Allow dumping Chrome sandboxes.

It can be very useful when developing features to access the sandboxes.
This CL adds the possibility to dump the sandboxes to the Document
directory, which is accessible via the finder.

Change-Id: I0f760fdf59350dc85744048f374b8585392cc670
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2316365Reviewed-by: Satoru Takabayashi <satorux@chromium.org>
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Olivier Robin <olivierrobin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793043}

ios/chrome/app/BUILD.gn

@@ -293,11 +293,15 @@ source_set("main") {
     ":app_internal",
     "//base",
     "//components/crash/core/common",
+    "//ios/chrome/app/startup:ios_enable_sandbox_dump_buildflags",
     "//ios/chrome/app/startup:startup_basic",
     "//ios/chrome/browser/crash_report",
     "//ios/chrome/common",
     "//ios/testing/perf:startup",
   ]
+  if (ios_enable_sandbox_dump) {
+    deps += [ "//ios/chrome/app/startup:sandbox_dump" ]
+  }
 
   if (ios_chrome_links_with_material_components_framework) {
     deps += [

ios/chrome/app/chrome_exe_main.mm

@@ -9,10 +9,15 @@
 #include "base/strings/sys_string_conversions.h"
 #include "components/crash/core/common/crash_keys.h"
 #include "ios/chrome/app/startup/ios_chrome_main.h"
+#include "ios/chrome/app/startup/ios_enable_sandbox_dump_buildflags.h"
 #include "ios/chrome/browser/crash_report/breakpad_helper.h"
 #include "ios/chrome/common/channel_info.h"
 #include "ios/testing/perf/startupLoggers.h"
 
+#if BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+#include "ios/chrome/app/startup/sandbox_dump.h"  // nogncheck
+#endif  // BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+
 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
 #endif
@@ -73,6 +78,13 @@ int main(int argc, char* argv[]) {
   IOSChromeMain::InitStartTime();
   startup_loggers::RegisterAppStartTime();
 
+#if BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+  // Dumps the sandbox if needed. This must be called as soon as possible,
+  // before actions are done on the sandbox.
+  // This is a blocking call.
+  DumpSandboxIfRequested();
+#endif  // BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+
   // Set NSUserDefaults keys to force pseudo-RTL if needed.
   SetTextDirectionIfPseudoRTLEnabled();
 

ios/chrome/app/startup/BUILD.gn

@@ -2,6 +2,8 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
+import("//build/buildflag_header.gni")
+import("//ios/chrome/features.gni")
 import("//ios/public/provider/chrome/browser/build_config.gni")
 
 # Target for sources that don't depend on //ios/chrome/browser:browser
@@ -29,10 +31,34 @@ source_set("startup_basic") {
     "//ios/web/public/init",
     "//skia",
   ]
+  if (ios_enable_sandbox_dump) {
+    deps += [ ":sandbox_dump" ]
+  }
 
   assert_no_deps = [ "//ios/chrome/browser" ]
 }
 
+buildflag_header("ios_enable_sandbox_dump_buildflags") {
+  header = "ios_enable_sandbox_dump_buildflags.h"
+  flags = [ "IOS_ENABLE_SANDBOX_DUMP=$ios_enable_sandbox_dump" ]
+}
+
+if (ios_enable_sandbox_dump) {
+  source_set("sandbox_dump") {
+    configs += [ "//build/config/compiler:enable_arc" ]
+    sources = [
+      "sandbox_dump.h",
+      "sandbox_dump.mm",
+    ]
+    deps = [
+      ":ios_enable_sandbox_dump_buildflags",
+      "//base",
+      "//ios/chrome/common/app_group",
+      "//third_party/zlib/google:zip",
+    ]
+  }
+}
+
 source_set("startup") {
   sources = [
     "chrome_app_startup_parameters.h",

ios/chrome/app/startup/DEPS

+specific_include_rules = {
+  "sandbox_dump\.mm": [
+    "+third_party/zlib/google/zip.h",
+  ],
+}

ios/chrome/app/startup/sandbox_dump.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_CHROME_APP_STARTUP_SANDBOX_DUMP_H_
+#define IOS_CHROME_APP_STARTUP_SANDBOX_DUMP_H_
+
+// Dumps the sandboxed directory accessible by Chrome to the document directory.
+// The dump is then accessible using finder.
+// The document directory is not copied as it is already accessible.
+// Some files or directories cannot be copied, so they are silently skipped.
+// This function makes file operation on main thread and can block.
+void DumpSandboxIfRequested();
+
+#endif  // IOS_CHROME_APP_STARTUP_SANDBOX_DUMP_H_

ios/chrome/app/startup/sandbox_dump.mm

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/chrome/app/startup/sandbox_dump.h"
+
+#import <Foundation/Foundation.h>
+
+#include "base/bind.h"
+#include "base/strings/sys_string_conversions.h"
+#include "ios/chrome/app/startup/ios_enable_sandbox_dump_buildflags.h"
+#include "ios/chrome/common/app_group/app_group_constants.h"
+#include "third_party/zlib/google/zip.h"
+
+#if !defined(__has_feature) || !__has_feature(objc_arc)
+#error "This file requires ARC support."
+#endif
+
+#if !BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+#error "This file should only be compiled with IOS_ENABLE_SANDBOX_DUMP flag."
+#endif  // BUILDFLAG(IOS_ENABLE_SANDBOX_DUMP)
+
+void DumpSandboxIfRequested() {
+  if (![[NSUserDefaults standardUserDefaults]
+          boolForKey:@"EnableDumpSandboxes"]) {
+    return;
+  }
+  [[NSUserDefaults standardUserDefaults] setBool:NO
+                                          forKey:@"EnableDumpSandboxes"];
+  NSArray* paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory,
+                                                       NSUserDomainMask, YES);
+
+  NSString* document_directory = [paths objectAtIndex:0];
+  NSString* appdata_directory =
+      [document_directory stringByDeletingLastPathComponent];
+  NSString* dump_directory =
+      [document_directory stringByAppendingPathComponent:@"sandboxdump"];
+  NSError* error;
+  [[NSFileManager defaultManager] removeItemAtPath:dump_directory error:&error];
+  [[NSFileManager defaultManager] createDirectoryAtPath:dump_directory
+                            withIntermediateDirectories:NO
+                                             attributes:nil
+                                                  error:&error];
+
+  NSString* application_zip = [dump_directory
+      stringByAppendingPathComponent:
+          [NSString stringWithFormat:@"%@.zip",
+                                     [[NSBundle mainBundle] bundleIdentifier]]];
+
+  zip::FilterCallback callback =
+      base::BindRepeating(^(const base::FilePath& path) {
+        NSString* nspath = base::SysUTF8ToNSString(path.value());
+        if ([nspath hasPrefix:document_directory]) {
+          return false;
+        }
+        if (![[NSFileManager defaultManager] isReadableFileAtPath:nspath]) {
+          return false;
+        }
+        return true;
+      });
+
+  base::FilePath source_dir(base::SysNSStringToUTF8(appdata_directory));
+  base::FilePath zip_path(base::SysNSStringToUTF8(application_zip));
+  zip::ZipWithFilterCallback(source_dir, zip_path, callback);
+
+  NSString* common_group = app_group::CommonApplicationGroup();
+  if ([common_group length]) {
+    NSURL* common_group_url = [[NSFileManager defaultManager]
+        containerURLForSecurityApplicationGroupIdentifier:common_group];
+    NSString* common_group_zip = [dump_directory
+        stringByAppendingPathComponent:[NSString
+                                           stringWithFormat:@"%@.zip",
+                                                            common_group]];
+    base::FilePath common_group_path(
+        base::SysNSStringToUTF8([common_group_url path]));
+    base::FilePath common_group_zip_path(
+        base::SysNSStringToUTF8(common_group_zip));
+    zip::ZipWithFilterCallback(common_group_path, common_group_zip_path,
+                               callback);
+  }
+
+  NSString* app_group = app_group::ApplicationGroup();
+  if ([app_group length]) {
+    NSURL* app_group_url = [[NSFileManager defaultManager]
+        containerURLForSecurityApplicationGroupIdentifier:app_group];
+    NSString* app_group_zip = [dump_directory
+        stringByAppendingPathComponent:[NSString stringWithFormat:@"%@.zip",
+                                                                  app_group]];
+    base::FilePath app_group_path(
+        base::SysNSStringToUTF8([app_group_url path]));
+    base::FilePath app_group_zip_path(base::SysNSStringToUTF8(app_group_zip));
+    zip::ZipWithFilterCallback(app_group_path, app_group_zip_path, callback);
+  }
+}

ios/chrome/browser/BUILD.gn

@@ -270,6 +270,9 @@ tweak_info_plist("experimental_info_plist") {
   if (ios_enable_metrickit) {
     info_plists += [ "resources/Settings.bundle/ExperimentalMetricKit.plist" ]
   }
+  if (ios_enable_sandbox_dump) {
+    info_plists += [ "resources/Settings.bundle/ExperimentalSandboxDump.plist" ]
+  }
   info_plists += [
     "resources/Settings.bundle/ExperimentalFlags.plist",
     "resources/Settings.bundle/ExperimentalBlank.plist",

ios/chrome/browser/resources/Settings.bundle/ExperimentalSandboxDump.plist

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PreferenceSpecifiers</key>
+	<array>
+		<dict>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+			<key>Title</key>
+			<string>Dump sandbox</string>
+		</dict>
+		<dict>
+			<key>Type</key>
+			<string>PSToggleSwitchSpecifier</string>
+			<key>Title</key>
+			<string>Dump Sandboxes to Documents</string>
+			<key>Key</key>
+			<string>EnableDumpSandboxes</string>
+			<key>DefaultValue</key>
+			<false/>
+		</dict>
+	</array>
+</dict>
+</plist>

ios/chrome/features.gni

@@ -10,4 +10,7 @@ declare_args() {
 
   # Enable MetricKit in Chrome to collect runtime data.
   ios_enable_metrickit = false
+
+  # Enable an experimental option to dump sandbox.
+  ios_enable_sandbox_dump = false
 }