Implement GetSandboxType() on all platforms and implement for all process types. This fixes a small issue where bootstrap sandbox would never be enabled on OS X. (Note: bootstrap sandbox is disabled anyway until crbug.com/501128 can be fixed.)

Move App Container SID generation to embedder so it can be different for each type of child process. Move App Container policy code to sandbox_win.cc

BUG=499523,382931

Review URL: https://codereview.chromium.org/1185333003

Cr-Commit-Position: refs/heads/master@{#335973}

21 files changed, 128 insertions, 47 deletions

diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 00edcf5..f7b8418 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -84,6 +84,7 @@
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/chrome_version_info.h"
 #include "chrome/common/env_vars.h"
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/pepper_permission_util.h"
@@ -124,6 +125,7 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/child_process_host.h"
 #include "content/public/common/content_descriptors.h"
+#include "content/public/common/sandbox_type.h"
 #include "content/public/common/service_registry.h"
 #include "content/public/common/url_utils.h"
 #include "content/public/common/web_preferences.h"
@@ -2330,6 +2332,54 @@ const wchar_t* ChromeContentBrowserClient::GetResourceDllName() {
   return chrome::kBrowserResourcesDll;
 }
 
+base::string16 ChromeContentBrowserClient::GetAppContainerSidForSandboxType(
+    int sandbox_type) const {
+  base::string16 sid;
+
+#if defined(GOOGLE_CHROME_BUILD)
+  const chrome::VersionInfo::Channel channel =
+      chrome::VersionInfo::GetChannel();
+
+  // It's possible to have a SxS installation running at the same time as a
+  // non-SxS so isolate them from each other.
+  if (channel == chrome::VersionInfo::CHANNEL_CANARY) {
+    sid.assign(
+        L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+        L"924012150-");
+  } else {
+    sid.assign(
+        L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+        L"924012149-");
+  }
+#else
+  sid.assign(
+      L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+      L"924012148-");
+#endif
+
+  // TODO(wfh): Add support for more process types here. crbug.com/499523
+  switch (sandbox_type) {
+    case content::SANDBOX_TYPE_RENDERER:
+      return sid + L"129201922";
+    case content::SANDBOX_TYPE_UTILITY:
+      return base::string16();
+    case content::SANDBOX_TYPE_GPU:
+      return base::string16();
+    case content::SANDBOX_TYPE_PPAPI:
+      return base::string16();
+#if !defined(DISABLE_NACL)
+    case PROCESS_TYPE_NACL_LOADER:
+      return base::string16();
+    case PROCESS_TYPE_NACL_BROKER:
+      return base::string16();
+#endif
+  }
+
+  // Should never reach here.
+  CHECK(0);
+  return base::string16();
+}
+
 void ChromeContentBrowserClient::PreSpawnRenderer(
     sandbox::TargetPolicy* policy,
     bool* success) {
diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h
index 274dfdb..d4dcf98 100644
--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -255,6 +255,8 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
 #if defined(OS_WIN)
   const wchar_t* GetResourceDllName() override;
   void PreSpawnRenderer(sandbox::TargetPolicy* policy, bool* success) override;
+  base::string16 GetAppContainerSidForSandboxType(
+      int sandbox_type) const override;
 #endif
   void OverrideRenderFrameMojoServices(
       content::ServiceRegistry* registry,
diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
index bbefaa0c..6736668 100644
--- a/chrome/common/chrome_content_client.cc
+++ b/chrome/common/chrome_content_client.cc
@@ -44,13 +44,12 @@
 #if defined(OS_WIN)
 #include "base/win/registry.h"
 #include "base/win/windows_version.h"
-#elif defined(OS_MACOSX)
-#include "components/nacl/common/nacl_sandbox_type_mac.h"
 #endif
 
 #if !defined(DISABLE_NACL)
 #include "components/nacl/common/nacl_constants.h"
 #include "components/nacl/common/nacl_process_type.h"
+#include "components/nacl/common/nacl_sandbox_type.h"
 #endif
 
 #if defined(ENABLE_PLUGINS)
diff --git a/components/nacl.gyp b/components/nacl.gyp
index d4f23c7..a133cda 100644
--- a/components/nacl.gyp
+++ b/components/nacl.gyp
@@ -497,7 +497,7 @@
         'nacl/common/nacl_process_type.h',
         'nacl/common/nacl_renderer_messages.cc',
         'nacl/common/nacl_renderer_messages.h',
-        'nacl/common/nacl_sandbox_type_mac.h',
+        'nacl/common/nacl_sandbox_type.h',
         'nacl/common/nacl_types.cc',
         'nacl/common/nacl_types.h',
         'nacl/common/nacl_types_param_traits.cc',
diff --git a/components/nacl/BUILD.gn b/components/nacl/BUILD.gn
index 31da13d..078a876 100644
--- a/components/nacl/BUILD.gn
+++ b/components/nacl/BUILD.gn
@@ -284,7 +284,7 @@ source_set("nacl_common") {
     "common/nacl_process_type.h",
     "common/nacl_renderer_messages.cc",
     "common/nacl_renderer_messages.h",
-    "common/nacl_sandbox_type_mac.h",
+    "common/nacl_sandbox_type.h",
     "common/nacl_types.cc",
     "common/nacl_types.h",
     "common/nacl_types_param_traits.cc",
diff --git a/components/nacl/common/nacl_sandbox_type_mac.h b/components/nacl/common/nacl_sandbox_type.h
index b1817f3..d326309 100644
--- a/components/nacl/common/nacl_sandbox_type_mac.h
+++ b/components/nacl/common/nacl_sandbox_type.h
@@ -2,10 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_MAC_H_
-#define COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_MAC_H_
+#ifndef COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_H_
+#define COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_H_
 
-#include "content/public/common/sandbox_type_mac.h"
+#include "content/public/common/sandbox_type.h"
 
 enum NaClSandboxType {
   NACL_SANDBOX_TYPE_FIRST_TYPE = content::SANDBOX_TYPE_AFTER_LAST_TYPE,
@@ -13,4 +13,4 @@ enum NaClSandboxType {
   NACL_SANDBOX_TYPE_NACL_LOADER = NACL_SANDBOX_TYPE_FIRST_TYPE,
 };
 
-#endif  // COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_MAC_H_
+#endif  // COMPONENTS_NACL_COMMON_NACL_SANDBOX_TYPE_H_
diff --git a/components/nacl/loader/nacl_main_platform_delegate_mac.mm b/components/nacl/loader/nacl_main_platform_delegate_mac.mm
index 78fa539..b34c078 100644
--- a/components/nacl/loader/nacl_main_platform_delegate_mac.mm
+++ b/components/nacl/loader/nacl_main_platform_delegate_mac.mm
@@ -7,7 +7,7 @@
 #import <Cocoa/Cocoa.h>
 #include "base/files/file_path.h"
 #include "base/logging.h"
-#include "components/nacl/common/nacl_sandbox_type_mac.h"
+#include "components/nacl/common/nacl_sandbox_type.h"
 #include "components/nacl/common/nacl_switches.h"
 #include "content/public/common/sandbox_init.h"
 
diff --git a/content/browser/bootstrap_sandbox_mac.cc b/content/browser/bootstrap_sandbox_mac.cc
index f2b4da6..e50f2f5 100644
--- a/content/browser/bootstrap_sandbox_mac.cc
+++ b/content/browser/bootstrap_sandbox_mac.cc
@@ -11,7 +11,7 @@
 #include "content/common/sandbox_init_mac.h"
 #include "content/public/browser/browser_child_process_observer.h"
 #include "content/public/browser/child_process_data.h"
-#include "content/public/common/sandbox_type_mac.h"
+#include "content/public/common/sandbox_type.h"
 #include "sandbox/mac/bootstrap_sandbox.h"
 
 namespace content {
diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc
index 5e09413..c6aec18 100644
--- a/content/browser/gpu/gpu_process_host.cc
+++ b/content/browser/gpu/gpu_process_host.cc
@@ -35,6 +35,7 @@
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/result_codes.h"
+#include "content/public/common/sandbox_type.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "gpu/command_buffer/service/gpu_switches.h"
 #include "ipc/ipc_channel_handle.h"
@@ -265,6 +266,10 @@ class GpuSandboxedProcessLauncherDelegate
   base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); }
 #endif  // OS_WIN
 
+  SandboxType GetSandboxType() override {
+    return SANDBOX_TYPE_GPU;
+  }
+
  private:
 #if defined(OS_WIN)
   base::CommandLine* cmd_line_;
diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc
index c59b70c..b58c1d6 100644
--- a/content/browser/ppapi_plugin_process_host.cc
+++ b/content/browser/ppapi_plugin_process_host.cc
@@ -21,6 +21,7 @@
 #include "content/public/common/content_switches.h"
 #include "content/public/common/pepper_plugin_info.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/sandbox_type.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_switches.h"
 #include "net/base/network_change_notifier.h"
@@ -78,6 +79,10 @@ class PpapiPluginSandboxedProcessLauncherDelegate
   base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); }
 #endif  // OS_WIN
 
+  SandboxType GetSandboxType() override {
+    return SANDBOX_TYPE_PPAPI;
+  }
+
  private:
 #if defined(OS_POSIX)
   const PepperPluginInfo& info_;
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index c0f5338..3471e3c 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -348,23 +348,11 @@ class RendererSandboxedProcessLauncherDelegate
   void PreSpawnTarget(sandbox::TargetPolicy* policy, bool* success) override {
     AddBaseHandleClosePolicy(policy);
 
-    if (base::win::GetVersion() == base::win::VERSION_WIN8 ||
-        base::win::GetVersion() == base::win::VERSION_WIN8_1) {
-      const base::CommandLine& command_line =
-          *base::CommandLine::ForCurrentProcess();
-      if (!command_line.HasSwitch(switches::kDisableAppContainer)) {
-        // TODO(shrikant): Check if these constants should be different across
-        // various versions of Chromium code base or could be same.
-        // If there should be different SID per channel then move this code
-        // in chrome rather than content and assign SID based on
-        // VersionInfo::GetChannel().
-        const wchar_t kAppContainerSid[] =
-            L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
-            L"924012148-129201922";
-
-        policy->SetLowBox(kAppContainerSid);
-      }
-    }
+    const base::string16& sid =
+        GetContentClient()->browser()->GetAppContainerSidForSandboxType(
+            GetSandboxType());
+    if (!sid.empty())
+      AddAppContainerPolicy(policy, sid.c_str());
 
     GetContentClient()->browser()->PreSpawnRenderer(policy, success);
   }
@@ -380,6 +368,10 @@ class RendererSandboxedProcessLauncherDelegate
   base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); }
 #endif  // OS_WIN
 
+  SandboxType GetSandboxType() override {
+    return SANDBOX_TYPE_RENDERER;
+  }
+
  private:
 #if defined(OS_POSIX)
   base::ScopedFD ipc_fd_;
diff --git a/content/browser/utility_process_host_impl.cc b/content/browser/utility_process_host_impl.cc
index 8b87f75..67f08a2 100644
--- a/content/browser/utility_process_host_impl.cc
+++ b/content/browser/utility_process_host_impl.cc
@@ -27,6 +27,7 @@
 #include "content/public/browser/utility_process_host_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/sandbox_type.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_switches.h"
 #include "ui/base/ui_base_switches.h"
@@ -69,6 +70,10 @@ class UtilitySandboxedProcessLauncherDelegate
   base::ScopedFD TakeIpcFd() override { return ipc_fd_.Pass(); }
 #endif  // OS_WIN
 
+  SandboxType GetSandboxType() override {
+    return SANDBOX_TYPE_UTILITY;
+  }
+
  private:
   base::FilePath exposed_dir_;
 
diff --git a/content/common/sandbox_mac.h b/content/common/sandbox_mac.h
index 557b4fb7..463d697 100644
--- a/content/common/sandbox_mac.h
+++ b/content/common/sandbox_mac.h
@@ -11,7 +11,7 @@
 #include "base/containers/hash_tables.h"
 #include "base/gtest_prod_util.h"
 #include "content/common/content_export.h"
-#include "content/public/common/sandbox_type_mac.h"
+#include "content/public/common/sandbox_type.h"
 
 namespace base {
 class FilePath;
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 8f76710..6db4759 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -575,6 +575,17 @@ void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
   policy->AddKernelObjectToClose(L"Section", object_path.data());
 }
 
+void AddAppContainerPolicy(sandbox::TargetPolicy* policy, const wchar_t* sid) {
+  if (base::win::GetVersion() == base::win::VERSION_WIN8 ||
+      base::win::GetVersion() == base::win::VERSION_WIN8_1) {
+    const base::CommandLine& command_line =
+        *base::CommandLine::ForCurrentProcess();
+    if (!command_line.HasSwitch(switches::kDisableAppContainer)) {
+      policy->SetLowBox(sid);
+    }
+  }
+}
+
 bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
   // TODO(abarth): DCHECK(CalledOnValidThread());
   //               See <http://b/1287166>.
diff --git a/content/common/sandbox_win.h b/content/common/sandbox_win.h
index 7fe52a8..338e1c4 100644
--- a/content/common/sandbox_win.h
+++ b/content/common/sandbox_win.h
@@ -30,6 +30,9 @@ void SetJobLevel(const base::CommandLine& cmd_line,
 // Closes handles that are opened at process creation and initialization.
 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy);
 
+// Add AppContainer policy for |sid| on supported OS.
+void AddAppContainerPolicy(sandbox::TargetPolicy* policy, const wchar_t* sid);
+
 bool InitBrokerServices(sandbox::BrokerServices* broker_services);
 
 bool InitTargetServices(sandbox::TargetServices* target_services);
diff --git a/content/content_common.gypi b/content/content_common.gypi
index 3bf73a4..0b68f30 100644
--- a/content/content_common.gypi
+++ b/content/content_common.gypi
@@ -123,7 +123,7 @@
       'public/common/result_codes.h',
       'public/common/sandbox_init.h',
       'public/common/sandbox_linux.h',
-      'public/common/sandbox_type_mac.h',
+      'public/common/sandbox_type.h',
       'public/common/sandboxed_process_launcher_delegate.cc',
       'public/common/sandboxed_process_launcher_delegate.h',
       'public/common/security_style.h',
diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
index 0e07ec7..aaa9bc0 100644
--- a/content/public/browser/content_browser_client.cc
+++ b/content/public/browser/content_browser_client.cc
@@ -6,6 +6,7 @@
 
 #include "base/files/file_path.h"
 #include "content/public/browser/client_certificate_delegate.h"
+#include "content/public/common/sandbox_type.h"
 #include "ui/gfx/image/image_skia.h"
 #include "url/gurl.h"
 
@@ -335,6 +336,16 @@ void ContentBrowserClient::OpenURL(
 const wchar_t* ContentBrowserClient::GetResourceDllName() {
   return nullptr;
 }
+
+base::string16 ContentBrowserClient::GetAppContainerSidForSandboxType(
+    int sandbox_type) const {
+  // Embedders should override this method and return different SIDs for each
+  // sandbox type. Note: All content level tests will run child processes in the
+  // same AppContainer.
+  return base::string16(
+      L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+      L"924012148-129201922");
+}
 #endif
 
 #if defined(VIDEO_HOLE)
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 9d7e7a9..d588a33 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -640,6 +640,12 @@ class CONTENT_EXPORT ContentBrowserClient {
   // policy.
   virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
                                 bool* success) {}
+
+  // Returns the AppContainer SID for the specified sandboxed process type, or
+  // empty string if this sandboxed process type does not support living inside
+  // an AppContainer.
+  virtual base::string16 GetAppContainerSidForSandboxType(
+      int sandbox_type) const;
 #endif
 
 #if defined(VIDEO_HOLE)
diff --git a/content/public/common/sandbox_type_mac.h b/content/public/common/sandbox_type.h
index 6f8a6f0e..ef610fb 100644
--- a/content/public/common/sandbox_type_mac.h
+++ b/content/public/common/sandbox_type.h
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
-#define CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
+#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_H_
+#define CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_H_
 
 namespace content {
 
-// Defines the Mac sandbox types known within content. Embedders can add
-// additional sandbox types with IDs starting with SANDBOX_TYPE_AFTER_LAST_TYPE.
+// Defines the sandbox types known within content. Embedders can add additional
+// sandbox types with IDs starting with SANDBOX_TYPE_AFTER_LAST_TYPE.
 
 enum SandboxType {
   // Not a valid sandbox type.
@@ -33,4 +33,4 @@ enum SandboxType {
 
 }  // namespace content
 
-#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_MAC_H_
+#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_TYPE_H_
diff --git a/content/public/common/sandboxed_process_launcher_delegate.cc b/content/public/common/sandboxed_process_launcher_delegate.cc
index b961c3e..22f8928 100644
--- a/content/public/common/sandboxed_process_launcher_delegate.cc
+++ b/content/public/common/sandboxed_process_launcher_delegate.cc
@@ -23,12 +23,10 @@ bool SandboxedProcessLauncherDelegate::ShouldUseZygote() {
 base::EnvironmentMap SandboxedProcessLauncherDelegate::GetEnvironment() {
   return base::EnvironmentMap();
 }
+#endif
 
-#if defined(OS_MACOSX)
 SandboxType SandboxedProcessLauncherDelegate::GetSandboxType() {
   return SANDBOX_TYPE_INVALID;
 }
-#endif
 
-#endif
 }  // namespace content
diff --git a/content/public/common/sandboxed_process_launcher_delegate.h b/content/public/common/sandboxed_process_launcher_delegate.h
index 134fc0f..05acf5a 100644
--- a/content/public/common/sandboxed_process_launcher_delegate.h
+++ b/content/public/common/sandboxed_process_launcher_delegate.h
@@ -9,10 +9,7 @@
 #include "base/files/scoped_file.h"
 #include "base/process/process.h"
 #include "content/common/content_export.h"
-
-#if defined(OS_MACOSX)
-#include "content/public/common/sandbox_type_mac.h"
-#endif
+#include "content/public/common/sandbox_type.h"
 
 namespace base {
 class FilePath;
@@ -65,14 +62,11 @@ class CONTENT_EXPORT SandboxedProcessLauncherDelegate {
 
   // Return the file descriptor for the IPC channel.
   virtual base::ScopedFD TakeIpcFd() = 0;
-
-#if defined(OS_MACOSX)
-  // Gets the Mac SandboxType to enforce on the process. Return
-  // SANDBOX_TYPE_INVALID for no sandbox policy.
-  virtual SandboxType GetSandboxType();
 #endif
 
-#endif
+  // Returns the SandboxType to enforce on the process, or SANDBOX_TYPE_INVALID
+  // for no sandbox policy.
+  virtual SandboxType GetSandboxType();
 };
 
 }  // namespace content