One process per policy in chrome://sandbox
Policies now only apply to a single process so processIds can be
processId. (There was only ever one pid in the list, now there can
be only one.)
No change to the main output on chrome://sandbox.
Bug: 1270309
Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#964450}
NOKEYCHECK=True
GitOrigin-RevId: 23a41c068e35f33df1c3579a3b0b469d4458e6c1
diff --git a/win/src/sandbox_policy_diagnostic.cc b/win/src/sandbox_policy_diagnostic.cc
index 6c4608f..19ed93f 100644
--- a/win/src/sandbox_policy_diagnostic.cc
+++ b/win/src/sandbox_policy_diagnostic.cc
@@ -45,20 +45,12 @@
const char kLowboxSid[] = "lowboxSid";
const char kPlatformMitigations[] = "platformMitigations";
const char kPolicyRules[] = "policyRules";
-const char kProcessIds[] = "processIds";
+const char kProcessId[] = "processId";
// Values in snapshots of Policies.
const char kDisabled[] = "disabled";
const char kEnabled[] = "enabled";
-base::Value ProcessIdList(std::vector<uint32_t> process_ids) {
- base::Value results(base::Value::Type::LIST);
- for (const auto pid : process_ids) {
- results.Append(base::strict_cast<double>(pid));
- }
- return results;
-}
-
std::string GetTokenLevelInEnglish(TokenLevel token) {
switch (token) {
case USER_LOCKDOWN:
@@ -379,8 +371,7 @@
PolicyDiagnostic::PolicyDiagnostic(PolicyBase* policy) {
DCHECK(policy);
// TODO(crbug/997273) Add more fields once webui plumbing is complete.
- process_ids_.push_back(
- base::strict_cast<uint32_t>(policy->target_->ProcessId()));
+ process_id_ = base::strict_cast<uint32_t>(policy->target_->ProcessId());
lockdown_level_ = policy->lockdown_level_;
job_level_ = policy->job_level_;
@@ -435,7 +426,7 @@
return json_string_->c_str();
base::Value value(base::Value::Type::DICTIONARY);
- value.SetKey(kProcessIds, ProcessIdList(process_ids_));
+ value.SetKey(kProcessId, base::Value(base::strict_cast<double>(process_id_)));
value.SetKey(kLockdownLevel,
base::Value(GetTokenLevelInEnglish(lockdown_level_)));
value.SetKey(kJobLevel, base::Value(GetJobLevelInEnglish(job_level_)));
diff --git a/win/src/sandbox_policy_diagnostic.h b/win/src/sandbox_policy_diagnostic.h
index 31f3a52..9cb7467 100644
--- a/win/src/sandbox_policy_diagnostic.h
+++ b/win/src/sandbox_policy_diagnostic.h
@@ -41,7 +41,7 @@
private:
// |json_string_| is lazily constructed.
std::unique_ptr<std::string> json_string_;
- std::vector<uint32_t> process_ids_;
+ uint32_t process_id_;
TokenLevel lockdown_level_ = USER_LAST;
JobLevel job_level_ = JOB_NONE;
IntegrityLevel desired_integrity_level_ = INTEGRITY_LEVEL_LAST;