New issue
Advanced search Search tips

Issue 708738 link

Starred by 4 users

Issue metadata

Status: Fixed
Owner:
Closed: Nov 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Blocked on:
issue 778423

Blocking:
issue 645602
issue 781334



Sign in to add a comment

Refactor sandbox out of content so mus-gpu can use it

Project Member Reported by sky@chromium.org, Apr 5 2017

Issue description

The sandbox in content is different than that of content. We need mus-gpu to use the same sandbox as is used by content.
 

Comment 1 by sadrul@chromium.org, May 29 2017

Status: Assigned (was: Untriaged)

Comment 2 by sadrul@chromium.org, May 29 2017

Blocking: 645602

Comment 3 by sky@chromium.org, Jun 8 2017

Blocking: 731255

Comment 4 by tsepez@chromium.org, Sep 18 2017

Just so we're on the same page: Sadrul, how do you expect that mus-gpu processes is going to be launched?  Through the service manager itself?  Or will it still go through some sort of process host?

Comment 6 by tsepez@chromium.org, Sep 19 2017

Hmm.  Not following.  This would seem to create a service within the same process as the service manager?  I didn't see how this flows into launching an external process.

Comment 7 by tsepez@chromium.org, Sep 20 2017

One way of looking at this is to realize that //sandbox provides a mechanism but //content/common/sandbox provides the policy.  Unfortunately, policies are complicated, platform-specific, and hard to ship around.

If we want to (re-)use the policies outside of content, we risk mixing the two, which would violate a design pattern in some sense.  We could have a separate //sandbox_policy layer to wrap //sandbox, but that seems excessive.

Maybe just //sandbox/policy.  

Comment 8 by tsepez@chromium.org, Sep 20 2017

Note that the policies, apart from their names, are fairly independent of //content concepts, with a number of wrinkles like the mac code using resource bundles (a //src/ui/base concept as it turns out).

Comment 9 by tsepez@chromium.org, Sep 21 2017

Continuing the discussion, I'd expect //sandbox/policy to have mac, win, and linux sub-directories.

//sandbox/policy/linux, for example would get these files from content/
bpf_cros_amd_gpu_policy_linux.cc
bpf_cros_amd_gpu_policy_linux.h
bpf_cros_arm_gpu_policy_linux.cc
bpf_cros_arm_gpu_policy_linux.h
bpf_gpu_policy_linux.cc
bpf_gpu_policy_linux.h
bpf_ppapi_policy_linux.cc
bpf_ppapi_policy_linux.h
bpf_renderer_policy_linux.cc
bpf_renderer_policy_linux.h
bpf_utility_policy_linux.cc
bpf_utility_policy_linux.h
bpf_widevine_policy_linux.cc
bpf_widevine_policy_linux.h
OWNERS
sandbox_bpf_base_policy_linux.cc
sandbox_bpf_base_policy_linux.h
sandbox_debug_handling_linux.cc
sandbox_debug_handling_linux.h
sandbox_init_linux.cc
sandbox_linux.cc
sandbox_linux.h
sandbox_seccomp_bpf_linux.c

//sandbox/policy/mac would get these files from content:

content/utility/utility.sb
content/renderer/renderer_v2.sb
content/renderer/renderer.sb
content/ppapi_plugin/ppapi.sb
content/browser/gpu.sb
content/common/common.sb
chrome/common/nacl_loader.sb
content/common/sandbox_init_mac.cc
content/common/sandbox_init_mac.h
content/common/sandbox_mac_diraccess_unittest.mm
content/common/sandbox_mac_fontloading_unittest.mm
content/common/sandbox_mac.h
content/common/sandbox_mac.mm
content/common/sandbox_mac_system_access_unittest.mm
content/common/sandbox_mac_unittest_helper.h
content/common/sandbox_mac_unittest_helper.mm

@jam asks:
Can you expand on why we would want src/sandbox to have knowledge of things like renderer, utility, network sandboxing? The philosophy so far has been that higher layers configure it depending on their knowledge of what their processes need.
My take is that such knowledge is arcane, verbose to express, platform-specific, unrelated to the actual tasks being accomplished by the layer, and impossible to re-use without duplicating the code outside of content/. For example, having code in content need to understand BPF filter assembly methods is a failure of abstraction, and I'd like to have it not creep higher up into the codebase.  To the extent that we can avoid platform-specific splits in these higher directories makes things simpler, I think.

It is unfortunate that at the present the sandbox policies, eg. bpf_renderer_policy_linux.h are named after how they are used, as opposed to what they do.  

Ideally, we'd like to have something like a bpf_level_0 sandbox, a bfp_level_1 sandbox, etc. but there is at best a partial order (network and gpu need different capabilities neither which is a subset of each other).

Here's a thought experiment: if I were to change these names to be something like bpf_red_sanbox, bpf_blue_sandbox, and then have content code say that the renderer needs a "blue" sandbox, the code we would find in src/sandbox in such a world would be completely independent of any content/ concepts, and wouldn't include any content/ headers (except for pre sandbox hook, which will remain in content).  My hope was that these would cluster, so that we'd wind up with N re-usable canonical sandbox types, but things may be too idiosyncratic for that to happen.

There's a nice facility for extending SANDBOX_TYPE_AFTER_LAST_TYPE beyond content, but as far as I can tell, it is only ever used on Mac, and for one type, which seems like more generality than is needed. My temptation would be to fold that one usage into this directory as well, to insulate that code from having to implement the same things.



Cc: jam@chromium.org
Regarding pre-sandbox hooks, I think we've made a mistake by conflating a policy to apply to the kernel with a set of layer-specific steps in the same object.  Splitting these apart may allow for more re-use -- the same kernel policy, for example against different set of warm-up steps for different process types.
One final point that I think validates this design is that the number of per-file=security OWNERS lines is vastly reduced as all the security sensitive files wind up consolidated in the same directory.  
Cc: rsesek@chromium.org
Components: Internals>Sandbox
I share the concern about //sandbox knowing about (former) //content-related concepts, and there was some discussion about that on the review here: https://chromium-review.googlesource.com/c/chromium/src/+/676191/18/chrome/browser/chrome_content_browser_client.cc#2801.

From the above discussion, it sounds like //sandbox/policy was a sort of compromise place to put this stuff, but it indeed may not be the best place. Could this instead move to be closer to the service manager, maybe somewhere in //services?
I think it would be reasonable to define specific policies somewhere like
//services/service_manager/sandbox_policies.

FWIW though, I do still believe a worthwhile long-term goal is to move away
from broadly defined, named configurations like "network" etc, and move
toward a reasonable set of more granular sandbox features which manifests
can configure. It would be unfortunate if terms like "renderer" and
"utility" ended up as permanent fixtures in our service APIs. Is that part
of the plan here?
WRT granular privileges, we've gone back and forth on this a few times.  The issue here is that things are not going to be consistent across plaftorms: just because network needs fiilesystem access on one platform doesn't mean that its going to require it on another.  We wind up with a large number of platform-specific "ifdefs" in the manifests in that case, esp since some kinds of privileges will exit only on one platform or another.

I've currenly added "sandbox_type" to the manifest, with the idea that the lower layers would deduce what that means.  I was hoping for some more generic naming than, renderer, as you mention but I haven't found it yet. 
Project Member

Comment 19 by bugdroid1@chromium.org, Sep 27 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/15d4e5201c46dd93c316485c21387959f0f6eb65

commit 15d4e5201c46dd93c316485c21387959f0f6eb65
Author: Tom Sepez <tsepez@chromium.org>
Date: Wed Sep 27 23:59:05 2017

Move sandbox_type.cc to services/service_manager/sandbox

Bug:  708738 
Change-Id: If649a9eb073f63fb5ccff0cdc1226faa27334644
Reviewed-on: https://chromium-review.googlesource.com/685279
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504810}
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/chrome/service/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/chrome/service/service_utility_process_host.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/broker/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/broker/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/broker/nacl_broker_listener.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/broker/nacl_broker_listener.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/browser/nacl_broker_host_win.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/browser/nacl_process_host.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/common/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/common/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/common/nacl_sandbox_type.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/components/nacl/loader/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/ppapi_plugin_process_host.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/service_manager/service_manager_context.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/utility_process_host_impl.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/browser/utility_process_host_impl.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_init_mac.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_init_win.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_linux/sandbox_linux.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_mac.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_mac.mm
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_mac_fontloading_unittest.mm
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_mac_unittest_helper.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_mac_unittest_helper.mm
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_policy_fuchsia.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_policy_fuchsia.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/common/sandbox_win.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/browser/DEPS
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/browser/content_browser_client.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/browser/utility_process_host.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/browser/utility_process_mojo_client.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/common/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/common/content_switches.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/common/content_switches.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/public/common/sandboxed_process_launcher_delegate.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/test/BUILD.gn
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/content/utility/utility_main.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/headless/lib/browser/headless_content_browser_client.cc
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/embedder/BUILD.gn
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/embedder/service_manager_embedder_switches_export.h
[modify] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/embedder/switches.h
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/BUILD.gn
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/OWNERS
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/export.h
[rename] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/sandbox_type.cc
[rename] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/sandbox_type.h
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/switches.cc
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/sandbox/switches.h
[add] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/tests/sandbox/BUILD.gn
[rename] https://crrev.com/15d4e5201c46dd93c316485c21387959f0f6eb65/services/service_manager/tests/sandbox/sandbox_type_unittest.cc

Project Member

Comment 20 by bugdroid1@chromium.org, Oct 2 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4a91decc11580fa0d2f2334ff51644e3feb585e9

commit 4a91decc11580fa0d2f2334ff51644e3feb585e9
Author: Tom Sepez <tsepez@chromium.org>
Date: Mon Oct 02 16:59:15 2017

Pass sandbox information from catalog to process launcher.

Small step toward launching processes from the service manager with
the correct sandbox type.

Re-arrange order of thread creation vs. sandbox initialization for test
services to ensure no threads at sandbox start.

Some of the test manifests now must explicitly disable sandboxing
for the tests to pass.

Fix an else-after-return along the way.

Bug:  708738 
Change-Id: I257598fe2ad3ea0c6b1296fc5170ccc18186d730
Reviewed-on: https://chromium-review.googlesource.com/688484
Reviewed-by: Ken Rockot <rockot@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#505652}
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/components/filesystem/manifest.json
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/components/leveldb/manifest.json
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/BUILD.gn
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/public/cpp/standalone_service/main.cc
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/public/cpp/standalone_service/standalone_service.cc
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/runner/host/BUILD.gn
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/runner/host/service_process_launcher.cc
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/runner/host/service_process_launcher.h
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/runner/host/service_process_launcher_unittest.cc
[modify] https://crrev.com/4a91decc11580fa0d2f2334ff51644e3feb585e9/services/service_manager/service_manager.cc

Project Member

Comment 21 by bugdroid1@chromium.org, Oct 23 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/063fc62d909535877b82e89366c72f121f281942

commit 063fc62d909535877b82e89366c72f121f281942
Author: Tom Sepez <tsepez@chromium.org>
Date: Mon Oct 23 21:18:57 2017

Move GetSandboxFD() to common_sandbox_support_linux.cc

Breaks sandbox_linux.h dependence on content_descriptors.h
Remove an OS_LINUX ifdef in an _linux.cc file along the way.

BUG= 708738 

Change-Id: I2bdf37509a1b8401066937171c038103b017c162
Reviewed-on: https://chromium-review.googlesource.com/730573
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#510920}
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/browser/child_process_launcher_helper_linux.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/browser/zygote_host/zygote_host_impl_linux.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/child/child_process_sandbox_support_impl_linux.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/common/common_sandbox_support_linux.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/common/sandbox_linux/sandbox_linux.h
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/gpu/gpu_main.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/public/common/common_sandbox_support_linux.h
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/renderer/renderer_main.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/zygote/zygote_linux.cc
[modify] https://crrev.com/063fc62d909535877b82e89366c72f121f281942/content/zygote/zygote_main_linux.cc

Project Member

Comment 22 by bugdroid1@chromium.org, Oct 24 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768

commit 75cfa7d8d31695f6eff31e3ae91bf0f767f5d768
Author: Tom Sepez <tsepez@chromium.org>
Date: Tue Oct 24 20:12:57 2017

Remove content/linux_sandbox dependence on content_switches.h

These must move to service_manager/sandbox/switches.h before
linux_sandbox/ can move out from under content.

Bug:  708738 
Change-Id: Ie7e9a1e6ece379651e91579c88f4ee25f740f43e
Reviewed-on: https://chromium-review.googlesource.com/734265
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511244}
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/chrome/browser/chromeos/login/chrome_restart_request.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/chrome/browser/ui/startup/bad_flags_prompt.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/components/nacl/zygote/DEPS
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/components/nacl/zygote/nacl_fork_delegate_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/browser/ppapi_plugin_process_host.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/browser/zygote_host/zygote_communication_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/browser/zygote_host/zygote_host_impl_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/common/sandbox_linux/sandbox_debug_handling_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/common/sandbox_linux/sandbox_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/public/common/content_switches.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/content/public/common/content_switches.h
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/services/service_manager/sandbox/switches.cc
[modify] https://crrev.com/75cfa7d8d31695f6eff31e3ae91bf0f767f5d768/services/service_manager/sandbox/switches.h

Project Member

Comment 23 by bugdroid1@chromium.org, Oct 24 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/437e22020cc50294a14eaa51a58de6a15f80821c

commit 437e22020cc50294a14eaa51a58de6a15f80821c
Author: Tom Sepez <tsepez@chromium.org>
Date: Tue Oct 24 21:26:47 2017

Rename class LinuxSandbox to SandboxLinux

This is for consistency with classes SandboxWin and SandboxMac.

Also rename
  services/service_manager/public/cpp/standalone_service/linux_sandbox.h
  services/service_manager/public/cpp/standalone_service/linux_sandbox.cc
to match the convention. These are files duplicated from content that will
become obsolete once the real content files are moved to service manager.

Bug:  708738 
Change-Id: I4a376c8e1d63987bc298df4c0b0a3dccb4301b2f
Reviewed-on: https://chromium-review.googlesource.com/734323
Reviewed-by: Mark Seaborn <mseaborn@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511265}
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/components/nacl/loader/nacl_helper_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/browser/sandbox_ipc_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/child/child_process_sandbox_support_impl_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/common/common_sandbox_support_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/common/sandbox_linux/sandbox_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/common/sandbox_linux/sandbox_linux.h
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/gpu/gpu_main.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/ppapi_plugin/ppapi_plugin_main.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/renderer/renderer_main_platform_delegate_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/utility/utility_main.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/services/service_manager/public/cpp/standalone_service/BUILD.gn
[rename] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/services/service_manager/public/cpp/standalone_service/sandbox_linux.cc
[rename] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/services/service_manager/public/cpp/standalone_service/sandbox_linux.h
[modify] https://crrev.com/437e22020cc50294a14eaa51a58de6a15f80821c/services/service_manager/public/cpp/standalone_service/standalone_service.cc

Project Member

Comment 24 by bugdroid1@chromium.org, Oct 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1364d099f7c59837a01cc17a6e4f4046e7c6d065

commit 1364d099f7c59837a01cc17a6e4f4046e7c6d065
Author: Tom Sepez <tsepez@chromium.org>
Date: Wed Oct 25 16:54:58 2017

Move LinuxSandboxStatus to service_mananger/sandbox/sandbox.h

Additional cleanup before moving the linux sandbox. Shorten the
names of the constants now that they are qualified/namespaced.


Bug:  708738 
Change-Id: Ic9114e46ec483361928380f378ede255568b357c
Reviewed-on: https://chromium-review.googlesource.com/736179
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511491}
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/chrome/browser/ui/webui/sandbox_internals_ui.cc
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/common/sandbox_linux/sandbox_linux.cc
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/common/sandbox_linux/sandbox_linux.h
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/public/common/BUILD.gn
[delete] https://crrev.com/5ea174928fb6899c8fd56afa874899d7c3243690/content/public/common/sandbox_linux.h
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/renderer/renderer_main_platform_delegate_linux.cc
[add] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/zygote/DEPS
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/zygote/zygote_linux.cc
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/1364d099f7c59837a01cc17a6e4f4046e7c6d065/services/service_manager/sandbox/sandbox.h

Project Member

Comment 25 by bugdroid1@chromium.org, Oct 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/72709c6ea1b5d1bb9434f676a166b710bc3f20f3

commit 72709c6ea1b5d1bb9434f676a166b710bc3f20f3
Author: Tom Sepez <tsepez@chromium.org>
Date: Wed Oct 25 17:58:33 2017

Move sandbox_win.cc to services/service_manager/sandbox/win

Fix an IWYU in broker_services.h along the way.

BUG= 708738 

Bug:  708738 
Cq-Include-Trybots: master.tryserver.chromium.win:win10_chromium_x64_rel_ng
Change-Id: I57fb3c3878aaa97207c85c1c1200b22707a138d6
Reviewed-on: https://chromium-review.googlesource.com/724227
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511512}
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/components/nacl/broker/BUILD.gn
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/components/nacl/loader/BUILD.gn
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/components/nacl/loader/nacl_helper_win_64.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/browser/browser_main_loop.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/browser/child_process_launcher_helper_win.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/browser/ppapi_plugin_process_host.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/common/BUILD.gn
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/common/OWNERS
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/common/sandbox_init_win.cc
[delete] https://crrev.com/9151d5e701f2de3aa69ef2cf8ed040028157e020/content/common/sandbox_win.h
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/public/test/test_launcher.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/shell/browser/DEPS
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/content/shell/browser/shell_content_browser_client.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/sandbox/win/src/broker_services.h
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/BUILD.gn
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/OWNERS
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/sandbox.cc
[modify] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/sandbox.h
[add] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/win/OWNERS
[rename] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/win/sandbox_win.cc
[add] https://crrev.com/72709c6ea1b5d1bb9434f676a166b710bc3f20f3/services/service_manager/sandbox/win/sandbox_win.h

Project Member

Comment 26 by bugdroid1@chromium.org, Oct 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc

commit 2e41759f82c09a84dca4c3a3513b30a6f9e88dfc
Author: Khushal <khushalsagar@chromium.org>
Date: Wed Oct 25 22:04:48 2017

Revert "Move sandbox_win.cc to services/service_manager/sandbox/win"

This reverts commit 72709c6ea1b5d1bb9434f676a166b710bc3f20f3.

Reason for revert: Suspected for failure on GPU Win bots. See  crbug.com/778423 

Original change's description:
> Move sandbox_win.cc to services/service_manager/sandbox/win
> 
> Fix an IWYU in broker_services.h along the way.
> 
> BUG= 708738 
> 
> Bug:  708738 
> Cq-Include-Trybots: master.tryserver.chromium.win:win10_chromium_x64_rel_ng
> Change-Id: I57fb3c3878aaa97207c85c1c1200b22707a138d6
> Reviewed-on: https://chromium-review.googlesource.com/724227
> Commit-Queue: Tom Sepez <tsepez@chromium.org>
> Reviewed-by: Will Harris <wfh@chromium.org>
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#511512}

TBR=jam@chromium.org,tsepez@chromium.org,wfh@chromium.org

Change-Id: I62ef58dba2e9c3b7ffab34c20cfa8a697ae6d689
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  708738 
Cq-Include-Trybots: master.tryserver.chromium.win:win10_chromium_x64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/738616
Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: Khushal <khushalsagar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511606}
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/components/nacl/broker/BUILD.gn
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/components/nacl/loader/BUILD.gn
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/components/nacl/loader/nacl_helper_win_64.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/browser/browser_main_loop.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/browser/child_process_launcher_helper_win.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/browser/ppapi_plugin_process_host.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/common/BUILD.gn
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/common/OWNERS
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/common/sandbox_init_win.cc
[rename] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/common/sandbox_win.cc
[add] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/common/sandbox_win.h
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/public/test/test_launcher.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/shell/browser/DEPS
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/content/shell/browser/shell_content_browser_client.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/sandbox/win/src/broker_services.h
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/services/service_manager/sandbox/BUILD.gn
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/services/service_manager/sandbox/OWNERS
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/services/service_manager/sandbox/sandbox.cc
[modify] https://crrev.com/2e41759f82c09a84dca4c3a3513b30a6f9e88dfc/services/service_manager/sandbox/sandbox.h
[delete] https://crrev.com/2294d3d196521b40f4b25e7281b6e86306b996ee/services/service_manager/sandbox/win/OWNERS
[delete] https://crrev.com/2294d3d196521b40f4b25e7281b6e86306b996ee/services/service_manager/sandbox/win/sandbox_win.h

Comment 27 by sky@chromium.org, Oct 26 2017

Blocking: -731255
Project Member

Comment 28 by bugdroid1@chromium.org, Oct 26 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/903f7f132b1d5cd3126e56a386e024b9ed9435f6

commit 903f7f132b1d5cd3126e56a386e024b9ed9435f6
Author: Tom Sepez <tsepez@chromium.org>
Date: Thu Oct 26 17:34:02 2017

Move content/sandbox_linux to service_manager/sandbox/linux

The sandbox_linux.cc in service_manager is not the same as in content,
so move it into the deprecated:: namespace to avoid conflicts. A subsequent
CL will replace the old one with the new one, but requires some effort
since the APIs have diverged.

Bug:  708738 
Change-Id: I3534090b1b245fd96659ce494d559d8ac8f74aab
Reviewed-on: https://chromium-review.googlesource.com/738317
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511863}
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/BUILD.gn
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/browser/child_process_launcher_helper_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/browser/sandbox_ipc_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/browser/zygote_host/zygote_host_impl_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/child/child_process_sandbox_support_impl_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/common/BUILD.gn
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/common/common_sandbox_support_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/common/sandbox_init_linux.cc
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_cros_amd_gpu_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_pdf_compositor_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_ppapi_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_renderer_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/bpf_utility_policy_linux.h
[delete] https://crrev.com/38277ba74114bd64869a9f1185bfabc726f4ea0b/content/common/sandbox_linux/sandbox_debug_handling_linux.h
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/gpu/gpu_main.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/gpu/gpu_sandbox_hook_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/gpu/gpu_sandbox_hook_linux.h
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/ppapi_plugin/DEPS
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/ppapi_plugin/ppapi_plugin_main.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/renderer/renderer_main.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/renderer/renderer_main_platform_delegate_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/utility/utility_main.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/zygote/zygote_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/public/cpp/standalone_service/sandbox_linux.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/public/cpp/standalone_service/sandbox_linux.h
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/public/cpp/standalone_service/standalone_service.cc
[modify] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/BUILD.gn
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/OWNERS
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_cros_arm_gpu_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_ppapi_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/bpf_utility_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_bpf_base_policy_linux.cc
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_bpf_base_policy_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.cc
[add] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_debug_handling_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_linux.cc
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_linux.h
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc
[rename] https://crrev.com/903f7f132b1d5cd3126e56a386e024b9ed9435f6/services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.h

Comment 29 by kbr@chromium.org, Oct 26 2017

Blockedon: 778423
Project Member

Comment 30 by bugdroid1@chromium.org, Oct 26 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2255db7a5e30f1cdbd06cb10e019937eb153aa25

commit 2255db7a5e30f1cdbd06cb10e019937eb153aa25
Author: Tom Sepez <tsepez@chromium.org>
Date: Thu Oct 26 18:50:09 2017

Normalize Sandbox::Initialize() call for linux.

Achieve some parallelism with win and mac.

Bug:  708738 
Change-Id: I61750ed01dffe4188bf64c7eb3b204c474088585
Reviewed-on: https://chromium-review.googlesource.com/738790
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511898}
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/content/gpu/gpu_main.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/content/ppapi_plugin/ppapi_plugin_main.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/content/renderer/renderer_main_platform_delegate_linux.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/content/utility/utility_main.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/services/service_manager/sandbox/linux/sandbox_linux.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/services/service_manager/sandbox/linux/sandbox_linux.h
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/services/service_manager/sandbox/sandbox.cc
[modify] https://crrev.com/2255db7a5e30f1cdbd06cb10e019937eb153aa25/services/service_manager/sandbox/sandbox.h

Project Member

Comment 31 by bugdroid1@chromium.org, Oct 27 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f4f97a92633d239cfd7911dc576600ff8c0dd4b0

commit f4f97a92633d239cfd7911dc576600ff8c0dd4b0
Author: Tom Sepez <tsepez@chromium.org>
Date: Fri Oct 27 00:29:15 2017

Re-land "Move sandbox_win.cc to services/service_manager/sandbox/win""

This reverts commit 2e41759f82c09a84dca4c3a3513b30a6f9e88dfc.

TBR: jam@chromium.org
Bug:  708738 
Change-Id: I0e229a1abe14acb41c7ff7b230eb393e1b93bb34
Reviewed-on: https://chromium-review.googlesource.com/740281
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512040}
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/components/nacl/broker/BUILD.gn
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/components/nacl/loader/BUILD.gn
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/components/nacl/loader/nacl_helper_win_64.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/browser/browser_main_loop.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/browser/child_process_launcher_helper_win.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/browser/ppapi_plugin_process_host.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/common/BUILD.gn
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/common/OWNERS
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/common/sandbox_init_win.cc
[delete] https://crrev.com/a883c34fd8fead12740ba246c530eb854c1f3694/content/common/sandbox_win.h
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/public/test/test_launcher.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/shell/browser/DEPS
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/content/shell/browser/shell_content_browser_client.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/sandbox/win/src/broker_services.h
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/BUILD.gn
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/OWNERS
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/sandbox.cc
[modify] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/sandbox.h
[add] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/win/OWNERS
[rename] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/win/sandbox_win.cc
[add] https://crrev.com/f4f97a92633d239cfd7911dc576600ff8c0dd4b0/services/service_manager/sandbox/win/sandbox_win.h

Blocking: 781334
Project Member

Comment 34 by bugdroid1@chromium.org, Nov 6 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/97b7341ca10fdb574befa800baeeeb8725b4ca59

commit 97b7341ca10fdb574befa800baeeeb8725b4ca59
Author: Tom Sepez <tsepez@chromium.org>
Date: Mon Nov 06 20:21:07 2017

Remove deprecated service manager linux sandbox.

Now there is but one sandbox implementation for all.  This
should finish the work required for the associated bug.

Bug:  708738 
Change-Id: Ibec11aa3b47cf633590097a227b3b74372eb60b1
Reviewed-on: https://chromium-review.googlesource.com/740572
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Elliot Glaysher <erg@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514227}
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/public/cpp/standalone_service/BUILD.gn
[delete] https://crrev.com/d8bfda2014e0a78237cc57de958898a6594faf29/services/service_manager/public/cpp/standalone_service/sandbox_linux.cc
[delete] https://crrev.com/d8bfda2014e0a78237cc57de958898a6594faf29/services/service_manager/public/cpp/standalone_service/sandbox_linux.h
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/public/cpp/standalone_service/standalone_service.cc
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/runner/common/switches.cc
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/runner/common/switches.h
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/runner/host/service_process_launcher.cc
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/sandbox/sandbox_type.cc
[modify] https://crrev.com/97b7341ca10fdb574befa800baeeeb8725b4ca59/services/service_manager/sandbox/sandbox_type.h

Status: Fixed (was: Assigned)

Comment 36 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Comment 37 by dchan@chromium.org, Jan 23 2018

Status: Fixed (was: Archived)

Sign in to add a comment