Revert of services/shell: Turn on sandboxing for mojo apps. (patchset #9...

Revert of services/shell: Turn on sandboxing for mojo apps. (patchset #9 id:180001 of https://codereview.chromium.org/2338793003/ )

Reason for revert:
Causes a timeout on mash_browser_tests.

Original issue's description:
> services/shell: Turn on sandboxing for mojo apps.
>
> Turn on sandbox for mojo apps by default. Apps that need to run
> without a sandbox need to include 'shell:unsandboxed' in their
> capabilities in manifest for mojo:shell.
>
> Update manifests for mojo:ui, mojo:font_service, mojo:file_system,
> and mojo:leveldb services to include 'shell:unsandboxed'.
>
> BUG=645602, 646376
>
> Committed: https://crrev.com/43aa4f706d6020c93f11fa952d7f1d7a7337c570
> Cr-Commit-Position: refs/heads/master@{#419891}

TBR=rockot@chromium.org,ben@chromium.org,tsepez@chromium.org,sadrul@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=645602, 646376

Review-Url: https://codereview.chromium.org/2353783004
Cr-Commit-Position: refs/heads/master@{#419928}

chrome/app/mash/mash_runner.cc

@@ -73,14 +73,6 @@ class NativeRunnerDelegateImpl : public shell::NativeRunnerDelegate {
 #if defined(OS_WIN)
       command_line->AppendArg(switches::kPrefetchArgumentOther);
 #endif
-      if (target.instance() == "font_service" || target.instance() == "ui") {
-        base::CommandLine::StringVector argv(command_line->argv());
-        auto iter = std::find(argv.begin(), argv.end(),
-                              FILE_PATH_LITERAL("--enable-sandbox"));
-        if (iter != argv.end())
-          argv.erase(iter);
-        *command_line = base::CommandLine(argv);
-      }
       return;
     }
 

chrome/test/base/mojo_test_connector.cc

@@ -215,14 +215,6 @@ class MojoTestConnector::NativeRunnerDelegateImpl
       if (target.name() == "exe:mash_browser_tests")
         RemoveMashFromBrowserTests(command_line);
       command_line->AppendSwitch(MojoTestConnector::kMashApp);
-      if (target.instance() == "font_service" || target.instance() == "ui") {
-        base::CommandLine::StringVector argv(command_line->argv());
-        auto iter = std::find(argv.begin(), argv.end(),
-                              FILE_PATH_LITERAL("--enable-sandbox"));
-        if (iter != argv.end())
-          argv.erase(iter);
-        *command_line = base::CommandLine(argv);
-      }
       return;
     }
 

components/filesystem/manifest.json

@@ -4,8 +4,7 @@
   "display_name": "File System Service",
   "capabilities": {
     "required": {
-      "*": { "classes": [ "app" ] },
-      "mojo:shell": { "classes": ["shell:unsandboxed"] }
+      "*": { "classes": [ "app" ] }
     }
   }
 }

components/font_service/manifest.json

@@ -9,8 +9,7 @@
       ]
     },
     "required": {
-      "*": { "classes": [ "app" ] },
-      "mojo:shell": { "classes": ["shell:unsandboxed"] }
+      "*": { "classes": [ "app" ] }
     }
   }
 }

components/leveldb/manifest.json

@@ -4,8 +4,7 @@
   "display_name": "LevelDB Service",
   "capabilities": {
     "required": {
-      "*": { "classes": [ "app" ] },
-      "mojo:shell": { "classes": ["shell:unsandboxed"] }
+      "*": { "classes": [ "app" ] }
     }
   }
 }

services/shell/service_manager.cc

@@ -39,7 +39,6 @@ const char kCapabilityClass_ClientProcess[] = "shell:client_process";
 const char kCapabilityClass_InstanceName[] = "shell:instance_name";
 const char kCapabilityClass_AllUsers[] = "shell:all_users";
 const char kCapabilityClass_ExplicitClass[] = "shell:explicit_class";
-const char kCapabilityClass_Unsandboxed[] = "shell:unsandboxed";
 
 }  // namespace
 
@@ -217,10 +216,10 @@ class ServiceManager::Instance
     StartWithService(std::move(service));
   }
 
-  void StartWithFilePath(const base::FilePath& path, bool unsandboxed) {
+  void StartWithFilePath(const base::FilePath& path) {
     CHECK(!service_);
     runner_ = service_manager_->native_runner_factory_->Create(path);
-    bool start_sandboxed = !unsandboxed;
+    bool start_sandboxed = false;
     mojom::ServicePtr service = runner_->Start(
         path, identity_, start_sandboxed,
         base::Bind(&Instance::PIDAvailable, weak_factory_.GetWeakPtr()),
@@ -822,8 +821,7 @@ void ServiceManager::OnGotResolvedName(std::unique_ptr<ConnectParams> params,
                        instance_name);
       CreateServiceWithFactory(factory, target.name(), std::move(request));
     } else {
-      bool unsandboxed = HasClass(capabilities, kCapabilityClass_Unsandboxed);
-      instance->StartWithFilePath(result->package_path, unsandboxed);
+      instance->StartWithFilePath(result->package_path);
     }
   }
 

services/ui/manifest.json

@@ -26,13 +26,7 @@
     "required": {
       "mojo:ui": { "classes": [ "ozone" ] },
       "*": { "classes": [ "app" ] },
-      "mojo:shell": {
-        "classes": [
-          "shell:all_users",
-          "shell:explicit_class",
-          "shell:unsandboxed"
-        ]
-      }
+      "mojo:shell": { "classes": [ "shell:all_users", "shell:explicit_class" ] }
     }
   }
 }