Expose enable/disable switch for shill sandboxing over DBus

This feature flag gates the use of minijail to sandbox shill (the network manager) on CrOS. Defaults to true. We want a feature flag for this in case any unforseen sandboxing compications occur on the beta or stable channels and Finch is our only way of reverting. CQ-DEPEND=CL:1172729,CL:1177883 "sudo -u chronos dbus-send --system --type=method_call --print-reply \ --dest=org.chromium.ChromeFeaturesService \ /org/chromium/ChromeFeaturesService \ "org.chromium.ChromeFeaturesServiceInterface.IsShillSandboxingEnabled" Bug: 649417 Test: Following command returned true (flag is true by default): Change-Id: I359b28d463f8f0ce861739d7f165f5437690bae5 Reviewed-on: https://chromium-review.googlesource.com/1173260 Commit-Queue: Micah Morton <mortonm@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#583750}

Expose enable/disable switch for shill sandboxing over DBus
This feature flag gates the use of minijail to sandbox shill (the network manager) on CrOS. Defaults to true. We want a feature flag for this in case any unforseen sandboxing compications occur on the beta or stable channels and Finch is our only way of reverting. CQ-DEPEND=CL:1172729,CL:1177883 "sudo -u chronos dbus-send --system --type=method_call --print-reply \ --dest=org.chromium.ChromeFeaturesService \ /org/chromium/ChromeFeaturesService \ "org.chromium.ChromeFeaturesServiceInterface.IsShillSandboxingEnabled" Bug: 649417 Test: Following command returned true (flag is true by default): Change-Id: I359b28d463f8f0ce861739d7f165f5437690bae5 Reviewed-on: https://chromium-review.googlesource.com/1173260 Commit-Queue: Micah Morton <mortonm@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#583750}
e87a5139 · Micah Morton · Commit Bot · 29799d2a · e87a5139 · e87a5139
Commit e87a5139 authored Aug 16, 2018 by Micah Morton Committed by Commit Bot Aug 16, 2018
6 changed files
--- a/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.cc
+++ b/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.cc
@@ -34,4 +34,8 @@ bool FinchFeaturesServiceProviderDelegate::IsUsbguardEnabled() {
  return base::FeatureList::IsEnabled(features::kUsbguard);
 }
+bool FinchFeaturesServiceProviderDelegate::IsShillSandboxingEnabled() {
+  return base::FeatureList::IsEnabled(features::kShillSandboxing);
+}
 }  // namespace chromeos
--- a/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.h
+++ b/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.h
@@ -20,6 +20,7 @@ class FinchFeaturesServiceProviderDelegate
  // ChromeServiceProvider::Delegate:
  bool IsCrostiniEnabled(const std::string& user_id_hash) override;
  bool IsUsbguardEnabled() override;
+  bool IsShillSandboxingEnabled() override;
 private:
  DISALLOW_COPY_AND_ASSIGN(FinchFeaturesServiceProviderDelegate);

--- a/chrome/common/chrome_features.cc
+++ b/chrome/common/chrome_features.cc
@@ -656,6 +656,10 @@ const base::Feature kMachineLearningService{"MachineLearningService",
 // Enable USBGuard at the lockscreen on Chrome OS.
 // TODO(crbug.com/874630): Remove this kill-switch
 const base::Feature kUsbguard{"USBGuard", base::FEATURE_ENABLED_BY_DEFAULT};
+// Enable running shill in a minijail sandbox on Chrome OS.
+const base::Feature kShillSandboxing{"ShillSandboxing",
+                                     base::FEATURE_DISABLED_BY_DEFAULT};
 #endif  // defined(OS_CHROMEOS)
 #if !defined(OS_ANDROID)

--- a/chrome/common/chrome_features.h
+++ b/chrome/common/chrome_features.h
@@ -353,6 +353,8 @@ extern const base::Feature kCrOSEnableUSMUserService;
 extern const base::Feature kMachineLearningService;
 extern const base::Feature kUsbguard;
+extern const base::Feature kShillSandboxing;
 #endif  // defined(OS_CHROMEOS)
 #if !defined(OS_ANDROID)

--- a/chromeos/dbus/services/chrome_features_service_provider.cc
+++ b/chromeos/dbus/services/chrome_features_service_provider.cc
@@ -35,6 +35,14 @@ void ChromeFeaturesServiceProvider::Start(
                          weak_ptr_factory_.GetWeakPtr()),
      base::BindRepeating(&ChromeFeaturesServiceProvider::OnExported,
                          weak_ptr_factory_.GetWeakPtr()));
+  exported_object->ExportMethod(
+      kChromeFeaturesServiceInterface,
+      kChromeFeaturesServiceIsShillSandboxingEnabledMethod,
+      base::BindRepeating(
+          &ChromeFeaturesServiceProvider::IsShillSandboxingEnabled,
+          weak_ptr_factory_.GetWeakPtr()),
+      base::BindRepeating(&ChromeFeaturesServiceProvider::OnExported,
+                          weak_ptr_factory_.GetWeakPtr()));
 }
 void ChromeFeaturesServiceProvider::OnExported(
@@ -76,4 +84,14 @@ void ChromeFeaturesServiceProvider::IsUsbguardEnabled(
  response_sender.Run(std::move(response));
 }
+void ChromeFeaturesServiceProvider::IsShillSandboxingEnabled(
+    dbus::MethodCall* method_call,
+    dbus::ExportedObject::ResponseSender response_sender) {
+  std::unique_ptr<dbus::Response> response =
+      dbus::Response::FromMethodCall(method_call);
+  dbus::MessageWriter writer(response.get());
+  writer.AppendBool(delegate_->IsShillSandboxingEnabled());
+  response_sender.Run(std::move(response));
+}
 }  // namespace chromeos
--- a/chromeos/dbus/services/chrome_features_service_provider.h
+++ b/chromeos/dbus/services/chrome_features_service_provider.h
@@ -42,6 +42,7 @@ class CHROMEOS_EXPORT ChromeFeaturesServiceProvider
    virtual bool IsCrostiniEnabled(const std::string& user_id_hash) = 0;
    virtual bool IsUsbguardEnabled() = 0;
+    virtual bool IsShillSandboxingEnabled() = 0;
   private:
    DISALLOW_COPY_AND_ASSIGN(Delegate);
@@ -65,6 +66,9 @@ class CHROMEOS_EXPORT ChromeFeaturesServiceProvider
                         dbus::ExportedObject::ResponseSender response_sender);
  void IsUsbguardEnabled(dbus::MethodCall* method_call,
                         dbus::ExportedObject::ResponseSender response_sender);
+  void IsShillSandboxingEnabled(
+      dbus::MethodCall* method_call,
+      dbus::ExportedObject::ResponseSender response_sender);
  std::unique_ptr<Delegate> delegate_;
  // Keep this last so that all weak pointers will be invalidated at the