Revert "Sandbox audio service on Linux."

This reverts commit 2ea45c06.

Reason for revert:

Findit (https://goo.gl/kROfz5) identified CL at revision 588100 as the
culprit for failures in the build cycles as shown on:
https://findit-for-me.appspot.com/waterfall/culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyRAsSDVdmU3VzcGVjdGVkQ0wiMWNocm9taXVtLzJlYTQ1YzA2MmMwZDU5ZWQ4MWVjNWYxODVhMjNmZmIzOWMzNGZmMDMM

Sample Failed Build: https://ci.chromium.org/buildbot/chromium.linux/Linux%20Builder%20%28dbg%29%2832%29/87361

Sample Failed Step: compile

Original change's description:
> Sandbox audio service on Linux.
> 
> Run audio service process in sandboxed mode on Linux. Sandbox is enabled behind finch experiment flag:
> --enable-features=AudioServiceStreams,AudioServiceOutOfProcess,AudioServiceSandbox
> 
> TBR=mpdenton@chromium.org, palmer@chromium.org, tsepez@chromium.com
> 
> 
> Bug: 850878
> Change-Id: Iba6b84adc8c4a62ac4c20d5b36aa4f21b36a1574
> Reviewed-on: https://chromium-review.googlesource.com/1160844
> Commit-Queue: Marina Ciocea <marinaciocea@chromium.org>
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Reviewed-by: Nasko Oskov <nasko@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Reviewed-by: Olga Sharonova <olka@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#588100}

Change-Id: I64a6f98f7b2a89e47324a37bf8e91fda6caa0e7d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 850878
Reviewed-on: https://chromium-review.googlesource.com/1199855
Cr-Commit-Position: refs/heads/master@{#588121}

content/browser/utility_process_host.cc

@@ -105,8 +105,7 @@ class UtilitySandboxedProcessLauncherDelegate
 #if BUILDFLAG(USE_ZYGOTE_HANDLE)
   service_manager::ZygoteHandle GetZygote() override {
     if (service_manager::IsUnsandboxedSandboxType(sandbox_type_) ||
-        sandbox_type_ == service_manager::SANDBOX_TYPE_NETWORK ||
-        sandbox_type_ == service_manager::SANDBOX_TYPE_AUDIO) {
+        sandbox_type_ == service_manager::SANDBOX_TYPE_NETWORK) {
       return nullptr;
     }
     return service_manager::GetGenericZygote();

content/utility/utility_main.cc

@@ -20,7 +20,6 @@
 #include "services/service_manager/sandbox/sandbox.h"
 
 #if defined(OS_LINUX)
-#include "services/audio/audio_sandbox_hook_linux.h"
 #include "services/network/network_sandbox_hook_linux.h"
 #include "services/service_manager/sandbox/linux/sandbox_linux.h"
 #endif
@@ -72,14 +71,10 @@ int UtilityMain(const MainFunctionParams& parameters) {
   auto sandbox_type =
       service_manager::SandboxTypeFromCommandLine(parameters.command_line);
   if (parameters.zygote_child ||
-      sandbox_type == service_manager::SANDBOX_TYPE_NETWORK ||
-      sandbox_type == service_manager::SANDBOX_TYPE_AUDIO) {
+      sandbox_type == service_manager::SANDBOX_TYPE_NETWORK) {
     service_manager::SandboxLinux::PreSandboxHook pre_sandbox_hook;
     if (sandbox_type == service_manager::SANDBOX_TYPE_NETWORK)
       pre_sandbox_hook = base::BindOnce(&network::NetworkPreSandboxHook);
-    else if (sandbox_type == service_manager::SANDBOX_TYPE_AUDIO)
-      pre_sandbox_hook = base::BindOnce(&audio::AudioPreSandboxHook);
-
     service_manager::Sandbox::Initialize(
         sandbox_type, std::move(pre_sandbox_hook),
         service_manager::SandboxLinux::Options());

services/audio/BUILD.gn

@@ -31,6 +31,8 @@ service_manifest("manifest") {
 
 source_set("lib") {
   sources = [
+    "audio_sandbox_win.cc",
+    "audio_sandbox_win.h",
     "debug_recording.cc",
     "debug_recording.h",
     "delay_buffer.cc",
@@ -104,25 +106,9 @@ source_set("lib") {
     "//services/service_manager/sandbox:sandbox",
   ]
 
-  if (is_linux) {
-    sources += [
-      "audio_sandbox_hook_linux.cc",
-      "audio_sandbox_hook_linux.h",
-    ]
-    public_deps += [ "//sandbox/linux:sandbox_services" ]
-  }
-
   if (is_win) {
-    sources += [
-      "audio_sandbox_win.cc",
-      "audio_sandbox_win.h",
-    ]
     public_deps += [ "//sandbox/win:sandbox" ]
   }
-  configs += [
-    "//media:media_config",
-    "//media/audio:platform_config",
-  ]
 }
 
 source_set("tests") {

services/audio/DEPS

@@ -5,5 +5,4 @@ include_rules = [
    "+media/webrtc",
    "+sandbox",
    "+services/audio/public",
-   "+services/service_manager/sandbox",
 ]

services/audio/OWNERS

@@ -6,7 +6,6 @@ miu@chromium.org
 per-file manifest.json=set noparent
 per-file manifest.json=file://ipc/SECURITY_OWNERS
 
-per-file audio_sandbox_hook_linux.*=file://sandbox/linux/OWNERS
 per-file audio_sandbox_win.*=file://sandbox/win/OWNERS
 
 # COMPONENT: Internals>Media>Audio

services/audio/audio_sandbox_hook_linux.cc

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/audio/audio_sandbox_hook_linux.h"
-
-#include <dlfcn.h>
-#include <string>
-#include <vector>
-
-#include "base/files/file_path.h"
-#include "base/files/file_util.h"
-#include "base/path_service.h"
-#include "base/strings/stringprintf.h"
-#include "sandbox/linux/syscall_broker/broker_command.h"
-#include "sandbox/linux/syscall_broker/broker_file_permission.h"
-
-using sandbox::syscall_broker::BrokerFilePermission;
-using sandbox::syscall_broker::MakeBrokerCommandSet;
-
-namespace audio {
-
-namespace {
-
-#if defined(USE_ALSA)
-void AddAlsaFilePermissions(std::vector<BrokerFilePermission>* permissions) {
-  base::FilePath home_dir;
-  base::PathService::Get(base::DIR_HOME, &home_dir);
-  const base::FilePath kAsoundrc =
-      home_dir.Append(FILE_PATH_LITERAL(".asoundrc"));
-  const std::string kReadOnlyFilenames[]{"/etc/asound.conf", "/proc/cpuinfo",
-                                         "/etc/group", "/etc/nsswitch.conf",
-                                         kAsoundrc.value()};
-  for (const auto& filename : kReadOnlyFilenames)
-    permissions->push_back(BrokerFilePermission::ReadOnly(filename));
-
-  permissions->push_back(
-      BrokerFilePermission::ReadOnlyRecursive("/usr/share/alsa/"));
-  permissions->push_back(
-      BrokerFilePermission::ReadWriteCreateRecursive("/dev/snd/"));
-
-  static const base::FilePath::CharType kDevAloadPath[] =
-      FILE_PATH_LITERAL("/dev/aloadC");
-  for (int i = 0; i <= 31; ++i) {
-    permissions->push_back(BrokerFilePermission::ReadWrite(
-        base::StringPrintf("%s%d", kDevAloadPath, i)));
-  }
-}
-#endif
-
-#if defined(USE_PULSEAUDIO)
-void AddPulseAudioFilePermissions(
-    std::vector<BrokerFilePermission>* permissions) {
-  base::FilePath home_dir;
-  base::PathService::Get(base::DIR_HOME, &home_dir);
-  const base::FilePath kXauthorityPath =
-      home_dir.Append(FILE_PATH_LITERAL(".Xauthority"));
-
-  // Calling read() system call on /proc/self/exe returns broker process' path,
-  // and it's used by pulse audio for creating a new context.
-  const std::string kReadOnlyFilenames[]{
-      "/etc/machine-id", "/proc/self/exe",
-      "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache",
-      "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", kXauthorityPath.value()};
-  for (const auto& filename : kReadOnlyFilenames)
-    permissions->push_back(BrokerFilePermission::ReadOnly(filename));
-
-  const base::FilePath kPulsePath =
-      home_dir.Append(FILE_PATH_LITERAL(".pulse/"));
-  const base::FilePath kConfigPulsePath =
-      home_dir.Append(FILE_PATH_LITERAL(".config/pulse/"));
-  const std::string kReadOnlyRecursivePaths[]{"/etc/pulse/", kPulsePath.value(),
-                                              kConfigPulsePath.value()};
-  for (const auto& path : kReadOnlyRecursivePaths)
-    permissions->push_back(BrokerFilePermission::ReadOnlyRecursive(path));
-}
-#endif
-
-std::vector<BrokerFilePermission> GetAudioFilePermissions() {
-  std::vector<BrokerFilePermission> permissions{
-      BrokerFilePermission::ReadOnly("/dev/urandom"),
-      BrokerFilePermission::ReadOnly("/sys/devices/system/cpu"),
-      BrokerFilePermission::ReadOnlyRecursive("/usr/share/locale/"),
-      BrokerFilePermission::ReadWriteCreateRecursive("/dev/shm/")};
-
-#if defined(USE_PULSEAUDIO)
-  AddPulseAudioFilePermissions(&permissions);
-#endif
-#if defined(USE_ALSA)
-  AddAlsaFilePermissions(&permissions);
-#endif
-
-  return permissions;
-}
-
-void LoadAudioLibraries() {
-  const std::string kLibraries[]{"libasound.so.2", "libpulse.so.0",
-                                 "libpulsecommon-11.1.so", "libnss_files.so.2"};
-  for (const auto& library_name : kLibraries) {
-    if (nullptr ==
-        dlopen(library_name.c_str(), RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE)) {
-      LOG(WARNING) << "dlopen: failed to open " << library_name
-                   << " with error: " << dlerror();
-    }
-  }
-}
-
-}  // namespace
-
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options) {
-  LoadAudioLibraries();
-  auto* instance = service_manager::SandboxLinux::GetInstance();
-  instance->StartBrokerProcess(MakeBrokerCommandSet({
-                                   sandbox::syscall_broker::COMMAND_ACCESS,
-                                   sandbox::syscall_broker::COMMAND_OPEN,
-                                   sandbox::syscall_broker::COMMAND_READLINK,
-                                   sandbox::syscall_broker::COMMAND_STAT,
-                                   sandbox::syscall_broker::COMMAND_UNLINK,
-                               }),
-                               GetAudioFilePermissions(),
-                               service_manager::SandboxLinux::PreSandboxHook(),
-                               options);
-
-  // TODO(https://crbug.com/850878) enable namespace sandbox. Currently, if
-  // enabled, connect() on pulse native socket fails with ENOENT (called from
-  // pa_context_connect).
-
-  return true;
-}
-
-}  // namespace audio

services/audio/audio_sandbox_hook_linux.h

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
-#define SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
-
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-
-namespace audio {
-
-// Load audio shared libraries and setup allowed commands and filesystem
-// permissions for audio service sandboxed process.
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options);
-
-}  // namespace audio
-
-#endif  // SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_

services/service_manager/sandbox/BUILD.gn

@@ -33,8 +33,6 @@ component("sandbox") {
   ]
   if (is_linux) {
     sources += [
-      "linux/bpf_audio_policy_linux.cc",
-      "linux/bpf_audio_policy_linux.h",
       "linux/bpf_base_policy_linux.cc",
       "linux/bpf_base_policy_linux.h",
       "linux/bpf_broker_policy_linux.cc",
@@ -64,10 +62,6 @@ component("sandbox") {
       "linux/sandbox_seccomp_bpf_linux.cc",
       "linux/sandbox_seccomp_bpf_linux.h",
     ]
-    configs += [
-      "//media:media_config",
-      "//media/audio:platform_config",
-    ]
     deps += [
       ":chromecast_sandbox_whitelist_buildflags",
       "//sandbox:sandbox_buildflags",

services/service_manager/sandbox/linux/bpf_audio_policy_linux.cc

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/service_manager/sandbox/linux/bpf_audio_policy_linux.h"
-
-#include <sys/socket.h>
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
-#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/syscall_broker/broker_process.h"
-#include "sandbox/linux/system_headers/linux_futex.h"
-#include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
-
-using sandbox::bpf_dsl::Allow;
-using sandbox::bpf_dsl::Arg;
-using sandbox::bpf_dsl::Error;
-using sandbox::bpf_dsl::If;
-using sandbox::bpf_dsl::ResultExpr;
-using sandbox::bpf_dsl::Trap;
-using sandbox::syscall_broker::BrokerProcess;
-
-namespace service_manager {
-
-AudioProcessPolicy::AudioProcessPolicy() = default;
-
-AudioProcessPolicy::~AudioProcessPolicy() = default;
-
-ResultExpr AudioProcessPolicy::EvaluateSyscall(int system_call_number) const {
-  switch (system_call_number) {
-#if defined(__NR_connect)
-    case __NR_connect:
-#endif
-#if defined(__NR_ftruncate)
-    case __NR_ftruncate:
-#endif
-#if defined(__NR_getdents)
-    case __NR_getdents:
-#endif
-#if defined(__NR_getpeername)
-    case __NR_getpeername:
-#endif
-#if defined(__NR_getsockopt)
-    case __NR_getsockopt:
-#endif
-#if defined(__NR_getsockname)
-    case __NR_getsockname:
-#endif
-#if defined(__NR_ioctl)
-    case __NR_ioctl:
-#endif
-#if defined(__NR_memfd_create)
-    case __NR_memfd_create:
-#endif
-#if defined(__NR_sched_setscheduler)
-    case __NR_sched_setscheduler:
-#endif
-#if defined(__NR_setsockopt)
-    case __NR_setsockopt:
-#endif
-#if defined(__NR_uname)
-    case __NR_uname:
-#endif
-      return Allow();
-#if defined(__NR_futex)
-    case __NR_futex: {
-      const Arg<int> op(1);
-#if defined(USE_PULSEAUDIO)
-      return Switch(op & ~FUTEX_PRIVATE_FLAG)
-          .SANDBOX_BPF_DSL_CASES(
-              (FUTEX_CMP_REQUEUE, FUTEX_LOCK_PI, FUTEX_UNLOCK_PI, FUTEX_WAIT,
-               FUTEX_WAIT_BITSET, FUTEX_WAKE),
-              Allow())
-          .Default(Error(EPERM));
-#else
-      return sandbox::RestrictFutex();
-#endif
-    }
-#endif
-#if defined(__NR_socket)
-    case __NR_socket: {
-      const Arg<int> domain(0);
-      return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
-    }
-#endif
-    default:
-      if (sandbox::SyscallSets::IsSystemVSemaphores(system_call_number) ||
-          sandbox::SyscallSets::IsSystemVSharedMemory(system_call_number)) {
-        return Allow();
-      }
-
-      auto* broker_process = SandboxLinux::GetInstance()->broker_process();
-      if (broker_process->IsSyscallAllowed(system_call_number))
-        return Trap(BrokerProcess::SIGSYS_Handler, broker_process);
-
-      return BPFBasePolicy::EvaluateSyscall(system_call_number);
-  }
-}
-
-}  // namespace service_manager

services/service_manager/sandbox/linux/bpf_audio_policy_linux.h

-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_
-#define SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_
-
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-#include "services/service_manager/sandbox/export.h"
-#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
-
-namespace service_manager {
-
-class SERVICE_MANAGER_SANDBOX_EXPORT AudioProcessPolicy : public BPFBasePolicy {
- public:
-  AudioProcessPolicy();
-  ~AudioProcessPolicy() override;
-
-  sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
-      int system_call_number) const override;
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(AudioProcessPolicy);
-};
-
-}  // namespace service_manager
-
-#endif  // SERVICES_SERVICE_MANAGER_SANDBOX_LINUX_BPF_AUDIO_POLICY_LINUX_H_

services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc

@@ -11,7 +11,6 @@
 #include <sys/types.h>
 
 #include <memory>
-#include <utility>
 
 #include "base/command_line.h"
 #include "base/logging.h"
@@ -33,7 +32,6 @@
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
-#include "services/service_manager/sandbox/linux/bpf_audio_policy_linux.h"
 #include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"
 #include "services/service_manager/sandbox/linux/bpf_cdm_policy_linux.h"
 #include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"
@@ -167,8 +165,6 @@ std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(
       return std::make_unique<PdfCompositorProcessPolicy>();
     case SANDBOX_TYPE_NETWORK:
       return std::make_unique<NetworkProcessPolicy>();
-    case SANDBOX_TYPE_AUDIO:
-      return std::make_unique<AudioProcessPolicy>();
     case SANDBOX_TYPE_NO_SANDBOX:
     default:
       NOTREACHED();

services/service_manager/sandbox/sandbox_type.cc

@@ -21,7 +21,7 @@ bool IsUnsandboxedSandboxType(SandboxType sandbox_type) {
       return true;
 #endif
     case SANDBOX_TYPE_AUDIO:
-#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
+#if defined(OS_WIN) || defined(OS_MACOSX)
       return !base::FeatureList::IsEnabled(
           service_manager::features::kAudioServiceSandbox);
 #else