Reland "One process per policy in chrome://sandbox"
This is a reland of 23a41c068e
Original change was backed out to allow a dependent CL to be reverted.
Original change's description:
> One process per policy in chrome://sandbox
>
> Policies now only apply to a single process so processIds can be
> processId. (There was only ever one pid in the list, now there can
> be only one.)
>
> No change to the main output on chrome://sandbox.
>
> Bug: 1270309
> Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521
> Reviewed-by: Will Harris <wfh@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#964450}
Bug: 1270309
Change-Id: I2ac2d045556761a3209386b5e53c63c46e39e1d7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3440053
Auto-Submit: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#968484}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
43e95bc86c
commit
ac0f573a36
chrome/browser/resources/sandbox_internals
sandbox/win/src
@ -36,7 +36,7 @@ let RendererHostProcess;
|
||||
* This may have additional fields displayed in the JSON output.
|
||||
* See //sandbox/win/src/sandbox_constants.cc for keys in policy.
|
||||
* @typedef {{
|
||||
* processIds: !Array<number>,
|
||||
* processId: number,
|
||||
* lockdownLevel: string,
|
||||
* desiredIntegrityLevel: string,
|
||||
* platformMitigations: string,
|
||||
@ -511,9 +511,7 @@ function onGetSandboxDiagnostics(results) {
|
||||
/** @type {!Map<number,!PolicyDiagnostic>} */
|
||||
const policies = new Map();
|
||||
for (const policy of results.policies) {
|
||||
// At present only one process per TargetPolicy object.
|
||||
const pid = policy.processIds[0];
|
||||
policies.set(pid, policy);
|
||||
policies.set(policy.processId, policy);
|
||||
}
|
||||
|
||||
// Titles.
|
||||
|
@ -45,20 +45,12 @@ const char kLockdownLevel[] = "lockdownLevel";
|
||||
const char kLowboxSid[] = "lowboxSid";
|
||||
const char kPlatformMitigations[] = "platformMitigations";
|
||||
const char kPolicyRules[] = "policyRules";
|
||||
const char kProcessIds[] = "processIds";
|
||||
const char kProcessId[] = "processId";
|
||||
|
||||
// Values in snapshots of Policies.
|
||||
const char kDisabled[] = "disabled";
|
||||
const char kEnabled[] = "enabled";
|
||||
|
||||
base::Value ProcessIdList(std::vector<uint32_t> process_ids) {
|
||||
base::Value results(base::Value::Type::LIST);
|
||||
for (const auto pid : process_ids) {
|
||||
results.Append(base::strict_cast<double>(pid));
|
||||
}
|
||||
return results;
|
||||
}
|
||||
|
||||
std::string GetTokenLevelInEnglish(TokenLevel token) {
|
||||
switch (token) {
|
||||
case USER_LOCKDOWN:
|
||||
@ -379,8 +371,7 @@ base::Value GetHandlesToClose(const HandleMap& handle_map) {
|
||||
PolicyDiagnostic::PolicyDiagnostic(PolicyBase* policy) {
|
||||
DCHECK(policy);
|
||||
// TODO(crbug/997273) Add more fields once webui plumbing is complete.
|
||||
process_ids_.push_back(
|
||||
base::strict_cast<uint32_t>(policy->target_->ProcessId()));
|
||||
process_id_ = base::strict_cast<uint32_t>(policy->target_->ProcessId());
|
||||
lockdown_level_ = policy->lockdown_level_;
|
||||
job_level_ = policy->job_level_;
|
||||
|
||||
@ -435,7 +426,7 @@ const char* PolicyDiagnostic::JsonString() {
|
||||
return json_string_->c_str();
|
||||
|
||||
base::Value value(base::Value::Type::DICTIONARY);
|
||||
value.SetKey(kProcessIds, ProcessIdList(process_ids_));
|
||||
value.SetKey(kProcessId, base::Value(base::strict_cast<double>(process_id_)));
|
||||
value.SetKey(kLockdownLevel,
|
||||
base::Value(GetTokenLevelInEnglish(lockdown_level_)));
|
||||
value.SetKey(kJobLevel, base::Value(GetJobLevelInEnglish(job_level_)));
|
||||
|
@ -41,7 +41,7 @@ class PolicyDiagnostic final : public PolicyInfo {
|
||||
private:
|
||||
// |json_string_| is lazily constructed.
|
||||
std::unique_ptr<std::string> json_string_;
|
||||
std::vector<uint32_t> process_ids_;
|
||||
uint32_t process_id_;
|
||||
TokenLevel lockdown_level_ = USER_LAST;
|
||||
JobLevel job_level_ = JOB_NONE;
|
||||
IntegrityLevel desired_integrity_level_ = INTEGRITY_LEVEL_LAST;
|
||||
|
Reference in New Issue
Block a user