Remove more nonsfi code

No intended behavior change.

Bug: 1273132
Change-Id: Id46a05bd280e7c8c078e542229029dcbd086f281
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3323696
Reviewed-by: Sam Clegg <sbc@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#949885}

ipc/ipc_channel.cc

@@ -35,13 +35,7 @@ std::string Channel::GenerateUniqueRandomChannelID() {
   // the creator, an identifier for the child instance, and a strong random
   // component. The strong random component prevents other processes from
   // hijacking or squatting on predictable channel names.
-#if defined(OS_NACL_NONSFI)
-  // The seccomp sandbox disallows use of getpid(), so we provide a
-  // dummy PID.
-  int process_id = -1;
-#else
   int process_id = base::GetCurrentProcId();
-#endif
   return base::StringPrintf("%d.%u.%d",
       process_id,
       g_last_id.GetNext(),

mojo/public/cpp/platform/socket_utils_posix.cc

@@ -8,16 +8,16 @@
 #include <sys/socket.h>
 #include <unistd.h>
 
-#if !defined(OS_NACL)
-#include <sys/uio.h>
-#endif
-
 #include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/notreached.h"
 #include "base/posix/eintr_wrapper.h"
 #include "build/build_config.h"
 
+#if !defined(OS_NACL)
+#include <sys/uio.h>
+#endif
+
 namespace mojo {
 
 namespace {
@@ -79,7 +79,7 @@ constexpr int kSendmsgFlags = MSG_NOSIGNAL;
 ssize_t SocketWrite(base::PlatformFile socket,
                     const void* bytes,
                     size_t num_bytes) {
-#if defined(OS_APPLE) || defined(OS_NACL_NONSFI)
+#if defined(OS_APPLE)
   return HANDLE_EINTR(write(socket, bytes, num_bytes));
 #else
   return send(socket, bytes, num_bytes, kSendmsgFlags);

native_client_sdk/src/BUILD.gn

@@ -28,9 +28,6 @@ if (enable_nacl) {
         "//native_client/src/trusted/service_runtime:sel_ldr",
         "//native_client/src/trusted/validator/driver:ncval_new",
       ]
-      if (is_linux || is_chromeos) {
-        deps += [ "//native_client/src/nonsfi/loader:nonsfi_loader" ]
-      }
     }
     if (nacl_sdk_untrusted) {
       deps += [

sandbox/linux/BUILD.gn

@@ -386,7 +386,6 @@ source_set("sandbox_services_headers") {
     "system_headers/linux_stat.h",
     "system_headers/linux_syscalls.h",
     "system_headers/linux_time.h",
-    "system_headers/linux_ucontext.h",
     "system_headers/mips64_linux_syscalls.h",
     "system_headers/mips_linux_syscalls.h",
     "system_headers/x86_32_linux_syscalls.h",

sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc

@@ -41,9 +41,7 @@
 
 namespace {
 
-#if !defined(OS_NACL_NONSFI)
 base::debug::CrashKeyString* seccomp_crash_key = nullptr;
-#endif
 
 inline bool IsArchitectureX86_64() {
 #if defined(__x86_64__)
@@ -151,7 +149,6 @@ class NumberToHex {
 // Records the syscall number and first four arguments in a crash key, to help
 // debug the failure.
 void SetSeccompCrashKey(const struct arch_seccomp_data& args) {
-#if !defined(OS_NACL_NONSFI)
   NumberToHex<int> nr(args.nr);
   NumberToHex<uint64_t> arg1(args.args[0]);
   NumberToHex<uint64_t> arg2(args.args[1]);
@@ -196,7 +193,6 @@ void SetSeccompCrashKey(const struct arch_seccomp_data& args) {
   }
 
   base::debug::SetCrashKeyString(seccomp_crash_key, crash_key);
-#endif
 }
 
 }  // namespace
@@ -413,13 +409,11 @@ bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
 }
 
 void AllocateCrashKeys() {
-#if !defined(OS_NACL_NONSFI)
   if (seccomp_crash_key)
     return;
 
   seccomp_crash_key = base::debug::AllocateCrashKeyString(
       "seccomp-sigsys", base::debug::CrashKeySize::Size256);
-#endif
 }
 
 const char* GetErrorMessageContentForTests() {

sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

@@ -10,8 +10,10 @@
 #include <sched.h>
 #include <signal.h>
 #include <stdint.h>
+#include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <sys/prctl.h>
+#include <sys/ptrace.h>
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/time.h>
@@ -33,10 +35,6 @@
 #include "sandbox/linux/system_headers/linux_syscalls.h"
 #include "sandbox/linux/system_headers/linux_time.h"
 
-// PNaCl toolchain does not provide sys/ioctl.h and sys/ptrace.h headers.
-#if !defined(OS_NACL_NONSFI)
-#include <sys/ioctl.h>
-#include <sys/ptrace.h>
 #if (defined(OS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)) && \
     !defined(__arm__) && !defined(__aarch64__) &&           \
     !defined(PTRACE_GET_THREAD_AREA)
@@ -46,7 +44,6 @@
 // defined on aarch64, so don't try to include this on those platforms.
 #include <asm/ptrace-abi.h>
 #endif
-#endif  // !OS_NACL_NONSFI
 
 #if defined(OS_ANDROID)
 
@@ -130,7 +127,6 @@ using sandbox::bpf_dsl::ResultExpr;
 
 namespace sandbox {
 
-#if !defined(OS_NACL_NONSFI)
 // Allow Glibc's and Android pthread creation flags, crash on any other
 // thread creation attempts and EPERM attempts to use neither
 // CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
@@ -380,7 +376,6 @@ ResultExpr RestrictGetrusage() {
   return If(AnyOf(who == RUSAGE_SELF, who == RUSAGE_THREAD), Allow())
          .Else(CrashSIGSYS());
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 ResultExpr RestrictClockID() {
   static_assert(4 == sizeof(clockid_t), "clockid_t is not 32bit");
@@ -434,7 +429,6 @@ ResultExpr RestrictPrlimitToGetrlimit(pid_t target_pid) {
       .Else(Error(EPERM));
 }
 
-#if !defined(OS_NACL_NONSFI)
 ResultExpr RestrictPtrace() {
   const Arg<int> request(0);
 #if defined(__aarch64__)
@@ -459,7 +453,6 @@ ResultExpr RestrictPtrace() {
 #endif
       .Default(CrashSIGSYSPtrace());
 }
-#endif  // defined(OS_NACL_NONSFI)
 
 ResultExpr RestrictPkeyAllocFlags() {
   const Arg<int> flags(0);

sandbox/linux/services/namespace_sandbox.cc

@@ -37,7 +37,6 @@ const char kSandboxUSERNSEnvironmentVarName[] = "SBX_USER_NS";
 const char kSandboxPIDNSEnvironmentVarName[] = "SBX_PID_NS";
 const char kSandboxNETNSEnvironmentVarName[] = "SBX_NET_NS";
 
-#if !defined(OS_NACL_NONSFI)
 class WriteUidGidMapDelegate : public base::LaunchOptions::PreExecDelegate {
  public:
   WriteUidGidMapDelegate()
@@ -71,7 +70,6 @@ void SetEnvironForNamespaceType(base::EnvironmentMap* environ,
   // An empty string causes the env var to be unset in the child process.
   (*environ)[env_var] = value ? "1" : "";
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 // Linux supports up to 64 signals. This should be updated if that ever changes.
 int g_signal_exit_codes[64];
@@ -136,7 +134,6 @@ void MaybeUpdateGlibcTidCache() {
 
 }  // namespace
 
-#if !defined(OS_NACL_NONSFI)
 NamespaceSandbox::Options::Options()
     : ns_types(CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET),
       fail_on_unsupported_ns_type(false) {}
@@ -211,7 +208,6 @@ base::Process NamespaceSandbox::LaunchProcessWithOptions(
 
   return base::LaunchProcess(argv, launch_options_copy);
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 // static
 pid_t NamespaceSandbox::ForkInNewPidNamespace(bool drop_capabilities_in_child) {
@@ -255,12 +251,10 @@ bool NamespaceSandbox::InstallTerminationSignalHandler(
   struct sigaction old_action;
   PCHECK(sys_sigaction(sig, nullptr, &old_action) == 0);
 
-#if !defined(OS_NACL_NONSFI)
   if (old_action.sa_flags & SA_SIGINFO &&
       old_action.sa_sigaction != nullptr) {
     return false;
   }
-#endif
 
   if (old_action.sa_handler != LINUX_SIG_DFL) {
     return false;

sandbox/linux/services/namespace_sandbox.h

@@ -36,7 +36,6 @@ namespace sandbox {
 //    Credentials::DropAllCapabilities().
 class SANDBOX_EXPORT NamespaceSandbox {
  public:
-#if !defined(OS_NACL_NONSFI)
   struct Options {
     Options();
     ~Options();
@@ -75,7 +74,6 @@ class SANDBOX_EXPORT NamespaceSandbox {
       const std::vector<std::string>& argv,
       const base::LaunchOptions& launch_options,
       const Options& ns_sandbox_options);
-#endif  // !defined(OS_NACL_NONSFI)
 
   // Forks a process in its own PID namespace. The child process is the init
   // process inside of the PID namespace, so if the child needs to fork further,

sandbox/linux/syscall_broker/broker_simple_message.cc

@@ -142,15 +142,9 @@ ssize_t BrokerSimpleMessage::RecvMsgWithFlagsMultipleFds(
   msg.msg_iov = &iov;
   msg.msg_iovlen = 1;
 
-#if defined(OS_NACL_NONSFI)
-  const size_t kControlBufferSize =
-      CMSG_SPACE(sizeof(fd) * base::UnixDomainSocket::kMaxFileDescriptors);
-#else
   const size_t kControlBufferSize =
       CMSG_SPACE(sizeof(fd) * base::UnixDomainSocket::kMaxFileDescriptors) +
-      // The PNaCl toolchain for Non-SFI binary build does not support ucred.
       CMSG_SPACE(sizeof(struct ucred));
-#endif  // defined(OS_NACL_NONSFI)
 
   char control_buffer[kControlBufferSize];
   msg.msg_control = control_buffer;
@@ -174,16 +168,12 @@ ssize_t BrokerSimpleMessage::RecvMsgWithFlagsMultipleFds(
         wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
         wire_fds_len = payload_len / sizeof(fd);
       }
-#if !defined(OS_NACL_NONSFI)
-      // The PNaCl toolchain for Non-SFI binary build does not support
-      // SCM_CREDENTIALS.
       if (cmsg->cmsg_level == SOL_SOCKET &&
           cmsg->cmsg_type == SCM_CREDENTIALS) {
         DCHECK_EQ(payload_len, sizeof(struct ucred));
         DCHECK_EQ(pid, -1);
         pid = reinterpret_cast<struct ucred*>(CMSG_DATA(cmsg))->pid;
       }
-#endif
     }
   }
 

sandbox/linux/system_headers/linux_seccomp.h

@@ -6,13 +6,10 @@
 #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_
 
 #include <stdint.h>
+#include <sys/ioctl.h>
 
 #include "build/build_config.h"
 
-#if !defined(OS_NACL_NONSFI)
-#include <sys/ioctl.h>
-#endif
-
 // The Seccomp2 kernel ABI is not part of older versions of glibc.
 // As we can't break compilation with these versions of the library,
 // we explicitly define all missing symbols.
@@ -184,8 +181,6 @@ struct seccomp_notif_addfd {
   uint32_t newfd_flags;
 };
 
-// sys/ioctl.h is not available in pnacl toolchain.
-#if !defined(OS_NACL_NONSFI)
 #define SECCOMP_IOC_MAGIC '!'
 #define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr)
 #define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type)
@@ -201,7 +196,6 @@ struct seccomp_notif_addfd {
 #define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, uint64_t)
 // On success, the return value is the remote process's added fd number
 #define SECCOMP_IOCTL_NOTIF_ADDFD SECCOMP_IOW(3, struct seccomp_notif_addfd)
-#endif  // !defined(OS_NACL_NONSFI)
 
 #ifndef SECCOMP_RET_KILL
 // Return values supported for BPF filter programs. Please note that the

sandbox/linux/system_headers/linux_ucontext.h

@@ -1,22 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_UCONTEXT_H_
-#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_UCONTEXT_H_
-
-#if defined(__native_client_nonsfi__)
-
-#if defined(__arm__)
-#include "sandbox/linux/system_headers/arm_linux_ucontext.h"
-#elif defined(__i386__)
-#include "sandbox/linux/system_headers/i386_linux_ucontext.h"
-#else
-#error "No support for your architecture in PNaCl header"
-#endif
-
-#else  // defined(__native_client_nonsfi__)
-#error "The header file included on non PNaCl."
-#endif  // defined(__native_client_nonsfi__)
-
-#endif  // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_UCONTEXT_H_

sandbox/linux/tests/unit_tests.cc

@@ -79,14 +79,8 @@ bool IsArchitectureArm() {
 static const int kExpectedValue = 1;
 static const int kIgnoreThisTest = 43;
 static const int kExitWithAssertionFailure = 1;
-#if !defined(OS_NACL_NONSFI)
 static const int kExitForTimeout = 2;
-#endif
 
-// PNaCl toolchain's signal ABIs are incompatible with Linux's.
-// So, for simplicity, just drop the "timeout" feature from unittest framework
-// with relying on the buildbot's timeout feature.
-#if !defined(OS_NACL_NONSFI)
 static void SigAlrmHandler(int) {
   const char failure_message[] = "Timeout reached!\n";
   // Make sure that we never block here.
@@ -118,7 +112,6 @@ static void SetProcessTimeout(int time_in_seconds) {
   SANDBOX_ASSERT(alarm(time_in_seconds) == 0);  // There should be no previous
                                                 // alarm.
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 // Runs a test in a sub-process. This is necessary for most of the code
 // in the BPF sandbox, as it potentially makes global state changes and as
@@ -164,9 +157,7 @@ void UnitTests::RunTestInProcess(SandboxTestRunner* test_runner,
     SANDBOX_ASSERT(!close(fds[0]));
     SANDBOX_ASSERT(!close(fds[1]));
 
-#if !defined(OS_NACL_NONSFI)
     SetProcessTimeout(GetSubProcessTimeoutTimeInSeconds());
-#endif
 
     // Disable core files. They are not very useful for our individual test
     // cases.

sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc

@@ -36,6 +36,7 @@
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
+#include "sandbox/policy/chromecast_sandbox_allowlist_buildflags.h"
 #include "sandbox/policy/linux/bpf_audio_policy_linux.h"
 #include "sandbox/policy/linux/bpf_base_policy_linux.h"
 #include "sandbox/policy/linux/bpf_cdm_policy_linux.h"
@@ -51,10 +52,6 @@
 #include "sandbox/policy/linux/bpf_speech_recognition_policy_linux.h"
 #include "sandbox/policy/linux/bpf_utility_policy_linux.h"
 
-#if !defined(OS_NACL_NONSFI)
-#include "sandbox/policy/chromecast_sandbox_allowlist_buildflags.h"
-#endif  // !defined(OS_NACL_NONSFI)
-
 #if BUILDFLAG(IS_CHROMEOS_ASH)
 #include "sandbox/policy/features.h"
 #include "sandbox/policy/linux/bpf_ime_policy_linux.h"
@@ -85,8 +82,6 @@ namespace policy {
 #if BUILDFLAG(USE_SECCOMP_BPF)
 namespace {
 
-#if !defined(OS_NACL_NONSFI)
-
 // nacl_helper needs to be tiny and includes only part of content/
 // in its dependencies. Make sure to not link things that are not needed.
 #if !defined(IN_NACL_HELPER)
@@ -128,7 +123,6 @@ std::unique_ptr<BPFBasePolicy> GetGpuProcessSandbox(
   return std::make_unique<GpuProcessPolicy>();
 }
 #endif  // !defined(IN_NACL_HELPER)
-#endif  // !defined(OS_NACL_NONSFI)
 
 }  // namespace
 
@@ -155,8 +149,6 @@ bool SandboxSeccompBPF::SupportsSandbox() {
 #endif
 }
 
-#if !defined(OS_NACL_NONSFI)
-
 bool SandboxSeccompBPF::SupportsSandboxWithTsync() {
 #if BUILDFLAG(USE_SECCOMP_BPF)
   return SandboxBPF::SupportsSeccompSandbox(
@@ -273,7 +265,6 @@ void SandboxSeccompBPF::RunSandboxSanityChecks(
       break;
   }
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
     std::unique_ptr<bpf_dsl::Policy> policy,
@@ -303,7 +294,6 @@ bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
   return false;
 }
 
-#if !defined(OS_NACL_NONSFI)
 std::unique_ptr<bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() {
 #if BUILDFLAG(USE_SECCOMP_BPF)
   return std::make_unique<BaselinePolicy>();
@@ -311,7 +301,6 @@ std::unique_ptr<bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() {
   return nullptr;
 #endif  // BUILDFLAG(USE_SECCOMP_BPF)
 }
-#endif  // !defined(OS_NACL_NONSFI)
 
 }  // namespace policy
 }  // namespace sandbox

sandbox/policy/linux/sandbox_seccomp_bpf_linux.h

@@ -48,7 +48,6 @@ class SANDBOX_POLICY_EXPORT SandboxSeccompBPF {
   // Check if the kernel supports seccomp-bpf.
   static bool SupportsSandbox();
 
-#if !defined(OS_NACL_NONSFI)
   // Check if the kernel supports TSYNC (thread synchronization) with seccomp.
   static bool SupportsSandboxWithTsync();
 
@@ -61,7 +60,6 @@ class SANDBOX_POLICY_EXPORT SandboxSeccompBPF {
   // the process if the sandbox failed to engage.
   static void RunSandboxSanityChecks(sandbox::mojom::Sandbox sandbox_type,
                                      const SandboxSeccompBPF::Options& options);
-#endif  // !defined(OS_NACL_NONSFI)
 
   // This is the API to enable a seccomp-bpf sandbox by using an
   // external policy.