commit bc964dd7faf91579a0db54d7610a0fb308d553ae
author Alex Gough <ajgo@chromium.org> Mon Jun 15 17:52:37 2020
committer Commit Bot <commit-bot@chromium.org> Mon Jun 15 17:52:37 2020
tree bf9893bae5ffe62dc4cf4d98a095ce905f825675
parent 98a7b277bec9f4c408eb90c8d913087ff4059e4f

Removes WithSandboxType from service process host options.

All services now receive custom sandboxes from a service_sandbox_type.h
specialization of GetServiceSandboxType, or use kUtility, so this
API can be removed.

The presubmit check for WithSandboxType has been modified to spot
new or changed instances of GetServiceSandboxType.

Bug: 1065087
Change-Id: I7199fe160292afa5d1b5e35dd7dd4bee5fb82e1c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2219392
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#778366}

PRESUBMIT_test.py

diff --git a/PRESUBMIT_test.py b/PRESUBMIT_test.py
index 9124a14..1f49327 100755
--- a/PRESUBMIT_test.py
+++ b/PRESUBMIT_test.py
@@ -2161,17 +2161,21 @@
     input_api.canned_checks.GetCodereviewOwnerAndReviewers = \
         __MockOwnerAndReviewers
 
-  def testDiffWithSandboxType(self):
+  def testDiffGetServiceSandboxType(self):
     mock_input_api = MockInputApi()
     mock_input_api.files = [
         MockAffectedFile(
           'services/goat/teleporter_host.cc',
           [
-            'content::ServiceProcessHost::Launch<mojom::GoatTeleporter>(',
-            '    content::ServiceProcessHost::LaunchOptions()',
-            '        .WithSandboxType(content::SandboxType::kGoaty)',
-            '        .WithDisplayName("goat_teleporter")',
-            '        .Build())'
+            'template <>',
+            'inline content::SandboxType',
+            'content::GetServiceSandboxType<chrome::mojom::GoatTeleporter>() {',
+            '#if defined(OS_WIN)',
+            '  return SandboxType::kGoaty;',
+            '#else',
+            '  return SandboxType::kNoSandbox;',
+            '#endif  // !defined(OS_WIN)',
+            '}'
           ]
         ),
     ]
@@ -2179,7 +2183,7 @@
         mock_input_api)
     self.assertEqual({
         'services/goat/teleporter_host.cc': set([
-            'content::ServiceProcessHost::LaunchOptions::WithSandboxType'
+            'content::GetServiceSandboxType<>()'
         ])},
         files_to_functions)
 
@@ -2189,18 +2193,18 @@
     mock_file._scm_diff = """--- old 2020-05-04 14:08:25.000000000 -0400
 +++ new 2020-05-04 14:08:32.000000000 -0400
 @@ -1,5 +1,4 @@
- content::ServiceProcessHost::Launch<mojom::GoatTeleporter>(
-     content::ServiceProcessHost::LaunchOptions()
--        .WithSandboxType(content::SandboxType::kGoaty)
-         .WithDisplayName("goat_teleporter")
-         .Build())
+ template <>
+ inline content::SandboxType
+-content::GetServiceSandboxType<chrome::mojom::GoatTeleporter>() {
+ #if defined(OS_WIN)
+   return SandboxType::kGoaty;
 """
     mock_input_api.files = [mock_file]
     files_to_functions = PRESUBMIT._GetFilesUsingSecurityCriticalFunctions(
         mock_input_api)
     self.assertEqual({
         'services/goat/teleporter_host.cc': set([
-            'content::ServiceProcessHost::LaunchOptions::WithSandboxType'
+            'content::GetServiceSandboxType<>()'
         ])},
         files_to_functions)
 
@@ -2209,7 +2213,7 @@
     mock_input_api.owners_db = self._MockOwnersDB()
     mock_input_api.is_committing = False
     mock_input_api.files = [
-        MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)'])
+        MockAffectedFile('file.cc', ['GetServiceSandboxType<Goat>(Sandbox)'])
     ]
     mock_output_api = MockOutputApi()
     self._mockChangeOwnerAndReviewers(
@@ -2221,14 +2225,14 @@
         'The following files change calls to security-sensive functions\n' \
         'that need to be reviewed by ipc/SECURITY_OWNERS.\n'
         '  file.cc\n'
-        '    content::ServiceProcessHost::LaunchOptions::WithSandboxType\n\n')
+        '    content::GetServiceSandboxType<>()\n\n')
 
   def testChangeOwnersMissingAtCommit(self):
     mock_input_api = MockInputApi()
     mock_input_api.owners_db = self._MockOwnersDB()
     mock_input_api.is_committing = True
     mock_input_api.files = [
-        MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)'])
+        MockAffectedFile('file.cc', ['GetServiceSandboxType<mojom::Goat>()'])
     ]
     mock_output_api = MockOutputApi()
     self._mockChangeOwnerAndReviewers(
@@ -2240,7 +2244,7 @@
         'The following files change calls to security-sensive functions\n' \
         'that need to be reviewed by ipc/SECURITY_OWNERS.\n'
         '  file.cc\n'
-        '    content::ServiceProcessHost::LaunchOptions::WithSandboxType\n\n')
+        '    content::GetServiceSandboxType<>()\n\n')
 
   def testChangeOwnersPresent(self):
     mock_input_api = MockInputApi()
@@ -2259,7 +2263,7 @@
     mock_input_api = MockInputApi()
     mock_input_api.owners_db = self._MockOwnersDB()
     mock_input_api.files = [
-        MockAffectedFile('file.cc', ['WithSandboxType(Sandbox)'])
+        MockAffectedFile('file.cc', ['GetServiceSandboxType<T>(Sandbox)'])
     ]
     mock_output_api = MockOutputApi()
     self._mockChangeOwnerAndReviewers(