chromium/src
0
Fork 0
Code Activity

[Video Effects] Add kVideoEffects sandbox policy.

Browse Source 
This CL adds a new sandbox policy type kVideoEffects for the Video
Effects Service to be supported on Win, Mac, and Linux.  It does not
implement any specific sandbox behaviors, which will come in
followup CLs.  Attempting to use the new sandbox policy will trigger
NOTREACHED().

The policy is guarded by the enable_video_effects GN arg (as compilation
the service itself is also guarded by that arg).

This follows the pattern of the ScreenAI sandbox policy which has
similar requirements.

Bug: 361128453
Change-Id: Ifea3a49b4736d204aa5331d9edf5b57e7af176f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5800422
Reviewed-by: Mark Rowe <markrowe@chromium.org>
Reviewed-by: Piotr Bialecki <bialpio@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Mark Foltz <mfoltz@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1351868}
This commit is contained in:
mark a. foltz
2024-09-06 05:43:53 +00:00
committed by Chromium LUCI CQ
parent 3c16dbf6aa
commit a312818295
15 changed files with 47 additions and 1 deletions

2
chrome/browser/chrome_content_browser_client.cc

@ -5073,6 +5073,7 @@ std::wstring ChromeContentBrowserClient::GetAppContainerSidForSandboxType(
case sandbox::mojom::Sandbox::kPrintCompositor:
case sandbox::mojom::Sandbox::kAudio:
case sandbox::mojom::Sandbox::kScreenAI:
case sandbox::mojom::Sandbox::kVideoEffects:
case sandbox::mojom::Sandbox::kSpeechRecognition:
case sandbox::mojom::Sandbox::kPdfConversion:
case sandbox::mojom::Sandbox::kService:
@ -5175,6 +5176,7 @@ bool ChromeContentBrowserClient::PreSpawnChild(
#if !BUILDFLAG(IS_ANDROID)
case sandbox::mojom::Sandbox::kScreenAI:
#endif
case sandbox::mojom::Sandbox::kVideoEffects:
case sandbox::mojom::Sandbox::kAudio:
case sandbox::mojom::Sandbox::kOnDeviceModelExecution:
case sandbox::mojom::Sandbox::kSpeechRecognition:

1
content/browser/DEPS

@ -84,6 +84,7 @@ include_rules = [
"+services/cert_verifier/public/mojom",
"+services/screen_ai/buildflags",
"+services/screen_ai/public/cpp",
"+services/video_effects/public/cpp/buildflags.h",
# In general, //content shouldn't depend on //device.
# This is the an exception.

2
content/browser/child_process_launcher_helper_fuchsia.cc

@ -46,6 +46,8 @@ const char* ProcessNameFromSandboxType(sandbox::mojom::Sandbox sandbox_type) {
return "print-compositor";
case sandbox::mojom::Sandbox::kSpeechRecognition:
return "speech-recognition";
case sandbox::mojom::Sandbox::kVideoEffects:
return "video-effects";
#if BUILDFLAG(ENABLE_OOP_PRINTING)
case sandbox::mojom::Sandbox::kPrintBackend:
return "print-backend";

4
content/browser/sandbox_parameters_mac.mm

@ -243,6 +243,10 @@ bool SetupSandboxParameters(sandbox::mojom::Sandbox sandbox_type,
SetupCommonSandboxParameters(compiler, command_line);
CHECK(GetContentClient()->browser()->SetupEmbedderSandboxParameters(
sandbox_type, compiler));
break;
case sandbox::mojom::Sandbox::kVideoEffects:
// TODO(crbug.com/361128453): Implement this.
NOTREACHED() << "kVideoEffects sandbox not implemented";
}
return true;
}

6
content/browser/utility_process_sandbox_browsertest.cc

@ -55,7 +55,10 @@ std::vector<Sandbox> GetSandboxTypesToTest() {
if (t == Sandbox::kZygoteIntermediateSandbox)
continue;
#endif
// TODO(crbug.com/361128453): Implement
if (t == Sandbox::kVideoEffects) {
continue;
}
types.push_back(t);
}
return types;
@ -156,6 +159,7 @@ class UtilityProcessSandboxBrowserTest
case Sandbox::kGpu:
case Sandbox::kRenderer:
case Sandbox::kVideoEffects:
case Sandbox::kZygoteIntermediateSandbox:
NOTREACHED_IN_MIGRATION();
break;

1
content/browser/utility_sandbox_delegate.cc

@ -93,6 +93,7 @@ UtilitySandboxedProcessLauncherDelegate::
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
sandbox_type_ == sandbox::mojom::Sandbox::kScreenAI ||
#endif
sandbox_type_ == sandbox::mojom::Sandbox::kVideoEffects ||
sandbox_type_ == sandbox::mojom::Sandbox::kAudio ||
sandbox_type_ == sandbox::mojom::Sandbox::kSpeechRecognition;
DCHECK(supported_sandbox_type);

3
content/utility/utility_main.cc

@ -292,6 +292,9 @@ int UtilityMain(MainFunctionParams parameters) {
screen_ai::GetBinaryPathSwitch()));
break;
#endif
case sandbox::mojom::Sandbox::kVideoEffects:
// TODO(crbug.com/361128453): Implement this.
NOTREACHED() << "kVideoEffects sandbox not implemented.";
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
pre_sandbox_hook =

1
sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc

@ -175,6 +175,7 @@ const SandboxConfig* GetConfigForSandboxType(sandbox::mojom::Sandbox type) {
case sandbox::mojom::Sandbox::kService:
case sandbox::mojom::Sandbox::kSpeechRecognition:
case sandbox::mojom::Sandbox::kUtility:
case sandbox::mojom::Sandbox::kVideoEffects:
return &kMinimalConfig;
}
}

6
sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc

@ -218,6 +218,9 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
case sandbox::mojom::Sandbox::kScreenAI:
return std::make_unique<ScreenAIProcessPolicy>();
#endif
case sandbox::mojom::Sandbox::kVideoEffects:
// TODO(crbug.com/361128453): Implement this.
NOTREACHED() << "kVideoEffects sandbox not implemented.";
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
return std::make_unique<HardwareVideoDecodingProcessPolicy>(
@ -287,6 +290,9 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
CHECK_EQ(EPERM, errno);
#endif // !defined(NDEBUG)
} break;
case sandbox::mojom::Sandbox::kVideoEffects:
// TODO(crbug.com/361128453): Implement this.
NOTREACHED() << "kVideoEffects sandbox not implemented.";
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)

3
sandbox/policy/mac/sandbox_mac.mm

@ -85,6 +85,9 @@ std::string GetSandboxProfile(sandbox::mojom::Sandbox sandbox_type) {
profile += kSeatbeltPolicyString_screen_ai;
break;
#endif
case sandbox::mojom::Sandbox::kVideoEffects:
// TODO(crbug.com/361128453): Implement this.
NOTREACHED() << "kVideoEffects sandbox not implemented.";
case sandbox::mojom::Sandbox::kSpeechRecognition:
profile += kSeatbeltPolicyString_speech_recognition;
break;

3
sandbox/policy/mojom/sandbox.mojom

@ -64,6 +64,9 @@ enum Sandbox {
// Like kUtility but allows loading of speech recognition libraries.
kSpeechRecognition,
// Like kUtility but allows loading of the optimization guide library.
kVideoEffects,
// Like kUtility but allows loading of screen AI library.
[EnableIf=enable_screen_ai_service]
kScreenAI,

7
sandbox/policy/sandbox_type.cc

@ -81,6 +81,7 @@ bool IsUnsandboxedSandboxType(Sandbox sandbox_type) {
case Sandbox::kScreenAI:
#endif
case Sandbox::kSpeechRecognition:
case Sandbox::kVideoEffects:
return false;
}
}
@ -162,6 +163,7 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
case Sandbox::kScreenAI:
#endif
case Sandbox::kSpeechRecognition:
case Sandbox::kVideoEffects:
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kUtilityProcess);
DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
@ -271,6 +273,8 @@ std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
case Sandbox::kScreenAI:
return switches::kScreenAISandbox;
#endif
case Sandbox::kVideoEffects:
return switches::kVideoEffectsSandbox;
#if BUILDFLAG(IS_WIN)
case Sandbox::kXrCompositing:
return switches::kXrCompositingSandbox;
@ -382,6 +386,9 @@ sandbox::mojom::Sandbox UtilitySandboxTypeFromString(
if (sandbox_string == switches::kScreenAISandbox)
return Sandbox::kScreenAI;
#endif
if (sandbox_string == switches::kVideoEffectsSandbox) {
return Sandbox::kVideoEffects;
}
#if BUILDFLAG(IS_FUCHSIA)
if (sandbox_string == switches::kVideoCaptureSandbox)
return Sandbox::kVideoCapture;

1
sandbox/policy/switches.cc

@ -39,6 +39,7 @@ const char kServiceSandboxWithJit[] = "service_with_jit";
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
const char kScreenAISandbox[] = "screen_ai";
#endif
const char kVideoEffectsSandbox[] = "video_effects";
const char kSpeechRecognitionSandbox[] = "speech_recognition";
const char kVideoCaptureSandbox[] = "video_capture";

1
sandbox/policy/switches.h

@ -42,6 +42,7 @@ SANDBOX_POLICY_EXPORT extern const char kServiceSandboxWithJit[];
#if BUILDFLAG(ENABLE_SCREEN_AI_SERVICE)
SANDBOX_POLICY_EXPORT extern const char kScreenAISandbox[];
#endif
SANDBOX_POLICY_EXPORT extern const char kVideoEffectsSandbox[];
SANDBOX_POLICY_EXPORT extern const char kSpeechRecognitionSandbox[];
SANDBOX_POLICY_EXPORT extern const char kVideoCaptureSandbox[];

7
sandbox/policy/win/sandbox_win.cc

@ -575,6 +575,11 @@ ResultCode GenerateConfigForSandboxedProcess(const base::CommandLine& cmd_line,
mitigations |= MITIGATION_CET_DISABLED;
Sandbox sandbox_type = delegate->GetSandboxType();
// TODO(crbug.com/361128453): Implement this.
CHECK(sandbox_type != Sandbox::kVideoEffects)
<< "kVideoEffects sandbox not implemented";
if (sandbox_type == Sandbox::kRenderer &&
base::FeatureList::IsEnabled(
sandbox::policy::features::kWinSboxRestrictCoreSharingOnRenderer)) {
@ -1088,6 +1093,8 @@ std::string SandboxWin::GetSandboxTypeInEnglish(Sandbox sandbox_type) {
case Sandbox::kScreenAI:
return "Screen AI";
#endif
case Sandbox::kVideoEffects:
return "Video Effects";
case Sandbox::kSpeechRecognition:
return "Speech Recognition";
case Sandbox::kPdfConversion: