Move NetworkPreSpawnTarget into utility sandbox delegate

Removes pre-spawn hook and export from network service and moves code into utility delegate. No functional changes. This code only runs for Windows. Various DEPS and OWNERS are also updated to reflect the move. (The linux sandbox hook is not moved as runs in the utility at start up.) Bug: 1111421,1049894 Change-Id: Ib7c6145509731883a21d790ce1c7ce4da220c8bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339325Reviewed-by: Eric Orth <ericorth@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: James Forshaw <forshaw@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#796062}

Move NetworkPreSpawnTarget into utility sandbox delegate
Removes pre-spawn hook and export from network service and moves code into utility delegate. No functional changes. This code only runs for Windows. Various DEPS and OWNERS are also updated to reflect the move. (The linux sandbox hook is not moved as runs in the utility at start up.) Bug: 1111421,1049894 Change-Id: Ib7c6145509731883a21d790ce1c7ce4da220c8bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339325Reviewed-by: Eric Orth <ericorth@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: James Forshaw <forshaw@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#796062}
edcc5a38 · Alex Gough · Commit Bot · a2cdf3ec · edcc5a38 · edcc5a38
Commit edcc5a38 authored Aug 07, 2020 by Alex Gough Committed by Commit Bot Aug 07, 2020
6 changed files
--- a/content/browser/DEPS
+++ b/content/browser/DEPS
@@ -167,8 +167,4 @@ specific_include_rules = {
    "+services/network/cookie_manager.h",
    "+third_party/leveldatabase",
  ],
-  "utility_sandbox_delegate_win\.cc": [
-    # TODO(crbug.com/1049894): Remove.
-    "+services/network/network_sandbox_win.h",
-  ],
 }
--- a/content/browser/utility_sandbox_delegate_win.cc
+++ b/content/browser/utility_sandbox_delegate_win.cc
@@ -10,12 +10,30 @@
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "sandbox/policy/features.h"
 #include "sandbox/policy/sandbox_type.h"
+#include "sandbox/policy/win/sandbox_win.h"
 #include "sandbox/win/src/sandbox_policy.h"
 #include "sandbox/win/src/sandbox_types.h"
 #include "services/audio/audio_sandbox_win.h"
-#include "services/network/network_sandbox_win.h"

 namespace content {
+namespace {
+// Right now, this policy is essentially unsandboxed, but with default process
+// mitigations applied.
+// TODO(https://crbug.com/841001) This will be tighted up in future releases.
+bool NetworkPreSpawnTarget(sandbox::TargetPolicy* policy,
+                           const base::CommandLine& cmd_line) {
+  sandbox::ResultCode result = policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
+                                                     sandbox::USER_UNPROTECTED);
+  if (result != sandbox::ResultCode::SBOX_ALL_OK)
+    return false;
+  result = sandbox::policy::SandboxWin::SetJobLevel(
+      cmd_line, sandbox::JOB_UNPROTECTED, 0, policy);
+  if (result != sandbox::ResultCode::SBOX_ALL_OK)
+    return false;
+  return true;
+}
+}  // namespace
+
 bool UtilitySandboxedProcessLauncherDelegate::GetAppContainerId(
    std::string* appcontainer_id) {
  if (sandbox_type_ == sandbox::policy::SandboxType::kXrCompositing &&
@@ -52,7 +70,7 @@ bool UtilitySandboxedProcessLauncherDelegate::ShouldLaunchElevated() {
 bool UtilitySandboxedProcessLauncherDelegate::PreSpawnTarget(
    sandbox::TargetPolicy* policy) {
  if (sandbox_type_ == sandbox::policy::SandboxType::kNetwork)
-    return network::NetworkPreSpawnTarget(policy, cmd_line_);
+    return NetworkPreSpawnTarget(policy, cmd_line_);

  if (sandbox_type_ == sandbox::policy::SandboxType::kAudio)
    return audio::AudioPreSpawnTarget(policy);

--- a/services/network/BUILD.gn
+++ b/services/network/BUILD.gn
@@ -70,8 +70,6 @@ component("network_service") {
    "network_quality_estimator_manager.h",
    "network_sandbox_hook_linux.cc",
    "network_sandbox_hook_linux.h",
-    "network_sandbox_win.cc",
-    "network_sandbox_win.h",
    "network_service.cc",
    "network_service.h",
    "network_service_network_delegate.cc",
@@ -233,7 +231,6 @@ component("network_service") {
    "//mojo/public/cpp/system",
    "//net",
    "//net:extras",
-    "//sandbox/policy",
    "//services/network/public/cpp",
    "//services/network/public/cpp:crash_keys",
    "//services/network/public/cpp/cert_verifier:cert_verifier_creation",
@@ -260,7 +257,10 @@ component("network_service") {
  }

  if (is_linux || is_chromeos) {
-    deps += [ "//sandbox/linux:sandbox_services" ]
+    deps += [
+      "//sandbox/linux:sandbox_services",
+      "//sandbox/policy",
+    ]
  }

  if (is_android) {

--- a/services/network/OWNERS
+++ b/services/network/OWNERS
@@ -30,7 +30,6 @@ per-file *_type_converter*.*=set noparent
 per-file *_type_converter*.*=file://ipc/SECURITY_OWNERS

 per-file network_sandbox_hook_linux.*.cc=file://sandbox/OWNERS
-per-file network_sandbox_win.*=file://sandbox/win/OWNERS

 per-file network_quality*=file://net/nqe/OWNERS


--- a/services/network/network_sandbox_win.cc
+++ b/services/network/network_sandbox_win.cc
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/network/network_sandbox_win.h"
-
-#include "sandbox/policy/win/sandbox_win.h"
-#include "sandbox/win/src/sandbox_types.h"
-
-// NOTE: changes to this code need to be reviewed by the security team.
-namespace network {
-
-// Right now, this policy is essentially unsandboxed, but with default process
-// mitigations applied. This will be tighted up in future releases.
-bool NetworkPreSpawnTarget(sandbox::TargetPolicy* policy,
-                           const base::CommandLine& cmd_line) {
-  sandbox::ResultCode result = policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
-                                                     sandbox::USER_UNPROTECTED);
-  if (result != sandbox::ResultCode::SBOX_ALL_OK)
-    return false;
-  result = sandbox::policy::SandboxWin::SetJobLevel(
-      cmd_line, sandbox::JOB_UNPROTECTED, 0, policy);
-  if (result != sandbox::ResultCode::SBOX_ALL_OK)
-    return false;
-  return true;
-}
-
-}  // namespace network
--- a/services/network/network_sandbox_win.h
+++ b/services/network/network_sandbox_win.h
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_NETWORK_NETWORK_SANDBOX_WIN_H_
-#define SERVICES_NETWORK_NETWORK_SANDBOX_WIN_H_
-
-#include "base/component_export.h"
-#include "sandbox/policy/win/sandbox_win.h"
-#include "sandbox/win/src/sandbox_policy_base.h"
-
-// These sandbox-config extension functions should be called from
-// UtilitySandboxedProcessLauncherDelegate on Windows (or the appropriate
-// Delegate if SandboxType::kNetwork is removed from SandboxType::kUtility).
-//
-// NOTE: changes to this code need to be reviewed by the security team.
-
-namespace network {
-
-// PreSpawnTarget extension.
-COMPONENT_EXPORT(NETWORK_SERVICE)
-bool NetworkPreSpawnTarget(sandbox::TargetPolicy* policy,
-                           const base::CommandLine& cmd_line);
-
-}  // namespace network
-
-#endif  // SERVICES_NETWORK_NETWORK_SANDBOX_WIN_H_