chromium/src
0
Fork 0
Code Activity

assistant: Sandbox libassistant service

Browse Source 
This patch creates a new utility sandbox type of libassistant to sandbox
the Libassistant service.

Bug: b/155328340
Test: manual
Change-Id: Ib65ac7af93f5ee420909389aa03e5252f994782b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2799135
Commit-Queue: Tao Wu <wutao@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Xiaohui Chen <xiaohuic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#876474}
This commit is contained in:
wutao
2021-04-27 06:58:51 +00:00
committed by Chromium LUCI CQ
parent 99685c8cb2
commit 8c47751fd7
36 changed files with 454 additions and 23 deletions

5
chrome/browser/BUILD.gn

@@ -16,6 +16,7 @@ import("//build/config/ui.gni")
import("//chrome/browser/buildflags.gni") import("//chrome/browser/buildflags.gni")
import("//chrome/browser/downgrade/buildflags.gni") import("//chrome/browser/downgrade/buildflags.gni")
import("//chrome/common/features.gni") import("//chrome/common/features.gni")
import("//chromeos/assistant/assistant.gni")
import("//components/captive_portal/core/features.gni") import("//components/captive_portal/core/features.gni")
import("//components/feed/features.gni") import("//components/feed/features.gni")
import("//components/nacl/features.gni") import("//components/nacl/features.gni")
@@ -2431,6 +2432,10 @@ static_library("browser") {
"//chromeos/components/telemetry_extension_ui/mojom", "//chromeos/components/telemetry_extension_ui/mojom",
] ]
} }
if (enable_libassistant_sandbox) {
deps += [ "//chromeos/services/libassistant/public/mojom" ]
}
} }
if (is_linux || is_chromeos) { if (is_linux || is_chromeos) {
deps += [ "//chrome/browser/error_reporting" ] deps += [ "//chrome/browser/error_reporting" ]

17
chrome/browser/chromeos/service_sandbox_type.h

@@ -5,6 +5,7 @@
#ifndef CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_ #ifndef CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_
#define CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_ #define CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_
#include "chromeos/assistant/buildflags.h"
#include "content/public/browser/service_process_host.h" #include "content/public/browser/service_process_host.h"
#include "sandbox/policy/sandbox_type.h" #include "sandbox/policy/sandbox_type.h"
@@ -42,4 +43,20 @@ content::GetServiceSandboxType<chromeos::tts::mojom::TtsService>() {
return sandbox::policy::SandboxType::kTts; return sandbox::policy::SandboxType::kTts;
} }
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
namespace chromeos {
namespace libassistant {
namespace mojom {
class LibassistantService;
} // namespace mojom
} // namespace libassistant
} // namespace chromeos
template <>
inline sandbox::policy::SandboxType content::GetServiceSandboxType<
chromeos::libassistant::mojom::LibassistantService>() {
return sandbox::policy::SandboxType::kLibassistant;
}
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_ #endif // CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_

17
chrome/browser/ui/ash/assistant/assistant_client_impl.cc

@@ -32,6 +32,11 @@
#include "content/public/common/content_switches.h" #include "content/public/common/content_switches.h"
#include "services/network/public/cpp/shared_url_loader_factory.h" #include "services/network/public/cpp/shared_url_loader_factory.h"
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "chrome/browser/chromeos/service_sandbox_type.h"
#include "chromeos/services/libassistant/public/mojom/service.mojom.h"
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
AssistantClientImpl::AssistantClientImpl() { AssistantClientImpl::AssistantClientImpl() {
auto* session_manager = session_manager::SessionManager::Get(); auto* session_manager = session_manager::SessionManager::Get();
// AssistantClientImpl must be created before any user session is created. // AssistantClientImpl must be created before any user session is created.
@@ -162,6 +167,18 @@ void AssistantClientImpl::RequestNetworkConfig(
ash::GetNetworkConfigService(std::move(receiver)); ash::GetNetworkConfigService(std::move(receiver));
} }
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
void AssistantClientImpl::RequestLibassistantService(
mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService>
receiver) {
content::ServiceProcessHost::Launch<
chromeos::libassistant::mojom::LibassistantService>(
std::move(receiver), content::ServiceProcessHost::Options()
.WithDisplayName("Libassistant Service")
.Pass());
}
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
void AssistantClientImpl::OnExtendedAccountInfoUpdated( void AssistantClientImpl::OnExtendedAccountInfoUpdated(
const AccountInfo& info) { const AccountInfo& info) {
if (initialized_) if (initialized_)

6
chrome/browser/ui/ash/assistant/assistant_client_impl.h

@@ -13,6 +13,7 @@
#include "base/macros.h" #include "base/macros.h"
#include "base/scoped_observer.h" #include "base/scoped_observer.h"
#include "chrome/browser/ui/ash/assistant/device_actions.h" #include "chrome/browser/ui/ash/assistant/device_actions.h"
#include "chromeos/assistant/buildflags.h"
#include "chromeos/services/assistant/public/cpp/assistant_client.h" #include "chromeos/services/assistant/public/cpp/assistant_client.h"
#include "chromeos/services/assistant/service.h" #include "chromeos/services/assistant/service.h"
#include "components/session_manager/core/session_manager_observer.h" #include "components/session_manager/core/session_manager_observer.h"
@@ -78,6 +79,11 @@ class AssistantClientImpl : public ash::AssistantClient,
void RequestNetworkConfig( void RequestNetworkConfig(
mojo::PendingReceiver<chromeos::network_config::mojom::CrosNetworkConfig> mojo::PendingReceiver<chromeos::network_config::mojom::CrosNetworkConfig>
receiver) override; receiver) override;
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
void RequestLibassistantService(
mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService>
receiver) override;
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
private: private:
// signin::IdentityManager::Observer: // signin::IdentityManager::Observer:

7
chrome/utility/BUILD.gn

@@ -176,6 +176,13 @@ static_library("utility") {
"//chromeos/services/assistant/audio_decoder:lib", "//chromeos/services/assistant/audio_decoder:lib",
"//chromeos/services/assistant/public/mojom", "//chromeos/services/assistant/public/mojom",
] ]
if (enable_libassistant_sandbox) {
deps += [
"//chromeos/services/libassistant",
"//chromeos/services/libassistant/public/mojom",
]
}
} }
} }

1
chrome/utility/DEPS

@@ -27,6 +27,7 @@ include_rules = [
"+chromeos/services/assistant", "+chromeos/services/assistant",
"+chromeos/services/ime/ime_service.h", "+chromeos/services/ime/ime_service.h",
"+chromeos/services/ime/public/mojom", "+chromeos/services/ime/public/mojom",
"+chromeos/services/libassistant/libassistant_service.h",
"+chromeos/services/nearby", "+chromeos/services/nearby",
"+chromeos/services/tts", "+chromeos/services/tts",
"+components/crash/core/common/crash_keys.h", "+components/crash/core/common/crash_keys.h",

24
chrome/utility/services.cc

@@ -108,6 +108,10 @@
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#include "chromeos/services/assistant/audio_decoder/assistant_audio_decoder_factory.h" // nogncheck #include "chromeos/services/assistant/audio_decoder/assistant_audio_decoder_factory.h" // nogncheck
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "chromeos/services/libassistant/libassistant_service.h" // nogncheck
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
@@ -293,8 +297,17 @@ auto RunAssistantAudioDecoder(
return std::make_unique<chromeos::assistant::AssistantAudioDecoderFactory>( return std::make_unique<chromeos::assistant::AssistantAudioDecoderFactory>(
std::move(receiver)); std::move(receiver));
} }
#endif
#endif #if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
auto RunLibassistantService(
mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService>
receiver) {
return std::make_unique<chromeos::libassistant::LibassistantService>(
std::move(receiver));
}
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
} // namespace } // namespace
@@ -374,8 +387,11 @@ void RegisterMainThreadServices(mojo::ServiceFactory& services) {
services.Add(RunLocalSearchService); services.Add(RunLocalSearchService);
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
services.Add(RunAssistantAudioDecoder); services.Add(RunAssistantAudioDecoder);
#endif #if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif services.Add(RunLibassistantService);
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
} }
void RegisterIOThreadServices(mojo::ServiceFactory& services) { void RegisterIOThreadServices(mojo::ServiceFactory& services) {

1
chromeos/assistant/BUILD.gn

@@ -11,6 +11,7 @@ buildflag_header("buildflags") {
flags = [ flags = [
"ENABLE_CROS_LIBASSISTANT=$enable_cros_libassistant", "ENABLE_CROS_LIBASSISTANT=$enable_cros_libassistant",
"ENABLE_LIBASSISTANT_SANDBOX=$enable_cros_libassistant && $enable_libassistant_sandbox",
"ENABLE_CROS_AMBIENT_MODE_BACKEND=$enable_cros_ambient_mode_backend", "ENABLE_CROS_AMBIENT_MODE_BACKEND=$enable_cros_ambient_mode_backend",
] ]
} }

3
chromeos/assistant/assistant.gni

@@ -5,6 +5,9 @@ declare_args() {
# Enable assistant implementation based on libassistant. # Enable assistant implementation based on libassistant.
enable_cros_libassistant = is_chromeos_ash && is_chrome_branded enable_cros_libassistant = is_chromeos_ash && is_chrome_branded
# Enable sandboxing LibAssistant service.
enable_libassistant_sandbox = false
# Enable a fake microphone, which can replay audio files as microphone input. # Enable a fake microphone, which can replay audio files as microphone input.
# See chromeos/assistant/tools/send-audio.sh # See chromeos/assistant/tools/send-audio.sh
enable_fake_assistant_microphone = false enable_fake_assistant_microphone = false

4
chromeos/services/assistant/BUILD.gn

@@ -95,6 +95,10 @@ source_set("libassistant_service_host") {
if (enable_cros_libassistant) { if (enable_cros_libassistant) {
deps += [ "//chromeos/services/libassistant" ] deps += [ "//chromeos/services/libassistant" ]
if (enable_libassistant_sandbox) {
deps += [ "//chromeos/services/assistant/public/cpp" ]
}
} }
} }

15
chromeos/services/assistant/libassistant_service_host_impl.cc

@@ -11,7 +11,12 @@
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#include "chromeos/services/libassistant/libassistant_service.h" #include "chromeos/services/libassistant/libassistant_service.h"
#endif
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "chromeos/services/assistant/public/cpp/assistant_client.h" // nogncheck
#include "chromeos/services/libassistant/public/mojom/service.mojom-forward.h" // nogncheck
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
namespace chromeos { namespace chromeos {
namespace assistant { namespace assistant {
@@ -19,7 +24,9 @@ namespace assistant {
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
LibassistantServiceHostImpl::LibassistantServiceHostImpl() { LibassistantServiceHostImpl::LibassistantServiceHostImpl() {
#if !BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
DETACH_FROM_SEQUENCE(sequence_checker_); DETACH_FROM_SEQUENCE(sequence_checker_);
#endif
} }
LibassistantServiceHostImpl::~LibassistantServiceHostImpl() = default; LibassistantServiceHostImpl::~LibassistantServiceHostImpl() = default;
@@ -27,16 +34,22 @@ LibassistantServiceHostImpl::~LibassistantServiceHostImpl() = default;
void LibassistantServiceHostImpl::Launch( void LibassistantServiceHostImpl::Launch(
mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService> mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService>
receiver) { receiver) {
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
AssistantClient::Get()->RequestLibassistantService(std::move(receiver));
#else
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
DCHECK(!libassistant_service_); DCHECK(!libassistant_service_);
libassistant_service_ = libassistant_service_ =
std::make_unique<chromeos::libassistant::LibassistantService>( std::make_unique<chromeos::libassistant::LibassistantService>(
std::move(receiver)); std::move(receiver));
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
} }
void LibassistantServiceHostImpl::Stop() { void LibassistantServiceHostImpl::Stop() {
#if !BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
libassistant_service_ = nullptr; libassistant_service_ = nullptr;
#endif
} }
#else #else

3
chromeos/services/assistant/libassistant_service_host_impl.h

@@ -37,7 +37,8 @@ class LibassistantServiceHostImpl : public LibassistantServiceHost {
void Stop() override; void Stop() override;
private: private:
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) && \
!BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
SEQUENCE_CHECKER(sequence_checker_); SEQUENCE_CHECKER(sequence_checker_);
std::unique_ptr<chromeos::libassistant::LibassistantService> std::unique_ptr<chromeos::libassistant::LibassistantService>
libassistant_service_ GUARDED_BY_CONTEXT(sequence_checker_); libassistant_service_ GUARDED_BY_CONTEXT(sequence_checker_);

2
chromeos/services/assistant/proxy/assistant_proxy.cc

@@ -55,6 +55,8 @@ void AssistantProxy::LaunchLibassistantServiceOnBackgroundThread(
} }
void AssistantProxy::StopLibassistantService() { void AssistantProxy::StopLibassistantService() {
libassistant_service_.reset();
// |libassistant_service_| is launched on the background thread, so we have to // |libassistant_service_| is launched on the background thread, so we have to
// stop it there as well. // stop it there as well.
background_task_runner()->PostTask( background_task_runner()->PostTask(

5
chromeos/services/assistant/public/cpp/BUILD.gn

@@ -40,5 +40,8 @@ component("cpp") {
"//ui/accessibility/mojom", "//ui/accessibility/mojom",
] ]
deps = [ "//components/prefs" ] deps = [
"//chromeos/assistant:buildflags",
"//components/prefs",
]
} }

12
chromeos/services/assistant/public/cpp/assistant_client.h

@@ -7,6 +7,7 @@
#include "ash/public/mojom/assistant_volume_control.mojom.h" #include "ash/public/mojom/assistant_volume_control.mojom.h"
#include "base/component_export.h" #include "base/component_export.h"
#include "chromeos/assistant/buildflags.h"
#include "chromeos/services/assistant/public/cpp/assistant_enums.h" #include "chromeos/services/assistant/public/cpp/assistant_enums.h"
#include "chromeos/services/assistant/public/mojom/assistant_audio_decoder.mojom.h" #include "chromeos/services/assistant/public/mojom/assistant_audio_decoder.mojom.h"
#include "chromeos/services/libassistant/public/cpp/assistant_notification.h" #include "chromeos/services/libassistant/public/cpp/assistant_notification.h"
@@ -18,6 +19,10 @@
#include "services/media_session/public/mojom/audio_focus.mojom.h" #include "services/media_session/public/mojom/audio_focus.mojom.h"
#include "services/media_session/public/mojom/media_controller.mojom.h" #include "services/media_session/public/mojom/media_controller.mojom.h"
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "chromeos/services/libassistant/public/mojom/service.mojom-forward.h"
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
namespace chromeos { namespace chromeos {
namespace assistant { namespace assistant {
@@ -74,6 +79,13 @@ class COMPONENT_EXPORT(ASSISTANT_SERVICE_PUBLIC) AssistantClient {
virtual void RequestNetworkConfig( virtual void RequestNetworkConfig(
mojo::PendingReceiver<chromeos::network_config::mojom::CrosNetworkConfig> mojo::PendingReceiver<chromeos::network_config::mojom::CrosNetworkConfig>
receiver) = 0; receiver) = 0;
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
// Requests a connection to Libassistant service interface via the browser.
virtual void RequestLibassistantService(
mojo::PendingReceiver<chromeos::libassistant::mojom::LibassistantService>
receiver) = 0;
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
}; };
} // namespace assistant } // namespace assistant

29
chromeos/services/libassistant/BUILD.gn

@@ -7,6 +7,19 @@ import("//chromeos/assistant/assistant.gni")
assert(enable_cros_libassistant) assert(enable_cros_libassistant)
component("constants") {
output_name = "libassistant_constants"
defines = [ "IS_LIBASSISTANT_CONSTANTS_IMPL" ]
deps = [
"//base",
"//build:branding_buildflags",
]
sources = [
"constants.cc",
"constants.h",
]
}
component("libassistant") { component("libassistant") {
sources = [ sources = [
"libassistant_service.cc", "libassistant_service.cc",
@@ -29,6 +42,20 @@ component("libassistant") {
output_name = "lib_libassistant_service" output_name = "lib_libassistant_service"
} }
source_set("sandbox_hook") {
sources = [
"libassistant_sandbox_hook.cc",
"libassistant_sandbox_hook.h",
]
deps = [
":constants",
"//base",
"//sandbox/linux:sandbox_services",
"//sandbox/policy",
]
}
source_set("internal") { source_set("internal") {
visibility = [ ":*" ] visibility = [ ":*" ]
@@ -82,7 +109,9 @@ source_set("internal") {
deps = [ deps = [
":audio", ":audio",
":constants",
"//build/util:webkit_version", "//build/util:webkit_version",
"//chromeos/assistant:buildflags",
"//chromeos/assistant/internal", "//chromeos/assistant/internal",
"//chromeos/assistant/internal:buildflags", "//chromeos/assistant/internal:buildflags",
"//chromeos/assistant/internal:libassistant", "//chromeos/assistant/internal:libassistant",

3
chromeos/services/libassistant/DEPS

@@ -6,6 +6,9 @@ include_rules = [
"+media/audio", "+media/audio",
"+media/base", "+media/base",
"+media/mojo/mojom", "+media/mojo/mojom",
"+sandbox/linux/syscall_broker/broker_command.h",
"+sandbox/linux/syscall_broker/broker_file_permission.h",
"+sandbox/policy/linux/sandbox_linux.h",
"+services/audio/public", "+services/audio/public",
"+services/device/public/mojom", "+services/device/public/mojom",
"+services/media_session/public/mojom", "+services/media_session/public/mojom",

21
chromeos/services/libassistant/constants.cc Normal file

@@ -0,0 +1,21 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chromeos/services/libassistant/constants.h"
#include "base/files/file_util.h"
#define ASSISTANT_DIR_STRING "google-assistant-library"
namespace chromeos {
namespace libassistant {
const base::FilePath::CharType kAssistantBaseDirPath[] =
FILE_PATH_LITERAL("/home/chronos/user/" ASSISTANT_DIR_STRING);
const base::FilePath::CharType kAssistantTempBaseDirPath[] =
FILE_PATH_LITERAL("/tmp/" ASSISTANT_DIR_STRING);
} // namespace libassistant
} // namespace chromeos

25
chromeos/services/libassistant/constants.h Normal file

@@ -0,0 +1,25 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_SERVICES_LIBASSISTANT_CONSTANTS_H_
#define CHROMEOS_SERVICES_LIBASSISTANT_CONSTANTS_H_
#include "base/component_export.h"
#include "base/files/file_path.h"
namespace chromeos {
namespace libassistant {
// A directory to save Assistant config files.
COMPONENT_EXPORT(LIBASSISTANT_CONSTANTS)
extern const base::FilePath::CharType kAssistantBaseDirPath[];
// A directory used in gLinux simulation.
COMPONENT_EXPORT(LIBASSISTANT_CONSTANTS)
extern const base::FilePath::CharType kAssistantTempBaseDirPath[];
} // namespace libassistant
} // namespace chromeos
#endif // CHROMEOS_SERVICES_LIBASSISTANT_CONSTANTS_H_

12
chromeos/services/libassistant/file_provider_impl.cc

@@ -37,16 +37,16 @@ bool FileProviderImpl::WriteFile(const std::string& path,
// Create a temp file. // Create a temp file.
base::FilePath temp_file; base::FilePath temp_file;
if (!base::CreateTemporaryFileInDir(full_path.DirName(), &temp_file)) { auto fd = base::CreateAndOpenFdForTemporaryFileInDir(full_path.DirName(),
&temp_file);
if (!fd.is_valid())
return false; return false;
}
// Write to the tmp file. // Write to the tmp file.
const int size = data.size(); const bool success =
int written_size = base::WriteFile(temp_file, data.data(), size); base::WriteFileDescriptor(fd.get(), data.data(), data.size());
if (written_size != size) { if (!success)
return false; return false;
}
// Replace the current file with the temp file. // Replace the current file with the temp file.
if (!base::ReplaceFile(temp_file, full_path, nullptr)) { if (!base::ReplaceFile(temp_file, full_path, nullptr)) {

73
chromeos/services/libassistant/libassistant_sandbox_hook.cc Normal file

@@ -0,0 +1,73 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chromeos/services/libassistant/libassistant_sandbox_hook.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/system/sys_info.h"
#include "chromeos/services/libassistant/constants.h"
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::syscall_broker::BrokerFilePermission;
using sandbox::syscall_broker::MakeBrokerCommandSet;
namespace chromeos {
namespace libassistant {
namespace {
sandbox::syscall_broker::BrokerCommandSet GetLibassistantBrokerCommandSet() {
return MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
sandbox::syscall_broker::COMMAND_MKDIR,
sandbox::syscall_broker::COMMAND_OPEN,
sandbox::syscall_broker::COMMAND_RENAME,
sandbox::syscall_broker::COMMAND_STAT,
sandbox::syscall_broker::COMMAND_STAT64,
});
}
std::vector<BrokerFilePermission> GetLibassistantFilePermissions() {
base::FilePath assistant_path;
if (base::SysInfo::IsRunningOnChromeOS()) {
assistant_path =
base::FilePath(kAssistantBaseDirPath).AsEndingWithSeparator();
} else {
assistant_path =
base::FilePath(kAssistantTempBaseDirPath).AsEndingWithSeparator();
}
CHECK(base::CreateDirectory(assistant_path));
// Save Libassistant logs.
base::FilePath log_path =
assistant_path.Append(FILE_PATH_LITERAL("log")).AsEndingWithSeparator();
CHECK(base::CreateDirectory(log_path));
std::vector<BrokerFilePermission> permissions{
// Required by Libassistant to generate random string.
BrokerFilePermission::ReadOnly("/dev/urandom"),
BrokerFilePermission::ReadWriteCreateRecursive(assistant_path.value()),
};
return permissions;
}
} // namespace
bool LibassistantPreSandboxHook(
sandbox::policy::SandboxLinux::Options options) {
auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(
GetLibassistantBrokerCommandSet(), GetLibassistantFilePermissions(),
sandbox::policy::SandboxLinux::PreSandboxHook(), options);
instance->EngageNamespaceSandboxIfPossible();
return true;
}
} // namespace libassistant
} // namespace chromeos

18
chromeos/services/libassistant/libassistant_sandbox_hook.h Normal file

@@ -0,0 +1,18 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_SERVICES_LIBASSISTANT_LIBASSISTANT_SANDBOX_HOOK_H_
#define CHROMEOS_SERVICES_LIBASSISTANT_LIBASSISTANT_SANDBOX_HOOK_H_
#include "sandbox/policy/linux/sandbox_linux.h"
namespace chromeos {
namespace libassistant {
bool LibassistantPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
} // namespace libassistant
} // namespace chromeos
#endif // CHROMEOS_SERVICES_LIBASSISTANT_LIBASSISTANT_SANDBOX_HOOK_H_

19
chromeos/services/libassistant/util.cc

@@ -12,10 +12,12 @@
#include "base/system/sys_info.h" #include "base/system/sys_info.h"
#include "base/values.h" #include "base/values.h"
#include "build/util/webkit_version.h" #include "build/util/webkit_version.h"
#include "chromeos/assistant/buildflags.h"
#include "chromeos/assistant/internal/internal_constants.h" #include "chromeos/assistant/internal/internal_constants.h"
#include "chromeos/assistant/internal/util_headers.h" #include "chromeos/assistant/internal/util_headers.h"
#include "chromeos/dbus/util/version_loader.h" #include "chromeos/dbus/util/version_loader.h"
#include "chromeos/services/assistant/public/cpp/features.h" #include "chromeos/services/assistant/public/cpp/features.h"
#include "chromeos/services/libassistant/constants.h"
using chromeos::assistant::shared::ClientInteraction; using chromeos::assistant::shared::ClientInteraction;
using chromeos::assistant::shared::ClientOpResult; using chromeos::assistant::shared::ClientOpResult;
@@ -49,15 +51,6 @@ void CreateUserAgent(std::string* user_agent) {
base::StringAppendF(user_agent, " ARC/%s", arc_version.c_str()); base::StringAppendF(user_agent, " ARC/%s", arc_version.c_str());
} }
// Get the root path for assistant files.
base::FilePath GetRootPath() {
base::FilePath home_dir;
CHECK(base::PathService::Get(base::DIR_HOME, &home_dir));
// Ensures DIR_HOME is overridden after primary user sign-in.
CHECK_NE(base::GetHomeDir(), home_dir);
return home_dir;
}
ProviderVerificationResult::VerificationStatus GetProviderVerificationStatus( ProviderVerificationResult::VerificationStatus GetProviderVerificationStatus(
AppStatus status) { AppStatus status) {
switch (status) { switch (status) {
@@ -175,7 +168,10 @@ bool ShouldLogToFile() {
} // namespace } // namespace
base::FilePath GetBaseAssistantDir() { base::FilePath GetBaseAssistantDir() {
return GetRootPath().Append(FILE_PATH_LITERAL("google-assistant-library")); if (base::SysInfo::IsRunningOnChromeOS())
return base::FilePath(FILE_PATH_LITERAL(kAssistantBaseDirPath));
return base::FilePath(FILE_PATH_LITERAL(kAssistantTempBaseDirPath));
} }
std::string CreateLibAssistantConfig( std::string CreateLibAssistantConfig(
@@ -221,9 +217,12 @@ std::string CreateLibAssistantConfig(
if (ShouldPutLogsInHomeDirectory()) { if (ShouldPutLogsInHomeDirectory()) {
base::FilePath log_path = base::FilePath log_path =
GetBaseAssistantDir().Append(FILE_PATH_LITERAL("log")); GetBaseAssistantDir().Append(FILE_PATH_LITERAL("log"));
#if !BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
CHECK(base::CreateDirectory(log_path)); CHECK(base::CreateDirectory(log_path));
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
log_dir = log_path.value(); log_dir = log_path.value();
} }
logging.SetKey("directory", Value(log_dir)); logging.SetKey("directory", Value(log_dir));
// Maximum disk space consumed by all log files. There are 5 rotating log // Maximum disk space consumed by all log files. There are 5 rotating log
// files on disk. // files on disk.

10
content/browser/utility_sandbox_delegate.cc

@@ -15,6 +15,10 @@
#include "content/common/zygote/zygote_handle_impl_linux.h" #include "content/common/zygote/zygote_handle_impl_linux.h"
#endif #endif
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/assistant/buildflags.h"
#endif
namespace content { namespace content {
UtilitySandboxedProcessLauncherDelegate:: UtilitySandboxedProcessLauncherDelegate::
@@ -50,6 +54,9 @@ UtilitySandboxedProcessLauncherDelegate::
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type_ == sandbox::policy::SandboxType::kIme || sandbox_type_ == sandbox::policy::SandboxType::kIme ||
sandbox_type_ == sandbox::policy::SandboxType::kTts || sandbox_type_ == sandbox::policy::SandboxType::kTts ||
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
sandbox_type_ == sandbox::policy::SandboxType::kLibassistant ||
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type_ == sandbox::policy::SandboxType::kAudio || sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
#if !defined(OS_MAC) #if !defined(OS_MAC)
@@ -87,6 +94,9 @@ ZygoteHandle UtilitySandboxedProcessLauncherDelegate::GetZygote() {
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type_ == sandbox::policy::SandboxType::kIme || sandbox_type_ == sandbox::policy::SandboxType::kIme ||
sandbox_type_ == sandbox::policy::SandboxType::kTts || sandbox_type_ == sandbox::policy::SandboxType::kTts ||
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
sandbox_type_ == sandbox::policy::SandboxType::kLibassistant ||
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type_ == sandbox::policy::SandboxType::kAudio || sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
sandbox_type_ == sandbox::policy::SandboxType::kPrintBackend || sandbox_type_ == sandbox::policy::SandboxType::kPrintBackend ||

6
content/utility/BUILD.gn

@@ -3,6 +3,7 @@
# found in the LICENSE file. # found in the LICENSE file.
import("//build/config/chromeos/ui_mode.gni") import("//build/config/chromeos/ui_mode.gni")
import("//chromeos/assistant/assistant.gni")
import("//device/vr/buildflags/buildflags.gni") import("//device/vr/buildflags/buildflags.gni")
import("//media/media_options.gni") import("//media/media_options.gni")
@@ -77,6 +78,7 @@ source_set("utility") {
if (is_chromeos_ash) { if (is_chromeos_ash) {
deps += [ deps += [
"//chromeos/assistant:buildflags",
"//chromeos/services/ime:sandbox_hook", "//chromeos/services/ime:sandbox_hook",
"//chromeos/services/tts:sandbox_hook", "//chromeos/services/tts:sandbox_hook",
] ]
@@ -89,6 +91,10 @@ source_set("utility") {
] ]
} }
if (enable_libassistant_sandbox) {
deps += [ "//chromeos/services/libassistant:sandbox_hook" ]
}
# PAC execution is done in process on Android. # PAC execution is done in process on Android.
if (!is_android) { if (!is_android) {
deps += [ "//services/proxy_resolver:lib" ] deps += [ "//services/proxy_resolver:lib" ]

2
content/utility/DEPS

@@ -3,7 +3,9 @@ include_rules = [
"+content/child", "+content/child",
"+content/public/utility", "+content/public/utility",
"+content/services", "+content/services",
"+chromeos/assistant/buildflags.h",
"+chromeos/services/ime", "+chromeos/services/ime",
"+chromeos/services/libassistant",
"+chromeos/services/tts", "+chromeos/services/tts",
"+device/vr/buildflags", "+device/vr/buildflags",
"+device/vr/public", "+device/vr/public",

14
content/utility/utility_main.cc

@@ -37,8 +37,13 @@
#endif #endif
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/assistant/buildflags.h"
#include "chromeos/services/ime/ime_sandbox_hook.h" #include "chromeos/services/ime/ime_sandbox_hook.h"
#include "chromeos/services/tts/tts_sandbox_hook.h" #include "chromeos/services/tts/tts_sandbox_hook.h"
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "chromeos/services/libassistant/libassistant_sandbox_hook.h" // nogncheck
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif #endif
#if defined(OS_MAC) #if defined(OS_MAC)
@@ -109,6 +114,9 @@ int UtilityMain(const MainFunctionParams& parameters) {
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type == sandbox::policy::SandboxType::kIme || sandbox_type == sandbox::policy::SandboxType::kIme ||
sandbox_type == sandbox::policy::SandboxType::kTts || sandbox_type == sandbox::policy::SandboxType::kTts ||
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
sandbox_type == sandbox::policy::SandboxType::kLibassistant ||
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
sandbox_type == sandbox::policy::SandboxType::kPrintBackend || sandbox_type == sandbox::policy::SandboxType::kPrintBackend ||
sandbox_type == sandbox::policy::SandboxType::kAudio || sandbox_type == sandbox::policy::SandboxType::kAudio ||
@@ -128,6 +136,12 @@ int UtilityMain(const MainFunctionParams& parameters) {
pre_sandbox_hook = base::BindOnce(&chromeos::ime::ImePreSandboxHook); pre_sandbox_hook = base::BindOnce(&chromeos::ime::ImePreSandboxHook);
else if (sandbox_type == sandbox::policy::SandboxType::kTts) else if (sandbox_type == sandbox::policy::SandboxType::kTts)
pre_sandbox_hook = base::BindOnce(&chromeos::tts::TtsPreSandboxHook); pre_sandbox_hook = base::BindOnce(&chromeos::tts::TtsPreSandboxHook);
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
else if (sandbox_type == sandbox::policy::SandboxType::kLibassistant) {
pre_sandbox_hook =
base::BindOnce(&chromeos::libassistant::LibassistantPreSandboxHook);
}
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
sandbox::policy::Sandbox::Initialize( sandbox::policy::Sandbox::Initialize(

9
sandbox/policy/BUILD.gn

@@ -6,6 +6,7 @@ import("//build/buildflag_header.gni")
import("//build/config/chromecast_build.gni") import("//build/config/chromecast_build.gni")
import("//build/config/chromeos/ui_mode.gni") import("//build/config/chromeos/ui_mode.gni")
import("//build/config/sanitizers/sanitizers.gni") import("//build/config/sanitizers/sanitizers.gni")
import("//chromeos/assistant/assistant.gni")
import("//testing/test.gni") import("//testing/test.gni")
component("policy") { component("policy") {
@@ -87,6 +88,14 @@ component("policy") {
"linux/bpf_tts_policy_linux.cc", "linux/bpf_tts_policy_linux.cc",
"linux/bpf_tts_policy_linux.h", "linux/bpf_tts_policy_linux.h",
] ]
deps += [ "//chromeos/assistant:buildflags" ]
if (enable_libassistant_sandbox) {
sources += [
"linux/bpf_libassistant_policy_linux.cc",
"linux/bpf_libassistant_policy_linux.h",
]
}
} }
if (is_mac) { if (is_mac) {
sources += [ sources += [

1
sandbox/policy/DEPS

@@ -1,4 +1,5 @@
include_rules = [ include_rules = [
"+chromeos/assistant/buildflags.h",
"+sandbox/constants.h", "+sandbox/constants.h",
"+sandbox", "+sandbox",
] ]

40
sandbox/policy/linux/bpf_libassistant_policy_linux.cc Normal file

@@ -0,0 +1,40 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sandbox/policy/linux/bpf_libassistant_policy_linux.h"
#include <sys/socket.h>
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/syscall_broker/broker_process.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
#include "sandbox/policy/linux/sandbox_linux.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::bpf_dsl::Trap;
using sandbox::syscall_broker::BrokerProcess;
namespace sandbox {
namespace policy {
LibassistantProcessPolicy::LibassistantProcessPolicy() = default;
LibassistantProcessPolicy::~LibassistantProcessPolicy() = default;
ResultExpr LibassistantProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__NR_sched_setscheduler)
if (sysno == __NR_sched_setscheduler)
return Allow();
#endif
auto* sandbox_linux = SandboxLinux::GetInstance();
if (sandbox_linux->ShouldBrokerHandleSyscall(sysno))
return sandbox_linux->HandleViaBroker();
return BPFBasePolicy::EvaluateSyscall(sysno);
}
} // namespace policy
} // namespace sandbox

28
sandbox/policy/linux/bpf_libassistant_policy_linux.h Normal file

@@ -0,0 +1,28 @@
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_POLICY_LINUX_BPF_LIBASSISTANT_POLICY_LINUX_H_
#define SANDBOX_POLICY_LINUX_BPF_LIBASSISTANT_POLICY_LINUX_H_
#include "sandbox/policy/linux/bpf_base_policy_linux.h"
namespace sandbox {
namespace policy {
// This policy can be used by Libassistant utility processes.
class LibassistantProcessPolicy : public BPFBasePolicy {
public:
LibassistantProcessPolicy();
LibassistantProcessPolicy(const LibassistantProcessPolicy&) = delete;
LibassistantProcessPolicy& operator=(const LibassistantProcessPolicy&) =
delete;
~LibassistantProcessPolicy() override;
bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override;
};
} // namespace policy
} // namespace sandbox
#endif // SANDBOX_POLICY_LINUX_BPF_LIBASSISTANT_POLICY_LINUX_H_

12
sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc

@@ -58,6 +58,11 @@
#include "sandbox/policy/features.h" #include "sandbox/policy/features.h"
#include "sandbox/policy/linux/bpf_ime_policy_linux.h" #include "sandbox/policy/linux/bpf_ime_policy_linux.h"
#include "sandbox/policy/linux/bpf_tts_policy_linux.h" #include "sandbox/policy/linux/bpf_tts_policy_linux.h"
#include "chromeos/assistant/buildflags.h"
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#include "sandbox/policy/linux/bpf_libassistant_policy_linux.h"
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
using sandbox::bpf_dsl::Allow; using sandbox::bpf_dsl::Allow;
@@ -191,6 +196,10 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
return std::make_unique<ImeProcessPolicy>(); return std::make_unique<ImeProcessPolicy>();
case SandboxType::kTts: case SandboxType::kTts:
return std::make_unique<TtsProcessPolicy>(); return std::make_unique<TtsProcessPolicy>();
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
case SandboxType::kLibassistant:
return std::make_unique<LibassistantProcessPolicy>();
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
case SandboxType::kZygoteIntermediateSandbox: case SandboxType::kZygoteIntermediateSandbox:
case SandboxType::kNoSandbox: case SandboxType::kNoSandbox:
@@ -235,6 +244,9 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
case SandboxType::kIme: case SandboxType::kIme:
case SandboxType::kTts: case SandboxType::kTts:
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
case SandboxType::kLibassistant:
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
case SandboxType::kAudio: case SandboxType::kAudio:
case SandboxType::kSharingService: case SandboxType::kSharingService:

14
sandbox/policy/sandbox_type.cc

@@ -55,6 +55,9 @@ bool IsUnsandboxedSandboxType(SandboxType sandbox_type) {
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
case SandboxType::kIme: case SandboxType::kIme:
case SandboxType::kTts: case SandboxType::kTts:
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
case SandboxType::kLibassistant:
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif #endif
#if !defined(OS_MAC) #if !defined(OS_MAC)
case SandboxType::kSharingService: case SandboxType::kSharingService:
@@ -121,6 +124,9 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
case SandboxType::kIme: case SandboxType::kIme:
case SandboxType::kTts: case SandboxType::kTts:
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
case SandboxType::kLibassistant:
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if !defined(OS_MAC) #if !defined(OS_MAC)
case SandboxType::kSharingService: case SandboxType::kSharingService:
@@ -250,6 +256,10 @@ std::string StringFromUtilitySandboxType(SandboxType sandbox_type) {
return switches::kImeSandbox; return switches::kImeSandbox;
case SandboxType::kTts: case SandboxType::kTts:
return switches::kTtsSandbox; return switches::kTtsSandbox;
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
case SandboxType::kLibassistant:
return switches::kLibassistantSandbox;
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
// The following are not utility processes so should not occur. // The following are not utility processes so should not occur.
case SandboxType::kRenderer: case SandboxType::kRenderer:
@@ -311,6 +321,10 @@ SandboxType UtilitySandboxTypeFromString(const std::string& sandbox_string) {
return SandboxType::kIme; return SandboxType::kIme;
if (sandbox_string == switches::kTtsSandbox) if (sandbox_string == switches::kTtsSandbox)
return SandboxType::kTts; return SandboxType::kTts;
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
if (sandbox_string == switches::kLibassistantSandbox)
return SandboxType::kLibassistant;
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
return SandboxType::kUtility; return SandboxType::kUtility;
} }

9
sandbox/policy/sandbox_type.h

@@ -12,6 +12,10 @@
#include "build/chromeos_buildflags.h" #include "build/chromeos_buildflags.h"
#include "sandbox/policy/export.h" #include "sandbox/policy/export.h"
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox { namespace sandbox {
namespace policy { namespace policy {
@@ -77,6 +81,11 @@ enum class SandboxType {
kIme, kIme,
// Text-to-speech. // Text-to-speech.
kTts, kTts,
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
kLibassistant,
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if defined(OS_LINUX) || defined(OS_CHROMEOS) #if defined(OS_LINUX) || defined(OS_CHROMEOS)

3
sandbox/policy/switches.cc

@@ -46,6 +46,9 @@ const char kMediaFoundationCdmSandbox[] = "mf_cdm";
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
const char kImeSandbox[] = "ime"; const char kImeSandbox[] = "ime";
const char kTtsSandbox[] = "tts"; const char kTtsSandbox[] = "tts";
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
const char kLibassistantSandbox[] = "libassistant";
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
// Flags owned by the service manager sandbox. // Flags owned by the service manager sandbox.

7
sandbox/policy/switches.h

@@ -9,6 +9,10 @@
#include "build/chromeos_buildflags.h" #include "build/chromeos_buildflags.h"
#include "sandbox/policy/export.h" #include "sandbox/policy/export.h"
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox { namespace sandbox {
namespace policy { namespace policy {
namespace switches { namespace switches {
@@ -43,6 +47,9 @@ SANDBOX_POLICY_EXPORT extern const char kMediaFoundationCdmSandbox[];
#if BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH)
SANDBOX_POLICY_EXPORT extern const char kImeSandbox[]; SANDBOX_POLICY_EXPORT extern const char kImeSandbox[];
SANDBOX_POLICY_EXPORT extern const char kTtsSandbox[]; SANDBOX_POLICY_EXPORT extern const char kTtsSandbox[];
#if BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
SANDBOX_POLICY_EXPORT extern const char kLibassistantSandbox[];
#endif // BUILDFLAG(ENABLE_LIBASSISTANT_SANDBOX)
#endif // BUILDFLAG(IS_CHROMEOS_ASH) #endif // BUILDFLAG(IS_CHROMEOS_ASH)
// Flags owned by the service manager sandbox. // Flags owned by the service manager sandbox.