blob: d2b160180a5a9c2a7ac474e41c65863a9109ae9f [file] [log] [blame]
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sandbox/policy/sandbox_type.h"
#include <string>
#include "base/check.h"
#include "base/notreached.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "sandbox/policy/mojom/sandbox.mojom.h"
#include "sandbox/policy/switches.h"
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/ash/components/assistant/buildflags.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
namespace sandbox::policy {
namespace {
// Switch values that are only accessed in this file.
constexpr char kNoneSandbox[] = "none";
constexpr char kNetworkSandbox[] = "network";
constexpr char kOnDeviceModelExecutionSandbox[] = "on_device_model_execution";
constexpr char kUtilitySandbox[] = "utility";
constexpr char kCdmSandbox[] = "cdm";
constexpr char kPrintCompositorSandbox[] = "print_compositor";
constexpr char kAudioSandbox[] = "audio";
constexpr char kServiceSandbox[] = "service";
constexpr char kServiceSandboxWithJit[] = "service_with_jit";
constexpr char kSpeechRecognitionSandbox[] = "speech_recognition";
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
constexpr char kPpapiSandbox[] = "ppapi";
#endif
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
constexpr char kPrintBackendSandbox[] = "print_backend";
constexpr char kScreenAISandbox[] = "screen_ai";
#endif
#if BUILDFLAG(IS_WIN)
constexpr char kNoneSandboxAndElevatedPrivileges[] = "none_and_elevated";
constexpr char kPdfConversionSandbox[] = "pdf_conversion";
constexpr char kXrCompositingSandbox[] = "xr_compositing";
constexpr char kIconReaderSandbox[] = "icon_reader";
constexpr char kMediaFoundationCdmSandbox[] = "mf_cdm";
constexpr char kWindowsSystemProxyResolverSandbox[] = "proxy_resolver_win";
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(IS_MAC)
constexpr char kMirroringSandbox[] = "mirroring";
#endif // BUILDFLAG(IS_MAC)
#if BUILDFLAG(IS_LINUX)
constexpr char kVideoEffectsSandbox[] = "video_effects";
#endif
#if BUILDFLAG(IS_FUCHSIA)
constexpr char kVideoCaptureSandbox[] = "video_capture";
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
constexpr char kHardwareVideoDecodingSandbox[] = "hardware_video_decoding";
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
constexpr char kHardwareVideoEncodingSandbox[] = "hardware_video_encoding";
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
constexpr char kImeSandbox[] = "ime";
constexpr char kTtsSandbox[] = "tts";
constexpr char kNearbySandbox[] = "nearby";
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
constexpr char kLibassistantSandbox[] = "libassistant";
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
constexpr char kOnDeviceTranslationSandbox[] = "on_device_translation";
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
} // namespace
using sandbox::mojom::Sandbox;
bool IsUnsandboxedSandboxType(Sandbox sandbox_type) {
if (sandbox_type == Sandbox::kNoSandbox) {
return true;
}
#if BUILDFLAG(IS_WIN)
if (sandbox_type == Sandbox::kNoSandboxAndElevatedPrivileges) {
return true;
}
#endif
return false;
}
void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
Sandbox sandbox_type) {
switch (sandbox_type) {
case Sandbox::kNoSandbox:
if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kUtilityProcess) {
DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
command_line->AppendSwitchASCII(
switches::kServiceSandboxType,
StringFromUtilitySandboxType(sandbox_type));
} else {
command_line->AppendSwitch(switches::kNoSandbox);
}
break;
case Sandbox::kRenderer:
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kRendererProcess);
break;
case Sandbox::kGpu:
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kGpuProcess);
break;
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
case Sandbox::kPpapi:
if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kUtilityProcess) {
command_line->AppendSwitchASCII(switches::kServiceSandboxType,
kPpapiSandbox);
} else {
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kPpapiPluginProcess);
}
break;
#endif
case Sandbox::kService:
case Sandbox::kServiceWithJit:
case Sandbox::kUtility:
case Sandbox::kNetwork:
case Sandbox::kOnDeviceModelExecution:
case Sandbox::kCdm:
case Sandbox::kPrintCompositor:
case Sandbox::kAudio:
#if BUILDFLAG(IS_FUCHSIA)
case Sandbox::kVideoCapture:
#endif
#if BUILDFLAG(IS_WIN)
case Sandbox::kNoSandboxAndElevatedPrivileges:
case Sandbox::kXrCompositing:
case Sandbox::kPdfConversion:
case Sandbox::kIconReader:
case Sandbox::kMediaFoundationCdm:
case Sandbox::kWindowsSystemProxyResolver:
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kHardwareVideoDecoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case Sandbox::kHardwareVideoEncoding:
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kIme:
case Sandbox::kTts:
case Sandbox::kNearby:
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
case Sandbox::kLibassistant:
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_MAC)
case Sandbox::kMirroring:
#endif // BUILDFLAG(IS_MAC)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
case Sandbox::kPrintBackend:
case Sandbox::kScreenAI:
#endif
case Sandbox::kSpeechRecognition:
#if BUILDFLAG(IS_LINUX)
case Sandbox::kVideoEffects:
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
case Sandbox::kOnDeviceTranslation:
#endif
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kUtilityProcess);
DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
command_line->AppendSwitchASCII(
switches::kServiceSandboxType,
StringFromUtilitySandboxType(sandbox_type));
break;
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case Sandbox::kZygoteIntermediateSandbox:
break;
#endif
}
}
sandbox::mojom::Sandbox SandboxTypeFromCommandLine(
const base::CommandLine& command_line) {
if (command_line.HasSwitch(switches::kNoSandbox))
return Sandbox::kNoSandbox;
std::string process_type =
command_line.GetSwitchValueASCII(switches::kProcessType);
if (process_type.empty())
return Sandbox::kNoSandbox;
if (process_type == switches::kRendererProcess)
return Sandbox::kRenderer;
if (process_type == switches::kUtilityProcess) {
return UtilitySandboxTypeFromString(
command_line.GetSwitchValueASCII(switches::kServiceSandboxType));
}
if (process_type == switches::kGpuProcess) {
if (command_line.HasSwitch(switches::kDisableGpuSandbox))
return Sandbox::kNoSandbox;
return Sandbox::kGpu;
}
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
if (process_type == switches::kPpapiPluginProcess)
return Sandbox::kPpapi;
#endif
// NaCl tests on all platforms use the loader process.
if (process_type == switches::kNaClLoaderProcess) {
return Sandbox::kUtility;
}
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
// Intermediate process gains a sandbox later.
if (process_type == switches::kZygoteProcessType)
return Sandbox::kZygoteIntermediateSandbox;
#endif
#if BUILDFLAG(IS_MAC)
if (process_type == switches::kRelauncherProcessType ||
process_type == switches::kCodeSignCloneCleanupProcessType) {
return Sandbox::kNoSandbox;
}
#endif
NOTREACHED()
<< "Command line does not provide a valid sandbox configuration: "
<< command_line.GetCommandLineString();
}
std::string StringFromUtilitySandboxType(Sandbox sandbox_type) {
switch (sandbox_type) {
case Sandbox::kNoSandbox:
return kNoneSandbox;
#if BUILDFLAG(IS_WIN)
case Sandbox::kNoSandboxAndElevatedPrivileges:
return kNoneSandboxAndElevatedPrivileges;
#endif // BUILDFLAG(IS_WIN)
case Sandbox::kNetwork:
return kNetworkSandbox;
case Sandbox::kOnDeviceModelExecution:
return kOnDeviceModelExecutionSandbox;
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
case Sandbox::kPpapi:
return kPpapiSandbox;
#endif
case Sandbox::kCdm:
return kCdmSandbox;
case Sandbox::kPrintCompositor:
return kPrintCompositorSandbox;
case Sandbox::kUtility:
return kUtilitySandbox;
case Sandbox::kAudio:
return kAudioSandbox;
#if BUILDFLAG(IS_FUCHSIA)
case Sandbox::kVideoCapture:
return kVideoCaptureSandbox;
#endif
case Sandbox::kService:
return kServiceSandbox;
case Sandbox::kServiceWithJit:
return kServiceSandboxWithJit;
case Sandbox::kSpeechRecognition:
return kSpeechRecognitionSandbox;
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
case Sandbox::kPrintBackend:
return kPrintBackendSandbox;
case Sandbox::kScreenAI:
return kScreenAISandbox;
#endif
#if BUILDFLAG(IS_LINUX)
case Sandbox::kVideoEffects:
return kVideoEffectsSandbox;
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
case Sandbox::kOnDeviceTranslation:
return kOnDeviceTranslationSandbox;
#endif
#if BUILDFLAG(IS_WIN)
case Sandbox::kXrCompositing:
return kXrCompositingSandbox;
case Sandbox::kPdfConversion:
return kPdfConversionSandbox;
case Sandbox::kIconReader:
return kIconReaderSandbox;
case Sandbox::kMediaFoundationCdm:
return kMediaFoundationCdmSandbox;
case Sandbox::kWindowsSystemProxyResolver:
return kWindowsSystemProxyResolverSandbox;
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(IS_MAC)
case Sandbox::kMirroring:
return kMirroringSandbox;
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kHardwareVideoDecoding:
return kHardwareVideoDecodingSandbox;
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case Sandbox::kHardwareVideoEncoding:
return kHardwareVideoEncodingSandbox;
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
case Sandbox::kIme:
return kImeSandbox;
case Sandbox::kTts:
return kTtsSandbox;
case Sandbox::kNearby:
return kNearbySandbox;
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
case Sandbox::kLibassistant:
return kLibassistantSandbox;
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
// The following are not utility processes so should not occur.
case Sandbox::kRenderer:
case Sandbox::kGpu:
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
case Sandbox::kZygoteIntermediateSandbox:
#endif
NOTREACHED();
}
}
sandbox::mojom::Sandbox UtilitySandboxTypeFromString(
const std::string& sandbox_string) {
// This function should cover all sandbox types used for utilities, the
// CHECK at the end should catch any attempts to forget to add a new type.
// Most utilities are kUtility or kService so put those first.
if (sandbox_string == kUtilitySandbox) {
return Sandbox::kUtility;
}
if (sandbox_string == kServiceSandbox) {
return Sandbox::kService;
}
if (sandbox_string == kServiceSandboxWithJit) {
return Sandbox::kServiceWithJit;
}
if (sandbox_string == kNoneSandbox) {
return Sandbox::kNoSandbox;
}
#if BUILDFLAG(IS_WIN)
if (sandbox_string == kNoneSandboxAndElevatedPrivileges) {
return Sandbox::kNoSandboxAndElevatedPrivileges;
}
#endif
if (sandbox_string == kNetworkSandbox) {
return Sandbox::kNetwork;
}
if (sandbox_string == kOnDeviceModelExecutionSandbox) {
return Sandbox::kOnDeviceModelExecution;
}
#if BUILDFLAG(ENABLE_PPAPI) && !BUILDFLAG(IS_WIN)
if (sandbox_string == kPpapiSandbox) {
return Sandbox::kPpapi;
}
#endif
if (sandbox_string == kCdmSandbox) {
return Sandbox::kCdm;
}
if (sandbox_string == kPrintCompositorSandbox) {
return Sandbox::kPrintCompositor;
}
#if BUILDFLAG(IS_WIN)
if (sandbox_string == kXrCompositingSandbox) {
return Sandbox::kXrCompositing;
}
if (sandbox_string == kPdfConversionSandbox) {
return Sandbox::kPdfConversion;
}
if (sandbox_string == kIconReaderSandbox) {
return Sandbox::kIconReader;
}
if (sandbox_string == kMediaFoundationCdmSandbox) {
return Sandbox::kMediaFoundationCdm;
}
if (sandbox_string == kWindowsSystemProxyResolverSandbox) {
return Sandbox::kWindowsSystemProxyResolver;
}
#endif
#if BUILDFLAG(IS_MAC)
if (sandbox_string == kMirroringSandbox) {
return Sandbox::kMirroring;
}
#endif
if (sandbox_string == kAudioSandbox) {
return Sandbox::kAudio;
}
if (sandbox_string == kSpeechRecognitionSandbox) {
return Sandbox::kSpeechRecognition;
}
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_WIN)
if (sandbox_string == kPrintBackendSandbox) {
return Sandbox::kPrintBackend;
}
if (sandbox_string == kScreenAISandbox) {
return Sandbox::kScreenAI;
}
#endif
#if BUILDFLAG(IS_LINUX)
if (sandbox_string == kVideoEffectsSandbox) {
return Sandbox::kVideoEffects;
}
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
if (sandbox_string == kOnDeviceTranslationSandbox) {
return Sandbox::kOnDeviceTranslation;
}
#endif
#if BUILDFLAG(IS_FUCHSIA)
if (sandbox_string == kVideoCaptureSandbox) {
return Sandbox::kVideoCapture;
}
#endif
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
if (sandbox_string == kHardwareVideoDecodingSandbox) {
return Sandbox::kHardwareVideoDecoding;
}
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
if (sandbox_string == kHardwareVideoEncodingSandbox) {
return Sandbox::kHardwareVideoEncoding;
}
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
if (sandbox_string == kImeSandbox) {
return Sandbox::kIme;
}
if (sandbox_string == kTtsSandbox) {
return Sandbox::kTts;
}
if (sandbox_string == kNearbySandbox) {
return Sandbox::kNearby;
}
#if BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
if (sandbox_string == kLibassistantSandbox) {
return Sandbox::kLibassistant;
}
#endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT)
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
NOTREACHED()
<< "Command line does not provide a valid sandbox configuration: "
<< sandbox_string;
}
} // namespace sandbox::policy