Add non-sandboxed utility process support and non-public Android Chromecast

Adds the ability for non-public Android Chromecast to pass a flag to
disable sandboxes on utility process creation. This targets the
ability to use this flag so it cannot be used accidentally.

Bug: b/118772032 (internal)
Test: Local builds including using the flag verification.
Change-Id: I17bd1318796f4fed6400e2b2486954af384ba494
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2122469Reviewed-by: Bo <boliu@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Reviewed-by: Andrew Grieve <agrieve@chromium.org>
Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
Auto-Submit: Brett Kilty <brettk@google.com>
Cr-Commit-Position: refs/heads/master@{#755875}

base/android/java/templates/BuildConfig.template

@@ -80,4 +80,10 @@ public class BuildConfig {
 #else
     public static MAYBE_FINAL boolean IS_INCREMENTAL_INSTALL MAYBE_FALSE;
 #endif
+
+#if defined(_IS_CHROMECAST_BRANDING_INTERNAL)
+    public static MAYBE_FINAL boolean IS_CHROMECAST_BRANDING_INTERNAL = true;
+#else
+    public static MAYBE_FINAL boolean IS_CHROMECAST_BRANDING_INTERNAL MAYBE_FALSE;
+#endif
 }

build/config/android/rules.gni

@@ -1934,6 +1934,10 @@ if (enable_java_templates) {
         defines += [ "_IS_CHROME_BRANDED" ]
       }
 
+      if (is_chromecast && chromecast_branding == "internal") {
+        defines += [ "_IS_CHROMECAST_BRANDING_INTERNAL" ]
+      }
+
       if (defined(invoker.bundles_supported) && invoker.bundles_supported) {
         defines += [ "_BUNDLES_SUPPORTED" ]
       }

content/common/android/java_templates/ContentSwitches.java.tmpl

@@ -64,6 +64,9 @@ public final class ContentSwitches {{
     // Native switch value kNetworkSandbox
     public static final String NETWORK_SANDBOX_TYPE = "network";
 
+    // Native switch kNoneSandbox, only honored on non-public Chromecast builds.
+    public static final String NONE_SANDBOX_TYPE = "none";
+
 {NATIVE_STRINGS}
 
     // Prevent instantiation.

content/public/android/java/src/org/chromium/content/browser/ChildProcessLauncherHelperImpl.java

@@ -15,6 +15,7 @@ import androidx.annotation.VisibleForTesting;
 
 import org.chromium.base.ApplicationState;
 import org.chromium.base.ApplicationStatus;
+import org.chromium.base.BuildConfig;
 import org.chromium.base.Callback;
 import org.chromium.base.ChildBindingState;
 import org.chromium.base.CollectionUtil;
@@ -237,9 +238,17 @@ public final class ChildProcessLauncherHelperImpl {
                 // We only support sandboxed utility processes now.
                 assert ContentSwitches.SWITCH_UTILITY_PROCESS.equals(processType);
 
+                String serviceSandboxType = ContentSwitchUtils.getSwitchValue(
+                        commandLine, ContentSwitches.SWITCH_SERVICE_SANDBOX_TYPE);
+
+                // Non-sandboxed utility processes only supported for non-public Chromecast.
+                if (BuildConfig.IS_CHROMECAST_BRANDING_INTERNAL
+                        && ContentSwitches.NONE_SANDBOX_TYPE.equals(serviceSandboxType)) {
+                    sandboxed = false;
+                }
+
                 // Remove sandbox restriction on network service process.
-                if (ContentSwitches.NETWORK_SANDBOX_TYPE.equals(ContentSwitchUtils.getSwitchValue(
-                            commandLine, ContentSwitches.SWITCH_SERVICE_SANDBOX_TYPE))) {
+                if (ContentSwitches.NETWORK_SANDBOX_TYPE.equals(serviceSandboxType)) {
                     sandboxed = false;
                 }
             }

services/service_manager/sandbox/sandbox_type.cc

@@ -63,7 +63,15 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
                                        SandboxType sandbox_type) {
   switch (sandbox_type) {
     case SandboxType::kNoSandbox:
-      command_line->AppendSwitch(switches::kNoSandbox);
+      if (command_line->GetSwitchValueASCII(switches::kProcessType) ==
+          switches::kUtilityProcess) {
+        DCHECK(!command_line->HasSwitch(switches::kServiceSandboxType));
+        command_line->AppendSwitchASCII(
+            switches::kServiceSandboxType,
+            StringFromUtilitySandboxType(sandbox_type));
+      } else {
+        command_line->AppendSwitch(switches::kNoSandbox);
+      }
       break;
 #if defined(OS_WIN)
     case SandboxType::kNoSandboxAndElevatedPrivileges:

services/service_manager/tests/sandbox/sandbox_type_unittest.cc

@@ -108,6 +108,12 @@ TEST(SandboxTypeTest, Utility) {
             SandboxTypeFromCommandLine(command_line12));
 #endif
 
+  base::CommandLine command_line13(command_line);
+  command_line13.AppendSwitchASCII(switches::kServiceSandboxType,
+                                   switches::kNoneSandbox);
+  EXPECT_EQ(SandboxType::kNoSandbox,
+            SandboxTypeFromCommandLine(command_line13));
+
   command_line.AppendSwitch(switches::kNoSandbox);
   EXPECT_EQ(SandboxType::kNoSandbox, SandboxTypeFromCommandLine(command_line));
 }