[AudioService] Fix audio sandbox policy knob.

http://crrev.com/c/1831763 introduced a policy to make sure that
enterprises can explicitly control the audio sandbox. The CL assumed
that all calls of IsAudioSandboxEnabled() would happen on the browser
process.

It was, however, noticed that this is not the case as
IsAudioSandboxEnabled() is called on the audio utility process to
configure the sandbox. This caused the sandbox to always be enabled,
since the default value for g_audio_sandbox_enabled is true.

This CL fixes the behavior by replacing the global static variable with
a switch which is then copied over to the audio utility process.

Bug: 1018580
Change-Id: I810ca1f0c9aed43b892c06960cd8a87fc6debd8b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1901029Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Reviewed-by: Olga Sharonova <olka@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Armando Miraglia <armax@chromium.org>
Cr-Commit-Position: refs/heads/master@{#713680}

chrome/browser/chrome_content_browser_client.cc

@@ -3655,6 +3655,23 @@ void ChromeContentBrowserClient::BindCredentialManagerReceiver(
                                                      render_frame_host);
 }
 
+#if defined(OS_WIN) || defined(OS_MACOSX) || \
+    (defined(OS_LINUX) && !defined(OS_CHROMEOS))
+bool ShouldEnableAudioSandbox(const policy::PolicyMap& policies) {
+  const base::Value* audio_sandbox_enabled_policy_value =
+      policies.GetValue(policy::key::kAudioSandboxEnabled);
+  if (audio_sandbox_enabled_policy_value) {
+    bool force_enable_audio_sandbox;
+    audio_sandbox_enabled_policy_value->GetAsBoolean(
+        &force_enable_audio_sandbox);
+    return force_enable_audio_sandbox;
+  }
+
+  return base::FeatureList::IsEnabled(
+      service_manager::features::kAudioServiceSandbox);
+}
+#endif
+
 void ChromeContentBrowserClient::WillStartServiceManager() {
 #if defined(OS_WIN) || defined(OS_MACOSX) || \
     (defined(OS_LINUX) && !defined(OS_CHROMEOS))
@@ -3679,14 +3696,9 @@ void ChromeContentBrowserClient::WillStartServiceManager() {
 #endif
     bool enable_audio_process =
         base::FeatureList::IsEnabled(features::kAudioServiceOutOfProcess);
-    bool enable_audio_sandbox = base::FeatureList::IsEnabled(
-        service_manager::features::kAudioServiceSandbox);
-    const base::Value* audio_sandbox_enabled_policy_value =
-        policies.GetValue(policy::key::kAudioSandboxEnabled);
-    if (audio_sandbox_enabled_policy_value)
-      audio_sandbox_enabled_policy_value->GetAsBoolean(&enable_audio_sandbox);
-    service_manager::EnableAudioSandbox(enable_audio_sandbox);
-    if (!enable_audio_sandbox || !enable_audio_process) {
+
+    service_manager::EnableAudioSandbox(ShouldEnableAudioSandbox(policies));
+    if (!service_manager::IsAudioSandboxEnabled() || !enable_audio_process) {
       // Disabling the audio process or audio sandbox implies disabling APM in
       // the audio service for security reasons. Append a switch so that this
       // is communicated to the audio and renderer processes.

content/browser/utility_process_host.cc

@@ -390,6 +390,7 @@ bool UtilityProcessHost::StartProcess() {
       network::switches::kNetLogCaptureMode,
       network::switches::kExplicitlyAllowedPorts,
       service_manager::switches::kNoSandbox,
+      service_manager::switches::kEnableAudioServiceSandbox,
 #if defined(OS_MACOSX)
       service_manager::switches::kEnableSandboxLogging,
       os_crypt::switches::kUseMockKeychain,

services/service_manager/sandbox/sandbox_type.cc

@@ -193,14 +193,16 @@ SandboxType UtilitySandboxTypeFromString(const std::string& sandbox_string) {
   return SANDBOX_TYPE_UTILITY;
 }
 
-static bool g_audio_sandbox_enabled = true;
-
-SERVICE_MANAGER_SANDBOX_EXPORT void EnableAudioSandbox(bool enable) {
-  g_audio_sandbox_enabled = enable;
+void EnableAudioSandbox(bool enable) {
+  if (enable) {
+    base::CommandLine::ForCurrentProcess()->AppendSwitch(
+        switches::kEnableAudioServiceSandbox);
+  }
 }
 
 bool IsAudioSandboxEnabled() {
-  return g_audio_sandbox_enabled;
+  return base::CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kEnableAudioServiceSandbox);
 }
 
 }  // namespace service_manager

services/service_manager/sandbox/switches.cc

@@ -62,6 +62,9 @@ const char kDisableSetuidSandbox[] = "disable-setuid-sandbox";
 // Disables the Win32K process mitigation policy for child processes.
 const char kDisableWin32kLockDown[] = "disable-win32k-lockdown";
 
+// Command line flag to enable the audio service sandbox.
+const char kEnableAudioServiceSandbox[] = "enable-audio-service-sandbox";
+
 // Allows shmat() system call in the GPU sandbox.
 const char kGpuSandboxAllowSysVShm[] = "gpu-sandbox-allow-sysv-shm";
 

services/service_manager/sandbox/switches.h

@@ -41,6 +41,7 @@ SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableNamespaceSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSeccompFilterSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableSetuidSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kDisableWin32kLockDown[];
+SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableAudioServiceSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxAllowSysVShm[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuSandboxFailuresFatal[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNoSandbox[];