commit 5b32cf712925b6dc144a193682b26823e96d8ea5
author Alex Gough <ajgo@chromium.org> Fri Jan 28 05:57:27 2022
committer Copybara-Service <copybara-worker@google.com> Fri Jan 28 06:13:41 2022
tree 3e9981683eb26e636c5adc1fd6854920ead0147c
parent 72084d26227ba085428ee085747be0d2c178752e

One process per policy in chrome://sandbox

Policies now only apply to a single process so processIds can be
processId. (There was only ever one pid in the list, now there can
be only one.)

No change to the main output on chrome://sandbox.

Bug: 1270309
Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#964450}
NOKEYCHECK=True
GitOrigin-RevId: 23a41c068e35f33df1c3579a3b0b469d4458e6c1

win/src/sandbox_policy_diagnostic.cc

diff --git a/win/src/sandbox_policy_diagnostic.cc b/win/src/sandbox_policy_diagnostic.cc
index 6c4608f..19ed93f 100644
--- a/win/src/sandbox_policy_diagnostic.cc
+++ b/win/src/sandbox_policy_diagnostic.cc
@@ -45,20 +45,12 @@
 const char kLowboxSid[] = "lowboxSid";
 const char kPlatformMitigations[] = "platformMitigations";
 const char kPolicyRules[] = "policyRules";
-const char kProcessIds[] = "processIds";
+const char kProcessId[] = "processId";
 
 // Values in snapshots of Policies.
 const char kDisabled[] = "disabled";
 const char kEnabled[] = "enabled";
 
-base::Value ProcessIdList(std::vector<uint32_t> process_ids) {
-  base::Value results(base::Value::Type::LIST);
-  for (const auto pid : process_ids) {
-    results.Append(base::strict_cast<double>(pid));
-  }
-  return results;
-}
-
 std::string GetTokenLevelInEnglish(TokenLevel token) {
   switch (token) {
     case USER_LOCKDOWN:
@@ -379,8 +371,7 @@
 PolicyDiagnostic::PolicyDiagnostic(PolicyBase* policy) {
   DCHECK(policy);
   // TODO(crbug/997273) Add more fields once webui plumbing is complete.
-  process_ids_.push_back(
-      base::strict_cast<uint32_t>(policy->target_->ProcessId()));
+  process_id_ = base::strict_cast<uint32_t>(policy->target_->ProcessId());
   lockdown_level_ = policy->lockdown_level_;
   job_level_ = policy->job_level_;
 
@@ -435,7 +426,7 @@
     return json_string_->c_str();
 
   base::Value value(base::Value::Type::DICTIONARY);
-  value.SetKey(kProcessIds, ProcessIdList(process_ids_));
+  value.SetKey(kProcessId, base::Value(base::strict_cast<double>(process_id_)));
   value.SetKey(kLockdownLevel,
                base::Value(GetTokenLevelInEnglish(lockdown_level_)));
   value.SetKey(kJobLevel, base::Value(GetJobLevelInEnglish(job_level_)));

win/src/sandbox_policy_diagnostic.h

diff --git a/win/src/sandbox_policy_diagnostic.h b/win/src/sandbox_policy_diagnostic.h
index 31f3a52..9cb7467 100644
--- a/win/src/sandbox_policy_diagnostic.h
+++ b/win/src/sandbox_policy_diagnostic.h
@@ -41,7 +41,7 @@
  private:
   // |json_string_| is lazily constructed.
   std::unique_ptr<std::string> json_string_;
-  std::vector<uint32_t> process_ids_;
+  uint32_t process_id_;
   TokenLevel lockdown_level_ = USER_LAST;
   JobLevel job_level_ = JOB_NONE;
   IntegrityLevel desired_integrity_level_ = INTEGRITY_LEVEL_LAST;