
#if !defined(OS_ANDROID)
|
||||
#include "content/public/common/resource_usage_reporter.mojom.h"
|
||||
@ -62,8 +63,15 @@ void CreateResourceUsageReporter(
|
||||
|
||||
void ExposeUtilityInterfacesToBrowser(mojo::BinderMap* binders) {
|
||||
#if !defined(OS_ANDROID)
|
||||
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
|
||||
sandbox::policy::switches::kNoneSandboxAndElevatedPrivileges)) {
|
||||
bool bind_usage_reporter = true;
|
||||
#if defined(OS_WIN)
|
||||
auto& cmd_line = *base::CommandLine::ForCurrentProcess();
|
||||
if (sandbox::policy::SandboxTypeFromCommandLine(cmd_line) ==
|
||||
sandbox::mojom::Sandbox::kNoSandboxAndElevatedPrivileges) {
|
||||
bind_usage_reporter = false;
|
||||
}
|
||||
#endif // defined(OS_WIN)
|
||||
if (bind_usage_reporter) {
|
||||
binders->Add(base::BindRepeating(&CreateResourceUsageReporter),
|
||||
base::ThreadTaskRunnerHandle::Get());
|
||||
}
|
||||
|
@ -90,11 +90,6 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
|
||||
command_line->AppendSwitch(switches::kNoSandbox);
|
||||
}
|
||||
break;
|
||||
#if defined(OS_WIN)
|
||||
case Sandbox::kNoSandboxAndElevatedPrivileges:
|
||||
command_line->AppendSwitch(switches::kNoSandboxAndElevatedPrivileges);
|
||||
break;
|
||||
#endif
|
||||
case Sandbox::kRenderer:
|
||||
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
|
||||
switches::kRendererProcess);
|
||||
@ -128,6 +123,7 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
|
||||
case Sandbox::kVideoCapture:
|
||||
#endif
|
||||
#if defined(OS_WIN)
|
||||
case Sandbox::kNoSandboxAndElevatedPrivileges:
|
||||
case Sandbox::kXrCompositing:
|
||||
case Sandbox::kPdfConversion:
|
||||
case Sandbox::kIconReader:
|
||||
@ -168,11 +164,6 @@ sandbox::mojom::Sandbox SandboxTypeFromCommandLine(
|
||||
if (command_line.HasSwitch(switches::kNoSandbox))
|
||||
return Sandbox::kNoSandbox;
|
||||
|
||||
#if defined(OS_WIN)
|
||||
if (command_line.HasSwitch(switches::kNoSandboxAndElevatedPrivileges))
|
||||
return Sandbox::kNoSandboxAndElevatedPrivileges;
|
||||
#endif
|
||||
|
||||
std::string process_type =
|
||||
command_line.GetSwitchValueASCII(switches::kProcessType);
|
||||
if (process_type.empty())
|
||||
@ -233,6 +224,10 @@ std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
|
||||
switch (sandbox_type) {
|
||||
case Sandbox::kNoSandbox:
|
||||
return switches::kNoneSandbox;
|
||||
#if defined(OS_WIN)
|
||||
case Sandbox::kNoSandboxAndElevatedPrivileges:
|
||||
return switches::kNoneSandboxAndElevatedPrivileges;
|
||||
#endif // defined(OS_WIN)
|
||||
case Sandbox::kNetwork:
|
||||
return switches::kNetworkSandbox;
|
||||
#if BUILDFLAG(ENABLE_PLUGINS)
|
||||
@ -288,9 +283,6 @@ std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
|
||||
// The following are not utility processes so should not occur.
|
||||
case Sandbox::kRenderer:
|
||||
case Sandbox::kGpu:
|
||||
#if defined(OS_WIN)
|
||||
case Sandbox::kNoSandboxAndElevatedPrivileges:
|
||||
#endif // defined(OS_WIN)
|
||||
#if defined(OS_MAC)
|
||||
case Sandbox::kNaClLoader:
|
||||
#endif // defined(OS_MAC)
|
||||
|
@ -23,15 +23,6 @@ TEST(SandboxTypeTest, Empty) {
|
||||
command_line.AppendSwitchASCII(switches::kServiceSandboxType, "network");
|
||||
EXPECT_EQ(Sandbox::kNoSandbox, SandboxTypeFromCommandLine(command_line));
|
||||
|
||||
#if defined(OS_WIN)
|
||||
EXPECT_FALSE(
|
||||
command_line.HasSwitch(switches::kNoSandboxAndElevatedPrivileges));
|
||||
SetCommandLineFlagsForSandboxType(&command_line,
|
||||
Sandbox::kNoSandboxAndElevatedPrivileges);
|
||||
EXPECT_EQ(Sandbox::kNoSandboxAndElevatedPrivileges,
|
||||
SandboxTypeFromCommandLine(command_line));
|
||||
#endif
|
||||
|
||||
EXPECT_FALSE(command_line.HasSwitch(switches::kNoSandbox));
|
||||
SetCommandLineFlagsForSandboxType(&command_line, Sandbox::kNoSandbox);
|
||||
EXPECT_EQ(Sandbox::kNoSandbox, SandboxTypeFromCommandLine(command_line));
|
||||
@ -101,6 +92,12 @@ TEST(SandboxTypeTest, Utility) {
|
||||
EXPECT_EQ(Sandbox::kXrCompositing,
|
||||
SandboxTypeFromCommandLine(command_line10));
|
||||
|
||||
base::CommandLine command_line11(command_line);
|
||||
SetCommandLineFlagsForSandboxType(&command_line11,
|
||||
Sandbox::kNoSandboxAndElevatedPrivileges);
|
||||
EXPECT_EQ(Sandbox::kNoSandboxAndElevatedPrivileges,
|
||||
SandboxTypeFromCommandLine(command_line11));
|
||||
|
||||
base::CommandLine command_line12(command_line);
|
||||
SetCommandLineFlagsForSandboxType(&command_line12, Sandbox::kPdfConversion);
|
||||
EXPECT_EQ(Sandbox::kPdfConversion,
|
||||
|
@ -107,9 +107,6 @@ const char kAllowThirdPartyModules[] = "allow-third-party-modules";
|
||||
// Add additional capabilities to the AppContainer sandbox on the GPU process.
|
||||
const char kAddGpuAppContainerCaps[] = "add-gpu-appcontainer-caps";
|
||||
|
||||
// Disables the sandbox and gives the process elevated privileges.
|
||||
const char kNoSandboxAndElevatedPrivileges[] = "no-sandbox-and-elevated";
|
||||
|
||||
// Add additional capabilities to the AppContainer sandbox used for XR
|
||||
// compositing.
|
||||
const char kAddXrAppContainerCaps[] = "add-xr-appcontainer-caps";
|
||||
|
@ -75,7 +75,6 @@ SANDBOX_POLICY_EXPORT extern const char kNoZygoteSandbox[];
|
||||
#if defined(OS_WIN)
|
||||
SANDBOX_POLICY_EXPORT extern const char kAllowThirdPartyModules[];
|
||||
SANDBOX_POLICY_EXPORT extern const char kAddGpuAppContainerCaps[];
|
||||
SANDBOX_POLICY_EXPORT extern const char kNoSandboxAndElevatedPrivileges[];
|
||||
SANDBOX_POLICY_EXPORT extern const char kAddXrAppContainerCaps[];
|
||||
#endif
|
||||
#if defined(OS_MAC)
|
||||
|
Reference in New Issue
Block a user