Make elevated privileges sandbox defaults to correct type.

On non Windows platforms, the none_and_elevated sandbox type specified
in a service manifest would default to utility sandbox. It now
defaults to "no sandbox".
It used to be only used on Windows specific services so this was not an
issue, but an upcoming non-platform specific service will need it.

Bug: 787560
Change-Id: Id2370735257a89f7588243be439c97c4769c7429
Reviewed-on: https://chromium-review.googlesource.com/782718Reviewed-by: Ken Rockot <rockot@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Jay Civelli <jcivelli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518418}

services/service_manager/sandbox/sandbox_type.cc

@@ -129,10 +129,13 @@ std::string StringFromUtilitySandboxType(SandboxType sandbox_type) {
 SandboxType UtilitySandboxTypeFromString(const std::string& sandbox_string) {
   if (sandbox_string == switches::kNoneSandbox)
     return SANDBOX_TYPE_NO_SANDBOX;
+  if (sandbox_string == switches::kNoneSandboxAndElevatedPrivileges) {
 #if defined(OS_WIN)
-  if (sandbox_string == switches::kNoneSandboxAndElevatedPrivileges)
     return SANDBOX_TYPE_NO_SANDBOX_AND_ELEVATED_PRIVILEGES;
+#else
+    return SANDBOX_TYPE_NO_SANDBOX;
 #endif
+  }
   if (sandbox_string == switches::kNetworkSandbox)
     return SANDBOX_TYPE_NETWORK;
   if (sandbox_string == switches::kPpapiSandbox)

services/service_manager/sandbox/switches.cc

@@ -21,9 +21,7 @@ const char kServiceSandboxType[] = "service-sandbox-type";
 // Must be in sync with "sandbox_type" values as used in service manager's
 // manifest.json catalog files.
 const char kNoneSandbox[] = "none";
-#if defined(OS_WIN)
 const char kNoneSandboxAndElevatedPrivileges[] = "none_and_elevated";
-#endif
 const char kNetworkSandbox[] = "network";
 const char kPpapiSandbox[] = "ppapi";
 const char kUtilitySandbox[] = "utility";

services/service_manager/sandbox/switches.h

@@ -19,10 +19,8 @@ SERVICE_MANAGER_SANDBOX_EXPORT extern const char kServiceSandboxType[];
 // Must be in sync with "sandbox_type" values as used in service manager's
 // manifest.json catalog files.
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoneSandbox[];
-#if defined(OS_WIN)
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char
     kNoneSandboxAndElevatedPrivileges[];
-#endif
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNetworkSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kUtilitySandbox[];

services/service_manager/tests/sandbox/sandbox_type_unittest.cc

@@ -136,4 +136,16 @@ TEST(SandboxTypeTest, Nonesuch) {
   EXPECT_EQ(SANDBOX_TYPE_NO_SANDBOX, SandboxTypeFromCommandLine(command_line));
 }
 
+TEST(SandboxTypeTest, ElevatedPrivileges) {
+  // Tests that the "no sandbox and elevated privileges" which is Windows
+  // specific default to no sandbox on non Windows platforms.
+  SandboxType elevated_type =
+      UtilitySandboxTypeFromString(switches::kNoneSandboxAndElevatedPrivileges);
+#if defined(OS_WIN)
+  EXPECT_EQ(SANDBOX_TYPE_NO_SANDBOX_AND_ELEVATED_PRIVILEGES, elevated_type);
+#else
+  EXPECT_EQ(SANDBOX_TYPE_NO_SANDBOX, elevated_type);
+#endif
+}
+
 }  // namespace service_manager