commit 0771689adb6be3cc00c245feb0e3593b24d9c679
author Andrey Kosyakov <caseq@chromium.org> Thu Sep 19 03:31:13 2024
committer Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Sep 19 03:31:13 2024
tree e6548d5b8a7c706bbfd850426aff737a4ca85ec6
parent aa98ead63f857719e1cc7e8ae2ec1e33afd0c5ee

Temporarily disable network service sandboxing for headless

As a drive-by, update the identifier used in docs/mojo_and_services.md
to refer to actual predicate.

Bug: 364362654, 40052246
Change-Id: I920b1cf07030649d6306c931b0d6f97b9cae1551
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5874912
Reviewed-by: Peter Kvitek <kvitekp@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1357466}

docs/mojo_and_services.md

diff --git a/docs/mojo_and_services.md b/docs/mojo_and_services.md
index 20dbf64..847a581 100644
--- a/docs/mojo_and_services.md
+++ b/docs/mojo_and_services.md
@@ -445,7 +445,7 @@
 
 As a last resort, dynamic or feature based mapping to an underlying platform
 sandbox can be achieved but requires plumbing through ContentBrowserClient
-(e.g. `ShouldEnableNetworkServiceSandbox()`).
+(e.g. `ShouldSandboxNetworkService()`).
 
 ## Content-Layer Services Overview
 

headless/lib/browser/headless_content_browser_client.cc

diff --git a/headless/lib/browser/headless_content_browser_client.cc b/headless/lib/browser/headless_content_browser_client.cc
index c877347..919baee 100644
--- a/headless/lib/browser/headless_content_browser_client.cc
+++ b/headless/lib/browser/headless_content_browser_client.cc
@@ -453,6 +453,12 @@
   return std::make_unique<HeadlessVideoOverlayWindow>();
 }
 
+// TODO(364362654, 40052246): force-disable network service sandboxing
+// until it's stable in headful.
+bool HeadlessContentBrowserClient::ShouldSandboxNetworkService() {
+  return false;
+}
+
 void HeadlessContentBrowserClient::HandleExplicitlyAllowedPorts(
     ::network::mojom::NetworkService* network_service) {
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();

headless/lib/browser/headless_content_browser_client.h

diff --git a/headless/lib/browser/headless_content_browser_client.h b/headless/lib/browser/headless_content_browser_client.h
index f26634e..9e3c888 100644
--- a/headless/lib/browser/headless_content_browser_client.h
+++ b/headless/lib/browser/headless_content_browser_client.h
@@ -136,6 +136,8 @@
   CreateWindowForVideoPictureInPicture(
       content::VideoPictureInPictureWindowController* controller) override;
 
+  bool ShouldSandboxNetworkService() override;
+
  private:
   class StubBadgeService;