Supply sandbox for PaintPreviewCompositorCollection

Adds service_sandbox_type.h header for components to consume and uses it
to supply sandbox type for PaintPreviewCompositorCollection.

Prelude to removal of WithSandboxType API. See linked bug for
rationale.  Does not change behavior.

Tests: browser_tests PaintPreviewCompositorBrowserTest.*
Bug: 1065087
Change-Id: Ie7e13e884df5c59edc850b3546d6d9b655102f79
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2202663Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Ian Vollick <vollick@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#772447}

components/OWNERS

@@ -54,3 +54,7 @@ per-file *.xtb=file://tools/translation/TRANSLATION_OWNERS
 # making structural changes, please get a review from one of the overall
 # components OWNERS.
 per-file BUILD.gn=*
+
+# Service sandbox specialization must be reviewed by SECURITY_OWNERS
+per-file service_sandbox_type.h=set noparent
+per-file service_sandbox_type.h=file://ipc/SECURITY_OWNERS
\ No newline at end of file

components/paint_preview/browser/BUILD.gn

@@ -25,6 +25,7 @@ source_set("browser") {
     "paint_preview_compositor_service_impl.cc",
     "paint_preview_compositor_service_impl.h",
     "paint_preview_policy.h",
+    "service_sandbox_type.h",
   ]
 
   deps = [

components/paint_preview/browser/compositor_utils.cc

@@ -9,6 +9,7 @@
 #include "base/bind.h"
 #include "build/build_config.h"
 #include "components/discardable_memory/service/discardable_shared_memory_manager.h"
+#include "components/paint_preview/browser/service_sandbox_type.h"
 #include "components/services/paint_preview_compositor/public/mojom/paint_preview_compositor.mojom.h"
 #include "components/strings/grit/components_strings.h"
 #include "content/public/browser/browser_task_traits.h"
@@ -40,12 +41,10 @@ CreateCompositorCollection() {
 
 void CreateCompositorCollectionPending(
     mojo::PendingReceiver<mojom::PaintPreviewCompositorCollection> collection) {
-  // TODO(crbug/1074323): Investigate using a different SandboxType.
   content::ServiceProcessHost::Launch<mojom::PaintPreviewCompositorCollection>(
       std::move(collection),
       content::ServiceProcessHost::Options()
           .WithDisplayName(IDS_PAINT_PREVIEW_COMPOSITOR_SERVICE_DISPLAY_NAME)
-          .WithSandboxType(service_manager::SandboxType::kPrintCompositor)
           .Pass());
 }
 

components/paint_preview/browser/service_sandbox_type.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_
+#define COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_
+
+#include "content/public/browser/sandbox_type.h"
+#include "content/public/browser/service_process_host.h"
+
+// This file maps service classes to sandbox types.  Services which
+// require a non-utility sandbox can be added here.  See
+// ServiceProcessHost::Launch() for how these templates are consumed.
+
+// paint_preview::mojom::PaintPreviewCompositorCollection
+namespace paint_preview {
+namespace mojom {
+class PaintPreviewCompositorCollection;
+}
+}  // namespace paint_preview
+
+template <>
+inline content::SandboxType content::GetServiceSandboxType<
+    paint_preview::mojom::PaintPreviewCompositorCollection>() {
+  // TODO(crbug/1074323): Investigate using a different SandboxType.
+  return content::SandboxType::kPrintCompositor;
+}
+
+#endif  // COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_