Make kNoSandboxAndElevatedPrivileges only available to utilities
Sandbox::kNoSandboxAndElevatedPrivileges had its own command line
switch, now it is integrated with how utilities are launched. We only
used this sandbox type from utilities so this should work out ok.
Additionally we remove two places where the command line switch
is sniffed from outside //sandbox and force use of helpers instead.
Test expectations in sandbox_integration_tests are adjusted to account
for this.
Bug: 1269423
Change-Id: I410f814e03bc60a2a424a9bcb55bc55aed39005e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3276784
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Filip Gorski <fgorski@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#941072}
NOKEYCHECK=True
GitOrigin-RevId: 67a1869cc94e5998f73db1c2ea132cfec10fffd5
diff --git a/policy/sandbox_type.cc b/policy/sandbox_type.cc
index 3d0bebd..1beb71c 100644
--- a/policy/sandbox_type.cc
+++ b/policy/sandbox_type.cc
@@ -90,11 +90,6 @@
command_line->AppendSwitch(switches::kNoSandbox);
}
break;
-#if defined(OS_WIN)
- case Sandbox::kNoSandboxAndElevatedPrivileges:
- command_line->AppendSwitch(switches::kNoSandboxAndElevatedPrivileges);
- break;
-#endif
case Sandbox::kRenderer:
DCHECK(command_line->GetSwitchValueASCII(switches::kProcessType) ==
switches::kRendererProcess);
@@ -128,6 +123,7 @@
case Sandbox::kVideoCapture:
#endif
#if defined(OS_WIN)
+ case Sandbox::kNoSandboxAndElevatedPrivileges:
case Sandbox::kXrCompositing:
case Sandbox::kPdfConversion:
case Sandbox::kIconReader:
@@ -168,11 +164,6 @@
if (command_line.HasSwitch(switches::kNoSandbox))
return Sandbox::kNoSandbox;
-#if defined(OS_WIN)
- if (command_line.HasSwitch(switches::kNoSandboxAndElevatedPrivileges))
- return Sandbox::kNoSandboxAndElevatedPrivileges;
-#endif
-
std::string process_type =
command_line.GetSwitchValueASCII(switches::kProcessType);
if (process_type.empty())
@@ -233,6 +224,10 @@
switch (sandbox_type) {
case Sandbox::kNoSandbox:
return switches::kNoneSandbox;
+#if defined(OS_WIN)
+ case Sandbox::kNoSandboxAndElevatedPrivileges:
+ return switches::kNoneSandboxAndElevatedPrivileges;
+#endif // defined(OS_WIN)
case Sandbox::kNetwork:
return switches::kNetworkSandbox;
#if BUILDFLAG(ENABLE_PLUGINS)
@@ -288,9 +283,6 @@
// The following are not utility processes so should not occur.
case Sandbox::kRenderer:
case Sandbox::kGpu:
-#if defined(OS_WIN)
- case Sandbox::kNoSandboxAndElevatedPrivileges:
-#endif // defined(OS_WIN)
#if defined(OS_MAC)
case Sandbox::kNaClLoader:
#endif // defined(OS_MAC)
diff --git a/policy/sandbox_type_unittest.cc b/policy/sandbox_type_unittest.cc
index 893a5c2..83da610 100644
--- a/policy/sandbox_type_unittest.cc
+++ b/policy/sandbox_type_unittest.cc
@@ -23,15 +23,6 @@
command_line.AppendSwitchASCII(switches::kServiceSandboxType, "network");
EXPECT_EQ(Sandbox::kNoSandbox, SandboxTypeFromCommandLine(command_line));
-#if defined(OS_WIN)
- EXPECT_FALSE(
- command_line.HasSwitch(switches::kNoSandboxAndElevatedPrivileges));
- SetCommandLineFlagsForSandboxType(&command_line,
- Sandbox::kNoSandboxAndElevatedPrivileges);
- EXPECT_EQ(Sandbox::kNoSandboxAndElevatedPrivileges,
- SandboxTypeFromCommandLine(command_line));
-#endif
-
EXPECT_FALSE(command_line.HasSwitch(switches::kNoSandbox));
SetCommandLineFlagsForSandboxType(&command_line, Sandbox::kNoSandbox);
EXPECT_EQ(Sandbox::kNoSandbox, SandboxTypeFromCommandLine(command_line));
@@ -101,6 +92,12 @@
EXPECT_EQ(Sandbox::kXrCompositing,
SandboxTypeFromCommandLine(command_line10));
+ base::CommandLine command_line11(command_line);
+ SetCommandLineFlagsForSandboxType(&command_line11,
+ Sandbox::kNoSandboxAndElevatedPrivileges);
+ EXPECT_EQ(Sandbox::kNoSandboxAndElevatedPrivileges,
+ SandboxTypeFromCommandLine(command_line11));
+
base::CommandLine command_line12(command_line);
SetCommandLineFlagsForSandboxType(&command_line12, Sandbox::kPdfConversion);
EXPECT_EQ(Sandbox::kPdfConversion,
diff --git a/policy/switches.cc b/policy/switches.cc
index 3aedd4c..6e77aff 100644
--- a/policy/switches.cc
+++ b/policy/switches.cc
@@ -107,9 +107,6 @@
// Add additional capabilities to the AppContainer sandbox on the GPU process.
const char kAddGpuAppContainerCaps[] = "add-gpu-appcontainer-caps";
-// Disables the sandbox and gives the process elevated privileges.
-const char kNoSandboxAndElevatedPrivileges[] = "no-sandbox-and-elevated";
-
// Add additional capabilities to the AppContainer sandbox used for XR
// compositing.
const char kAddXrAppContainerCaps[] = "add-xr-appcontainer-caps";
diff --git a/policy/switches.h b/policy/switches.h
index e322241..66ae49b 100644
--- a/policy/switches.h
+++ b/policy/switches.h
@@ -75,7 +75,6 @@
#if defined(OS_WIN)
SANDBOX_POLICY_EXPORT extern const char kAllowThirdPartyModules[];
SANDBOX_POLICY_EXPORT extern const char kAddGpuAppContainerCaps[];
-SANDBOX_POLICY_EXPORT extern const char kNoSandboxAndElevatedPrivileges[];
SANDBOX_POLICY_EXPORT extern const char kAddXrAppContainerCaps[];
#endif
#if defined(OS_MAC)
