Remove content/public/browser/sandbox_type.h

High level sandbox policy is now housed in //sandbox/policy. This is part of moving the service manager back into //content. Bug: 1097376 Change-Id: If71f2097d54eb440325e1705e0045d943fe4df39 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2289219Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Auto-Submit: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#789120}

Remove content/public/browser/sandbox_type.h
High level sandbox policy is now housed in //sandbox/policy. This is part of moving the service manager back into //content. Bug: 1097376 Change-Id: If71f2097d54eb440325e1705e0045d943fe4df39 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2289219Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Auto-Submit: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#789120}
93512217 · Alex Gough · Commit Bot · 88bd95fa · 93512217 · 93512217
Commit 93512217 authored Jul 16, 2020 by Alex Gough Committed by Commit Bot Jul 16, 2020
12 changed files
--- a/chrome/browser/chromeos/service_sandbox_type.h
+++ b/chrome/browser/chromeos/service_sandbox_type.h
@@ -6,8 +6,8 @@
 #define CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_
 #include "chromeos/constants/chromeos_features.h"
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_host.h"
+#include "sandbox/policy/sandbox_type.h"
 // This file maps service classes to sandbox types.  Services which
 // require a non-utility sandbox can be added here.  See
@@ -23,12 +23,12 @@ class InputEngineManager;
 }  // namespace chromeos
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chromeos::ime::mojom::InputEngineManager>() {
  if (chromeos::features::IsImeSandboxEnabled())
-    return content::SandboxType::kIme;
+    return sandbox::policy::SandboxType::kIme;
-  return content::SandboxType::kUtility;
+  return sandbox::policy::SandboxType::kUtility;
 }
 // chromeos::tts::mojom::TtsService
@@ -41,9 +41,9 @@ class TtsService;
 }  // namespace chromeos
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chromeos::tts::mojom::TtsService>() {
-  return content::SandboxType::kTts;
+  return sandbox::policy::SandboxType::kTts;
 }
 #endif  // CHROME_BROWSER_CHROMEOS_SERVICE_SANDBOX_TYPE_H_
--- a/chrome/browser/service_sandbox_type.h
+++ b/chrome/browser/service_sandbox_type.h
@@ -6,8 +6,8 @@
 #define CHROME_BROWSER_SERVICE_SANDBOX_TYPE_H_
 #include "build/build_config.h"
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_host.h"
+#include "sandbox/policy/sandbox_type.h"
 #if !defined(OS_ANDROID)
 #include "chrome/services/speech/buildflags.h"
@@ -25,12 +25,12 @@ class RemovableStorageWriter;
 }  // namespace chrome
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chrome::mojom::RemovableStorageWriter>() {
 #if defined(OS_WIN)
-  return SandboxType::kNoSandboxAndElevatedPrivileges;
+  return sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges;
 #else
-  return SandboxType::kNoSandbox;
+  return sandbox::policy::SandboxType::kNoSandbox;
 #endif  // !defined(OS_WIN)
 }
@@ -43,9 +43,9 @@ class UtilReadIcon;
 }  // namespace chrome
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chrome::mojom::UtilReadIcon>() {
-  return content::SandboxType::kIconReader;
+  return sandbox::policy::SandboxType::kIconReader;
 }
 #endif  // defined(OS_WIN)
@@ -58,9 +58,9 @@ class UtilWin;
 }  // namespace chrome
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chrome::mojom::UtilWin>() {
-  return content::SandboxType::kNoSandbox;
+  return sandbox::policy::SandboxType::kNoSandbox;
 }
 #endif  // defined(OS_WIN)
@@ -72,9 +72,9 @@ class ProfileImport;
 }  // namespace chrome
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<chrome::mojom::ProfileImport>() {
-  return content::SandboxType::kNoSandbox;
+  return sandbox::policy::SandboxType::kNoSandbox;
 }
 // media::mojom::SpeechRecognitionService
@@ -87,9 +87,9 @@ class SpeechRecognitionService;
 }  // namespace media
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<media::mojom::SpeechRecognitionService>() {
-  return content::SandboxType::kSpeechRecognition;
+  return sandbox::policy::SandboxType::kSpeechRecognition;
 }
 #endif  // BUILDFLAG(ENABLE_SODA)
 #endif  // !defined(OS_ANDROID)
@@ -103,9 +103,9 @@ class PrintingService;
 }  // namespace printing
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<printing::mojom::PrintingService>() {
-  return content::SandboxType::kPdfConversion;
+  return sandbox::policy::SandboxType::kPdfConversion;
 }
 #endif  // defined(OS_WIN)
@@ -118,9 +118,9 @@ class ProxyResolverFactory;
 }  // namespace proxy_resolver
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<proxy_resolver::mojom::ProxyResolverFactory>() {
-  return content::SandboxType::kProxyResolver;
+  return sandbox::policy::SandboxType::kProxyResolver;
 }
 #endif  // defined(OS_WIN)
@@ -133,9 +133,9 @@ class Quarantine;
 }  // namespace quarantine
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<quarantine::mojom::Quarantine>() {
-  return content::SandboxType::kNoSandbox;
+  return sandbox::policy::SandboxType::kNoSandbox;
 }
 #endif  // defined(OS_WIN)
@@ -148,9 +148,9 @@ class Sharing;
 }  // namespace sharing
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<sharing::mojom::Sharing>() {
-  return content::SandboxType::kSharingService;
+  return sandbox::policy::SandboxType::kSharingService;
 }
 #endif  // !defined(OS_MACOSX)

--- a/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
+++ b/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
@@ -14,7 +14,6 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/child_process_data.h"
 #include "content/public/browser/render_process_host.h"
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/web_ui.h"
 #include "content/public/common/process_type.h"
 #include "sandbox/policy/win/sandbox_win.h"

--- a/components/paint_preview/browser/DEPS
+++ b/components/paint_preview/browser/DEPS
@@ -9,6 +9,7 @@ include_rules = [
  "+content/public/browser",
  "+content/public/test",
  "+services/metrics/public/cpp",
+  "+sandbox/policy/sandbox_type.h",
  "+third_party/blink/public/common",
  "+third_party/zlib/google",
 ]
--- a/components/paint_preview/browser/service_sandbox_type.h
+++ b/components/paint_preview/browser/service_sandbox_type.h
@@ -5,8 +5,8 @@
 #ifndef COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_
 #define COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_host.h"
+#include "sandbox/policy/sandbox_type.h"
 // This file maps service classes to sandbox types.  Services which
 // require a non-utility sandbox can be added here.  See
@@ -20,10 +20,10 @@ class PaintPreviewCompositorCollection;
 }  // namespace paint_preview
 template <>
-inline content::SandboxType content::GetServiceSandboxType<
+inline sandbox::policy::SandboxType content::GetServiceSandboxType<
    paint_preview::mojom::PaintPreviewCompositorCollection>() {
  // TODO(crbug/1074323): Investigate using a different SandboxType.
-  return content::SandboxType::kPrintCompositor;
+  return sandbox::policy::SandboxType::kPrintCompositor;
 }
 #endif  // COMPONENTS_PAINT_PREVIEW_BROWSER_SERVICE_SANDBOX_TYPE_H_
--- a/components/printing/browser/DEPS
+++ b/components/printing/browser/DEPS
@@ -5,6 +5,7 @@ include_rules = [
  "+components/strings/grit",
  "+content/public/browser",
  "+mojo/public",
+  "+sandbox/policy/sandbox_type.h",
  "+ui/base/l10n",
 ]

--- a/components/printing/browser/service_sandbox_type.h
+++ b/components/printing/browser/service_sandbox_type.h
@@ -5,8 +5,8 @@
 #ifndef COMPONENTS_PRINTING_BROWSER_SERVICE_SANDBOX_TYPE_H_
 #define COMPONENTS_PRINTING_BROWSER_SERVICE_SANDBOX_TYPE_H_
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_host.h"
+#include "sandbox/policy/sandbox_type.h"
 // This file maps service classes to sandbox types.  Services which
 // require a non-utility sandbox can be added here.  See
@@ -20,9 +20,9 @@ class PrintCompositor;
 }  // namespace printing
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<printing::mojom::PrintCompositor>() {
-  return content::SandboxType::kPrintCompositor;
+  return sandbox::policy::SandboxType::kPrintCompositor;
 }
 #endif  // COMPONENTS_PRINTING_BROWSER_SERVICE_SANDBOX_TYPE_H_
--- a/content/browser/service_sandbox_type.h
+++ b/content/browser/service_sandbox_type.h
@@ -8,10 +8,10 @@
 #include "base/feature_list.h"
 #include "build/build_config.h"
 #include "content/public/browser/content_browser_client.h"
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_host.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_features.h"
+#include "sandbox/policy/sandbox_type.h"
 // This file maps service classes to sandbox types.  Services which
 // require a non-utility sandbox can be added here.  See
@@ -24,9 +24,9 @@ class AudioService;
 }
 }  // namespace audio
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<audio::mojom::AudioService>() {
-  return content::SandboxType::kAudio;
+  return sandbox::policy::SandboxType::kAudio;
 }
 // media::mojom::CdmService
@@ -36,9 +36,9 @@ class CdmService;
 }
 }  // namespace media
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<media::mojom::CdmService>() {
-  return content::SandboxType::kCdm;
+  return sandbox::policy::SandboxType::kCdm;
 }
 // network::mojom::NetworkService
@@ -48,9 +48,9 @@ class NetworkService;
 }
 }  // namespace network
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<network::mojom::NetworkService>() {
-  return content::SandboxType::kNetwork;
+  return sandbox::policy::SandboxType::kNetwork;
 }
 // device::mojom::XRDeviceService
@@ -61,9 +61,9 @@ class XRDeviceService;
 }
 }  // namespace device
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<device::mojom::XRDeviceService>() {
-  return content::SandboxType::kXrCompositing;
+  return sandbox::policy::SandboxType::kXrCompositing;
 }
 #endif  // OS_WIN
@@ -74,9 +74,9 @@ class VideoCaptureService;
 }
 }  // namespace video_capture
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<video_capture::mojom::VideoCaptureService>() {
-  return content::SandboxType::kVideoCapture;
+  return sandbox::policy::SandboxType::kVideoCapture;
 }
 // storage::mojom::StorageService
@@ -89,7 +89,7 @@ class StorageService;
 }  // namespace storage
 template <>
-inline content::SandboxType
+inline sandbox::policy::SandboxType
 content::GetServiceSandboxType<storage::mojom::StorageService>() {
  const bool should_sandbox =
      base::FeatureList::IsEnabled(features::kStorageServiceSandbox);
@@ -97,8 +97,8 @@ content::GetServiceSandboxType<storage::mojom::StorageService>() {
      GetContentClient()->browser()->GetSandboxedStorageServiceDataDirectory();
  const bool is_sandboxed = should_sandbox && !sandboxed_data_dir.empty();
-  return is_sandboxed ? content::SandboxType::kUtility
+  return is_sandboxed ? sandbox::policy::SandboxType::kUtility
-                      : content::SandboxType::kNoSandbox;
+                      : sandbox::policy::SandboxType::kNoSandbox;
 }
 #endif

--- a/content/public/browser/BUILD.gn
+++ b/content/public/browser/BUILD.gn
@@ -304,7 +304,6 @@ jumbo_source_set("browser_sources") {
    "resource_coordinator_service.h",
    "restore_type.h",
    "same_site_data_remover.h",
-    "sandbox_type.h",
    "save_page_type.h",
    "screen_orientation_delegate.h",
    "screenlock_observer.h",

--- a/content/public/browser/child_process_data.h
+++ b/content/public/browser/child_process_data.h
@@ -8,7 +8,7 @@
 #include "base/process/process.h"
 #include "base/strings/string16.h"
 #include "content/common/content_export.h"
-#include "content/public/browser/sandbox_type.h"
+#include "sandbox/policy/sandbox_type.h"
 namespace content {
@@ -30,9 +30,9 @@ struct CONTENT_EXPORT ChildProcessData {
  // one run of the browser.
  int id = 0;
-  // The content::SandboxType that this process was launched at. May be
+  // The SandboxType that this process was launched at. May be invalid prior
-  // invalid prior to process launch.
+  // to process launch.
-  content::SandboxType sandbox_type;
+  sandbox::policy::SandboxType sandbox_type;
  const base::Process& GetProcess() const { return process_; }
  // Since base::Process is non-copyable, the caller has to provide a rvalue.

--- a/content/public/browser/sandbox_type.h
+++ b/content/public/browser/sandbox_type.h
-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef CONTENT_PUBLIC_BROWSER_SANDBOX_TYPE_H_
-#define CONTENT_PUBLIC_BROWSER_SANDBOX_TYPE_H_
-#include "sandbox/policy/sandbox_type.h"
-namespace content {
-// TODO(crbug.com/1097376): Remove this header and replace users with
-// sandbox/policy/sandbox_type.h.
-using SandboxType = sandbox::policy::SandboxType;
-}  // namespace content
-#endif  // CONTENT_PUBLIC_BROWSER_SANDBOX_TYPE_H_
--- a/content/public/browser/service_process_host.h
+++ b/content/public/browser/service_process_host.h
@@ -17,12 +17,12 @@
 #include "base/strings/string16.h"
 #include "base/strings/string_piece.h"
 #include "content/common/content_export.h"
-#include "content/public/browser/sandbox_type.h"
 #include "content/public/browser/service_process_info.h"
 #include "mojo/public/cpp/bindings/generic_pending_receiver.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/remote.h"
 #include "mojo/public/cpp/system/message_pipe.h"
+#include "sandbox/policy/sandbox_type.h"
 namespace content {
@@ -31,8 +31,8 @@ namespace content {
 // services that use other sandbox types, consult
 // security-dev@chromium.org and add to an appropriate |service_sandbox_type.h|.
 template <typename Interface>
-inline content::SandboxType GetServiceSandboxType() {
+inline sandbox::policy::SandboxType GetServiceSandboxType() {
-  return SandboxType::kUtility;
+  return sandbox::policy::SandboxType::kUtility;
 }
 // ServiceProcessHost is used to launch new service processes given basic
@@ -79,7 +79,8 @@ class CONTENT_EXPORT ServiceProcessHost {
    // to |Launch()|.
    Options Pass();
-    SandboxType sandbox_type = SandboxType::kUtility;
+    sandbox::policy::SandboxType sandbox_type =
+        sandbox::policy::SandboxType::kUtility;
    base::string16 display_name;
    base::Optional<int> child_flags;
    std::vector<std::string> extra_switches;