Implement sandbox policy for Video Effects Service on Linux

Changes:
- Introduce pre-sandbox hook for VES that preloads required shared
  library.
- Make VES use the unsandboxed zygote.

Originally authored by mfoltz@ at https://crrev.com/c/5880160.

Bug: 361128453
Change-Id: I69c2bb284c72eb1fb7719b39574f155277fdff2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5891169
Reviewed-by: Mark Foltz <mfoltz@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Piotr Bialecki <bialpio@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1361926}

content/browser/utility_process_sandbox_browsertest.cc

@@ -54,12 +54,6 @@ std::vector<Sandbox> GetSandboxTypesToTest() {
 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
     if (t == Sandbox::kZygoteIntermediateSandbox)
       continue;
-#endif
-#if BUILDFLAG(IS_LINUX)
-    // TODO(crbug.com/361128453): Implement
-    if (t == Sandbox::kVideoEffects) {
-      continue;
-    }
 #endif
     types.push_back(t);
   }
@@ -150,6 +144,9 @@ class UtilityProcessSandboxBrowserTest
 #endif
 #if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
       case Sandbox::kScreenAI:
+#endif
+#if BUILDFLAG(IS_LINUX)
+      case Sandbox::kVideoEffects:
 #endif
       case Sandbox::kSpeechRecognition: {
         constexpr int kExpectedPartialSandboxFlags =
@@ -161,9 +158,6 @@ class UtilityProcessSandboxBrowserTest
 
       case Sandbox::kGpu:
       case Sandbox::kRenderer:
-#if BUILDFLAG(IS_LINUX)
-      case Sandbox::kVideoEffects:
-#endif
       case Sandbox::kZygoteIntermediateSandbox:
         NOTREACHED_IN_MIGRATION();
         break;

content/browser/utility_sandbox_delegate.cc

@@ -163,6 +163,9 @@ ZygoteCommunication* UtilitySandboxedProcessLauncherDelegate::GetZygote() {
 #if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
       sandbox_type_ == sandbox::mojom::Sandbox::kScreenAI ||
 #endif
+#if BUILDFLAG(IS_LINUX)
+      sandbox_type_ == sandbox::mojom::Sandbox::kVideoEffects ||
+#endif  // BUILDFLAG(IS_LINUX)
       sandbox_type_ == sandbox::mojom::Sandbox::kSpeechRecognition) {
     return GetUnsandboxedZygote();
   }

content/utility/BUILD.gn

@@ -81,6 +81,9 @@ source_set("utility") {
 
   if (enable_video_effects) {
     deps += [ "//services/video_effects:service" ]
+    if (is_linux) {
+      deps += [ "//services/video_effects:sandbox_hook" ]
+    }
   }
 
   # When library CDMs are supported, we support running the CDM in the utility

content/utility/utility_main.cc

@@ -35,6 +35,7 @@
 #include "services/on_device_model/on_device_model_service.h"
 #include "services/screen_ai/buildflags/buildflags.h"
 #include "services/tracing/public/cpp/trace_startup.h"
+#include "services/video_effects/public/cpp/buildflags.h"
 
 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
 #include "base/file_descriptor_store.h"
@@ -62,6 +63,10 @@
 #include "media/gpu/sandbox/hardware_video_decoding_sandbox_hook_linux.h"
 #endif  // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
 
+#if BUILDFLAG(ENABLE_VIDEO_EFFECTS) && BUILDFLAG(IS_LINUX)
+#include "services/video_effects/video_effects_sandbox_hook_linux.h"  // nogncheck
+#endif  // BUILDFLAG(ENABLE_VIDEO_EFFECTS) && BUILDFLAG(IS_LINUX)
+
 #if BUILDFLAG(IS_CHROMEOS_ASH)
 #include "chromeos/ash/components/assistant/buildflags.h"
 #include "chromeos/ash/services/ime/ime_sandbox_hook.h"
@@ -292,11 +297,14 @@ int UtilityMain(MainFunctionParams parameters) {
                              screen_ai::GetBinaryPathSwitch()));
       break;
 #endif
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
+#if BUILDFLAG(IS_LINUX)
     case sandbox::mojom::Sandbox::kVideoEffects:
-      // TODO(crbug.com/361128453): Implement this.
-      NOTREACHED() << "kVideoEffects sandbox not implemented.";
-#endif
+#if BUILDFLAG(ENABLE_VIDEO_EFFECTS)
+      pre_sandbox_hook =
+          base::BindOnce(&video_effects::VideoEffectsPreSandboxHook);
+#endif  // BUILDFLAG(ENABLE_VIDEO_EFFECTS)
+      break;
+#endif  // BUILDFLAG(IS_LINUX)
 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
     case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
       pre_sandbox_hook =