Sandbox code is difficult to follow if there are too many
conditional defines and it is ok for chromium to support
a sandbox type that it doesn't use in some configurations.
This CL makes two sandbox types (kPrintBackend and kScreenAI)
always be defined and supported on the platforms where they
are used (they are always used in official Chrome builds on
these platforms).
Both ENABLE_SCREEN_AI_SERVICE and ENABLE_OOP_PRINTING are
always enabled on linux, cros, mac and win.
Additionally some buildflags were tested where they were always
true, so those ifdefs are removed (e.g. in
utility_process_sandbox_browsertest.cc).
Bug: 41494527
Change-Id: Ief90cf997da5677b54e064abd7a45f6eaf3cfebe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6015430
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Mark Rowe <markrowe@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1386974}
NOTREACHED() and NOTREACHED_IN_MIGRATION() are both CHECK-fatal now.
The former is [[noreturn]] so this CL also performs dead-code removal
after the NOTREACHED().
This CL does not attempt to do additional rewrites of any surrounding
code, like:
if (!foo) {
NOTREACHED();
}
to CHECK(foo);
Those transforms take a non-trivial amount of time (and there are
thousands of instances). Cleanup can be left as an exercise for the
reader.
This does clean up kCrashOnDanglingBrowserContext as both paths of the
kill switch are currently fatal. This has been rolled out for a long
time.
Bug: 40580068, 40062641
Change-Id: Ib88e710d003e2e48df3fc502ca54d2341d157a0e
Cq-Include-Trybots: luci.chromium.try:linux-dcheck-off-rel
Low-Coverage-Reason: OTHER Should-be-unreachable code
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5974816
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Peter Boström <pbos@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1376522}
This CL implements sandboxing for OnDeviceTranslation service on Linux.
We allow `membarrier` syscall and reading
"/sys/devices/system/cpu/possible" inside the sandboxed
OnDeviceTranslation service process.
Note: The sandboxed OnDeviceTranslation service will crash until
https://crbug.com/369491267 is resolved.
Bug: 340778819
Change-Id: I289294f35d55bb5dad6bcc0fba422b4077ae2ae7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5884817
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1362827}
This CL adds a new sandbox policy type kVideoEffects for the Video
Effects Service to be supported on Win, Mac, and Linux. It does not
implement any specific sandbox behaviors, which will come in
followup CLs. Attempting to use the new sandbox policy will trigger
NOTREACHED().
The policy is guarded by the enable_video_effects GN arg (as compilation
the service itself is also guarded by that arg).
This follows the pattern of the ScreenAI sandbox policy which has
similar requirements.
Bug: 361128453
Change-Id: Ifea3a49b4736d204aa5331d9edf5b57e7af176f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5800422
Reviewed-by: Mark Rowe <markrowe@chromium.org>
Reviewed-by: Piotr Bialecki <bialpio@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Mark Foltz <mfoltz@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1351868}
Adds a new Nearby-specific sandbox type and adjusts
the Nearby process launch process to use it. This new
type is essentially the same as the previous `kService`
type, with additional socket permissions required to
use WiFi Direct.
Tests: Manually verified Nearby Share works
Bug: b/345377588
Change-Id: Ia91e0d9e0e3e07eba798c8b4b8ef124af0301412
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5601981
Reviewed-by: Ryan Hansberry <hansberry@chromium.org>
Commit-Queue: Jack Shira <jackshira@google.com>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1313080}
This was generated by replacing " NOTREACHED()" with
" NOTREACHED_IN_MIGRATION()" and running git cl format.
This prepares for making NOTREACHED() [[noreturn]] alongside
NotReachedIsFatal migration of existing inventory.
Bug: 40580068
Change-Id: I3b48b89911ac5e9ffcb211622992f917f8f9e8d9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5539619
Auto-Submit: Peter Boström <pbos@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1301096}
Introduce a new kOnDeviceModelExecution sandbox type to be used by a
utility process running e.g. tflite models with a WebGPU backend.
Also use the new sandbox type for the On-Device Model Service.
The sandbox on Windows uses an LPAC config with enough privileges
to load arbitrary driver DLLs after initialization.
On other platforms the sandbox is fully locked-down and the service
will not operate correctly until it's appropriately loosened.
Bug: b:301661393
Change-Id: I075388170d03859ff4f8e08f1942731e073b38b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4965799
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1214918}
This CL creates a sandbox BPF policy for hardware video decoding (in the
context of out-of-process video decoding). For the purposes of this CL,
the BPF policy is the same as the GPU process BPF policy. In follow-up
CLs, the BPF policy will be refined for the different possibilities.
These possibilities are encoded in ComputePolicyType() which is
introduced in this CL. Follow-up CLs will use the return value of this
method to configure both the pre-sandbox hook and the BPF policy itself.
Bug: b:210759684
Test: None
Change-Id: Ie7e8db75ae7c1529030d53dc876426f94dbd040b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3997594
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1069372}
This CL moves .gni and build flags in //chromeos/assistant to ash. Also
a file in test_support/ is migrated from namespace chromeos to ash.
This CL temporarily keeps chromeos/assistant/assistant.gni which used by internal assistant codes. It imports ch/ash/components/assistant.gni
only to avoid internal builds broken and will be removed after being changing internal codes to use the new path.
This CL is part of the Chrome OS source code directory migration:
https://docs.google.com/document/d/1g-98HpzA8XcoGBWUv1gQNr4rbnD5yfvbtYZyPDDbkaE.
Bug: 1164001
Change-Id: I78c8fe87c3d78f101acfa2d2ea3c77e39fbbc202
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3631105
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
Reviewed-by: Tao Wu <wutao@chromium.org>
Owners-Override: Hidehiko Abe <hidehiko@chromium.org>
Commit-Queue: Yeunjoo Choi <ychoi@igalia.com>
Cr-Commit-Position: refs/heads/main@{#1003614}
ScreenAI service is now under implementation for Linux and ChromeOS and
will later expand to other desktop platforms. For smoother transition a
buildflag is added.
After this change, the keyboard shortcut and registration of component
updated that were previously Linux-only are expanded to cover ChromeOS.
Bug: 1278249
Change-Id: I47d36c7c4259bc0f54759d6f9c0025396f1a9665
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3581030
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Ramin Halavati <rhalavati@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org>
Reviewed-by: David Tseng <dtseng@chromium.org>
Reviewed-by: Marc Treib <treib@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#997042}
This CL allows the kHardwareVideoDecoding sandbox to be used on
Chrome-for-Linux and ash-chrome builds. Before this CL, it could only be
used on ash-chrome because it was intended for ARC++/ARCVM
out-of-process video decoding. Now, we want to use it for more general
out-of-process video decoding which includes Linux.
Additionally, we declare the
media::stable::mojom::StableVideoDecoderFactory to use the
kHardwareVideoDecoding sandbox on Linux and ash-chrome.
Bug: b:195769334
Test: None
Change-Id: I243018b4647b7a58205e74fa1c5faaa664e2af6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3539516
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#984489}
To improve the accessibility tree based on visual data, a snapshot of
the screen is sent to a local machine learning library. The library will
provide annotations for the snapshot and the annotations will be used
to update the accessibility tree.
This CL adds a Screen AI sand-boxed service to load the library, and
general infrastructure to pass the images from renderer to the library
and getting back and applying the annotations.
The actual details on how the annotations are processed and used will be
added in subsequent CLs.
See more in go/chrome-screen-ai.
This change is behind kScreenAI flag and disabled by default.
Bug: 1278249
AX-Relnotes: N/A
Change-Id: I25861e9b288c729eafb6162992bc6fbe611f2152
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3358073
Reviewed-by: David Tseng <dtseng@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Commit-Queue: Ramin Halavati <rhalavati@chromium.org>
Cr-Commit-Position: refs/heads/main@{#974138}
This creates a utility sandbox that locks down as much as possible but
does allow dynamic code execution from within the sandbox. Its initial
purpose will be to host the AuctionWorkletService which runs web
supplied javascript and wasm but otherwise does not need access to
system resources.
Bug: 1272034
Tests: content_browsertests
Change-Id: I0cb626008b9662a8696a6fcf5b837f1c47d4b2fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3331179
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#953168}
sandbox.mojom.Sandbox can now be used as the sandbox type so we
replace it everywhere.
The guts of the change are in //sandbox/policy/sandbox_type.h where
SandboxType is now deleted, and //sandbox/policy/mojom/sandbox.mojom
where sandbox types that are not already used in mojom ServiceSandbox
attributes are added.
Some cascading changes:-
- kService wasn't implemented on Mac (as it is equivalent to kUtility).
As we cannot alias enum fields in mojo like we can in C++ I have added
kService for Mac. The alternative is to define platform specific
ServiceSandbox attributes for all kService interfaces which seems to
put this complexity in the wrong place.
- sandbox_type.h included a number of buildflag headers that other files
then relied on. As sandbox_type.h is no longer needed in many places
and no longer needs these defines, they have been introduced where
required.
- sandbox::mojom::Sandbox is forward declared in a couple of headers
that are widely imported, hopefully reducing the number of times the
mojom.h is included but not used.
- some build deps must be modified.
- LibAssistantService needs a sandbox to be defined even when hosted
in process, so has kNoSandbox now when enable_cros_libassistant is
false.
Bug: 1210301
Change-Id: I13fa4fa8cbbb3090a38806fe5532787bbdf1e2fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3213677
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Reviewed-by: Filip Gorski <fgorski@chromium.org>
Reviewed-by: Derek Schuff <dschuff@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Tao Wu <wutao@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: David Dorwin <ddorwin@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#934126}
The video capture service effectively runs in kNoSandbox on all
platforms except Fuchsia - it makes sense to only define that sandbox
type on Fuchsia, and use kNoSandbox elsewhere.
Bug: 1147991,1236898
Change-Id: I6f17d85801e97741508d889beede98efc6177360
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3110922
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#914505}
This service type is useful for more than just the sharing service, it
hosts chromium controlled code that makes limited use of system or
external libraries, and receives most or all of its resources via mojo
interfaces. The sandbox is slightly tighter than kUtility on most
platforms. In an ideal world, we would simply make kUtility the same
as this sandbox type, but tightening existing services takes time. New
services should use this sandbox type if they can.
This CL simply renames kSharingService to kService. No functional
changes. A follow-on will use kService for a new service.
Bug: 696635,1201769
Change-Id: Icde016a966f97ac8a876cb882ba1e6832cc108e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2852269
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#877176}
Printing is not supported on Fuchsia yet it has been making use of parts
of //printing. This should not be happening, targets in //printing
should not be used when `enable_basic_printing` is not enabled.
Update printing build to assert that printing is enabled to identify all
possible locations that are doing this and also avoid repeating this
issue in the future.
Update build files to condition dependencies upon printing targets as
necessary. Similarly wrap some utility code with build flag checks
for `ENABLE_PRINTING` to avoid printing-specific code.
Content web test makes use of printing code to print to a bitmap. This
is the scenario which was causing Fuchsia to make use of //printing.
Change this to just return an empty bitmap when printing isn't enabled
so that the dependency isn't relied upon for tests which aren't even
relevant for such a condition.
Bug: 1200443
Change-Id: I0c45e280a4c561a7918b9b103b0b4409fdfeb442
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2844307
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Michael Bai <michaelbai@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Alan Screen <awscreen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#876807}
This is a parameterized test, but in some configurations doesn't
generate any tests to run. This causes a warning:
The following parameterized test case is not instantiated:
UninstantiatedTypeParameterizedTestSuite<UtilityProcessSandboxBrowserTest>
I'm trying to promote this warning to an error, because it's common for
developers to accidentally miss instantiating a test, which results in
the test not running.
Fix using GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST, which is the
suppression described at:
https://github.com/google/googletest/blob/master/docs/advanced.md#value-parameterized-tests
Bug: 1192206
Test: content_browsertests
Change-Id: If0e4768759874d16f125bef02762ab6db7e504d4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2786127
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Auto-Submit: James Cook <jamescook@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#866755}
This change removes calls to base::ASCIIToUTF16 in //content and //ui
with a single-line string literal and replaces them with a u"..."
literal instead. Files where this change would cause compilation errors
were not changed.
This is a mechanical change:
$ git grep -lw ASCIIToUTF16 content ui | xargs \
sed -i 's/\(base::\)\?ASCIIToUTF16(\("\(\\.\|[^\\"]\)*"\))/u\2/g'
$ git cl format
Bug: 1189439
Change-Id: I0d5601dc15324c43012b8d26260405f1efdca07e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780265
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jan Wilken Dörrie <jdoerrie@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865766}
The default sandbox for the Print Backend service causes interactions to
fail due to access denied errors when trying to interact with the
operating system and printer drivers.
Adjust some of the sandbox settings for each desktop OS so that the
necessary calls can operate as needed.
Bug: 809738
Change-Id: I8bc987b9e9235ec6427e999eb7a44797c457fa9d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2422324
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Rebekah Potter <rbpotter@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alan Screen <awscreen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#859155}
The change is mostly mechanical replacing defined(OS_CHROMEOS) with
BUILDFLAG(IS_CHROMEOS_ASH) and GN variable is_chromeos with
is_chromeos_ash with some special cases (For those cases please
refer to http://go/lacros-macros).
The patch is made in preparation to switching lacros build from
target_os=linux to target_os=chromeos. This will prevent lacros from
changing behaviour after the switch.
Bug: 1052397
Change-Id: Ieb265e116ff6ada5e2f99d609ff12fb9f92727e0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2534271
Commit-Queue: Yuta Hijikata <ythjkt@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#829687}
This code was originally landed when sandbox stuff was still in Service
Manager. It's not in Service Manager anymore, and Service Manager code
is on its way to the great Git repository in the sky.
Bug: 977637
Change-Id: I10c2c02cbd70bc3f99fb0dfdb26319003b0047c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2520317
Auto-Submit: Ken Rockot <rockot@google.com>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#824301}
changes
Get rid of unnecessary accessibility_tree_formatter.h includes:
no sense to make useless things but it also reduce build time
for accessibility_tree_formatter.h changes.
Bug: 1133330
AX-Relnotes: n/a
Change-Id: I1ed327ec35afb7c876d40dfdaa801f278cd3b18f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2510374
Reviewed-by: Scott Violet <sky@chromium.org>
Commit-Queue: Alexander Surkov <asurkov@igalia.com>
Cr-Commit-Position: refs/heads/master@{#823618}
Originally the sandbox policies lived in //content, but with
servicification this would create unwanted dependencies between
//services and //content. Instead, create a new //sandbox/policy
library to hold the sandbox integration code. This library can depend
on the low-level //sandbox routines, but not nice versa.
Tbr: ajgo@chromium.org (mechanical change rule)
Bug: 1097376
Change-Id: I1ca9ac0015a625197f2d3aae104e8f7aa78dcfd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2272609
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#786385}
Note to QA: This CL is purely mechanical and shouldn't be blamed
for future regressions on touched files.
This is a follow-up to https://chromium-review.googlesource.com/c/chromium/src/+/2211138
which already removed all usage using content::BrowserThread.
Hence this script now matches unqualified BrowserThread:: without
risking having "content::" be selected as "traits_before" by the regex
(ran on same revision as step #1).
content:: is now always added if outside namespace content {}
(deleting unused using content::BrowserThread; decls)
Script @ https://crbug.com/1026641#c92
(will TBR fdoray@ post-review for mechanical change)
TBR=fdoray@hchromium.org
AX-Relnotes: n/a.
Bug: 1026641
Change-Id: I51ae2f83eb17d19b54563fd9b4fc040d2aa0c948
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2212469
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: François Doray <fdoray@chromium.org>
Cr-Commit-Position: refs/heads/master@{#772458}
This is a step towards doing full IWYU of browser_test.h, which will
have other benefits.
Completely mechanical and already R+ed as part of r765923.
Tbr: sky
Bug: none
Change-Id: Icb7ab728098a6cf29c0920da4b524e96a7c024c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2186411
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#766361}
Include this directly in relevant test files. This lets us convert the
HAS_OUT_OF_PROC_TEST_RUNNER checks in this file and
view_event_test_base.h into #errors, and force people to not even
include this file in files that can't use it.
Bug: none
Tbr: sky
Change-Id: I86626099eb047eb53e8b3611de38ba6bebc01a0b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2136117
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#765923}
This is a reland of 0823e91137
Plus: missed the nacl-broker process type (used for x86 on x64 nacl).
This previously reported kInvalid as a sandbox type, and acted as if
it had no sandbox, so now has kNoSandbox following
components/nacl/browser/nacl_broker_host_win.cc:36.
TBR'ing wez & jam as those parts are unchanged.
Original change's description:
> Exchange SandboxType::kInvalid for a CHECK.
>
> No processes should be launched with an invalid combination of flags for
> sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
> the point where the command line is parsed when child processes start.
>
> Unit tests exist for this code and continue to pass. Tests that
> verified that bad command lines were recognized are now removed as
> Chrome will safely CHECK in these cases.
>
> The following changes in default or behavior:-
>
> * cloud print service (--type=service) now reports kNoSandbox
> * NaCl loader process on non-Mac now reports kUtility
> - The NaCl loader defines its own sandbox but its command line
> is processed in some tests and needs a valid value.
> * Fuchsia: sandbox types are now enumerated and the type must be
> specified when the low level sandbox policy is constructed.
> * Linux: type added for Zygote to have before it grows up to get a
> real sandbox
>
> Bug: 1065087
> Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#762525}
TBR=wez,jam
Bug: 1065087
Change-Id: Ic66f04e7ac05de694d16eff7af3387d333d8149c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2167995
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#763339}
This reverts commit 0823e91137.
Reason for revert: Suspicious to have caused crashes on Win7 Tests Dbg.
https://ci.chromium.org/p/chromium/builders/ci/Win7%20Tests%20%28dbg%29%281%29/82323
A lot of NaCl / PPAPI related tests crash.
Original change's description:
> Exchange SandboxType::kInvalid for a CHECK.
>
> No processes should be launched with an invalid combination of flags for
> sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
> the point where the command line is parsed when child processes start.
>
> Unit tests exist for this code and continue to pass. Tests that
> verified that bad command lines were recognized are now removed as
> Chrome will safely CHECK in these cases.
>
> The following changes in default or behavior:-
>
> * cloud print service (--type=service) now reports kNoSandbox
> * NaCl loader process on non-Mac now reports kUtility
> - The NaCl loader defines its own sandbox but its command line
> is processed in some tests and needs a valid value.
> * Fuchsia: sandbox types are now enumerated and the type must be
> specified when the low level sandbox policy is constructed.
> * Linux: type added for Zygote to have before it grows up to get a
> real sandbox
>
> Bug: 1065087
> Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#762525}
TBR=wez@chromium.org,jam@chromium.org,rsesek@chromium.org,ajgo@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: 1065087
Change-Id: Ic2384481d0832b6513434102b7da96512678d744
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2167636
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#762734}
No processes should be launched with an invalid combination of flags for
sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
the point where the command line is parsed when child processes start.
Unit tests exist for this code and continue to pass. Tests that
verified that bad command lines were recognized are now removed as
Chrome will safely CHECK in these cases.
The following changes in default or behavior:-
* cloud print service (--type=service) now reports kNoSandbox
* NaCl loader process on non-Mac now reports kUtility
- The NaCl loader defines its own sandbox but its command line
is processed in some tests and needs a valid value.
* Fuchsia: sandbox types are now enumerated and the type must be
specified when the low level sandbox policy is constructed.
* Linux: type added for Zygote to have before it grows up to get a
real sandbox
Bug: 1065087
Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#762525}
This CL renames the generic pieces of the live caption feature from
"SODA" to "Speech Recognition". The SODA-specific pieces will not be
renamed including the presandbox hook, logic to retrieve the paths of
SODA-specific files, SODA component, and SODA client.
Bug: 1069284
Change-Id: Ic379b68cae607e77959a24368d93677a805b2713
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2142765
Commit-Queue: Evan Liu <evliu@google.com>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#758073}
