This is a reland of 0823e91137
Plus: missed the nacl-broker process type (used for x86 on x64 nacl).
This previously reported kInvalid as a sandbox type, and acted as if
it had no sandbox, so now has kNoSandbox following
components/nacl/browser/nacl_broker_host_win.cc:36.
TBR'ing wez & jam as those parts are unchanged.
Original change's description:
> Exchange SandboxType::kInvalid for a CHECK.
>
> No processes should be launched with an invalid combination of flags for
> sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
> the point where the command line is parsed when child processes start.
>
> Unit tests exist for this code and continue to pass. Tests that
> verified that bad command lines were recognized are now removed as
> Chrome will safely CHECK in these cases.
>
> The following changes in default or behavior:-
>
> * cloud print service (--type=service) now reports kNoSandbox
> * NaCl loader process on non-Mac now reports kUtility
> - The NaCl loader defines its own sandbox but its command line
> is processed in some tests and needs a valid value.
> * Fuchsia: sandbox types are now enumerated and the type must be
> specified when the low level sandbox policy is constructed.
> * Linux: type added for Zygote to have before it grows up to get a
> real sandbox
>
> Bug: 1065087
> Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#762525}
TBR=wez,jam
Bug: 1065087
Change-Id: Ic66f04e7ac05de694d16eff7af3387d333d8149c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2167995
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#763339}
This reverts commit 0823e91137.
Reason for revert: Suspicious to have caused crashes on Win7 Tests Dbg.
https://ci.chromium.org/p/chromium/builders/ci/Win7%20Tests%20%28dbg%29%281%29/82323
A lot of NaCl / PPAPI related tests crash.
Original change's description:
> Exchange SandboxType::kInvalid for a CHECK.
>
> No processes should be launched with an invalid combination of flags for
> sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
> the point where the command line is parsed when child processes start.
>
> Unit tests exist for this code and continue to pass. Tests that
> verified that bad command lines were recognized are now removed as
> Chrome will safely CHECK in these cases.
>
> The following changes in default or behavior:-
>
> * cloud print service (--type=service) now reports kNoSandbox
> * NaCl loader process on non-Mac now reports kUtility
> - The NaCl loader defines its own sandbox but its command line
> is processed in some tests and needs a valid value.
> * Fuchsia: sandbox types are now enumerated and the type must be
> specified when the low level sandbox policy is constructed.
> * Linux: type added for Zygote to have before it grows up to get a
> real sandbox
>
> Bug: 1065087
> Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#762525}
TBR=wez@chromium.org,jam@chromium.org,rsesek@chromium.org,ajgo@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: 1065087
Change-Id: Ic2384481d0832b6513434102b7da96512678d744
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2167636
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#762734}
No processes should be launched with an invalid combination of flags for
sandboxing. This eliminates SandboxType::kInvalid and adds a CHECK at
the point where the command line is parsed when child processes start.
Unit tests exist for this code and continue to pass. Tests that
verified that bad command lines were recognized are now removed as
Chrome will safely CHECK in these cases.
The following changes in default or behavior:-
* cloud print service (--type=service) now reports kNoSandbox
* NaCl loader process on non-Mac now reports kUtility
- The NaCl loader defines its own sandbox but its command line
is processed in some tests and needs a valid value.
* Fuchsia: sandbox types are now enumerated and the type must be
specified when the low level sandbox policy is constructed.
* Linux: type added for Zygote to have before it grows up to get a
real sandbox
Bug: 1065087
Change-Id: Ibe277153fa58771d12bae7e3c2f9c6b92b9370a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2120049
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#762525}
This CL renames the generic pieces of the live caption feature from
"SODA" to "Speech Recognition". The SODA-specific pieces will not be
renamed including the presandbox hook, logic to retrieve the paths of
SODA-specific files, SODA component, and SODA client.
Bug: 1069284
Change-Id: Ic379b68cae607e77959a24368d93677a805b2713
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2142765
Commit-Queue: Evan Liu <evliu@google.com>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#758073}
Confines the sharing service WebRTC helper in the union of utility
and renderer sandboxes.
Windows:-
Adds win32k lockdown.
Adds dynamic code disable.
Linux:-
Utility style seccomp with some calls removed.
Mac:-
Shortcuts to utility.
Testing:-
Manual test on each platform of large remote clipboard copy
to/from unmodified Canary with all sharing flags enabled.
Bug: 1045590
Change-Id: I72c1270c7db0dcce9e532ac97ad756fd22970574
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2051405
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Richard Knoll <knollr@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#751902}
This ensures that every utility process sandbox type actually results in
the created process being sandboxed. This has always been important, but
will become slightly more important when we start spawning from an
unsandboxed zygote.
This works by creating a SandboxStatusService mojo service which is test
only and exposes it on created utility processes. The test then simply
creates a utility process with every sandbox type ensures the sandbox
status is non-zero for types which should be sandboxed.
R=rsesek
Bug: 22703,1049234
Test: It's all tests!
Change-Id: I512f7aa77c20ba66e66cf448bfdabf5865a487e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2055993
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Auto-Submit: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#742861}
