cleanup sandbox/

sandbox/mac/sandbox_logging.cc

@@ -5,6 +5,7 @@
 #include "sandbox/mac/sandbox_logging.h"
 
 #include <errno.h>
+#include <os/log.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
@@ -16,18 +17,6 @@
 
 #include "build/build_config.h"
 
-#include <AvailabilityMacros.h>
-#if !defined(MAC_OS_X_VERSION_10_12) || \
-    MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
-#define USE_ASL
-#endif
-
-#if defined(USE_ASL)
-#include <asl.h>
-#else
-#include <os/log.h>
-#endif
-
 #if defined(ARCH_CPU_X86_64)
 #define ABORT()                                                                \
   {                                                                            \
@@ -53,77 +42,6 @@ namespace {
 
 enum class Level { FATAL, ERR, WARN, INFO };
 
-#if defined(USE_ASL)
-
-void SendAslLog(Level level, const char* message) {
-  class ASLClient {
-   public:
-    explicit ASLClient()
-        : client_(asl_open(nullptr,
-                           "com.apple.console",
-                           ASL_OPT_STDERR | ASL_OPT_NO_DELAY)) {}
-    ~ASLClient() { asl_close(client_); }
-
-    aslclient get() const { return client_; }
-
-    ASLClient(const ASLClient&) = delete;
-    ASLClient& operator=(const ASLClient&) = delete;
-
-   private:
-    aslclient client_;
-  } asl_client;
-
-  class ASLMessage {
-   public:
-    ASLMessage() : message_(asl_new(ASL_TYPE_MSG)) {}
-    ~ASLMessage() { asl_free(message_); }
-
-    aslmsg get() const { return message_; }
-
-    ASLMessage(const ASLMessage&) = delete;
-    ASLMessage& operator=(const ASLMessage&) = delete;
-
-   private:
-    aslmsg message_;
-  } asl_message;
-
-  // By default, messages are only readable by the admin group. Explicitly
-  // make them readable by the user generating the messages.
-  char euid_string[12];
-  snprintf(euid_string, sizeof(euid_string) / sizeof(euid_string[0]), "%d",
-           geteuid());
-  asl_set(asl_message.get(), ASL_KEY_READ_UID, euid_string);
-
-  std::string asl_level_string;
-  switch (level) {
-    case Level::FATAL:
-      asl_level_string = ASL_STRING_CRIT;
-      break;
-    case Level::ERR:
-      asl_level_string = ASL_STRING_ERR;
-      break;
-    case Level::WARN:
-      asl_level_string = ASL_STRING_WARNING;
-      break;
-    case Level::INFO:
-    default:
-      asl_level_string = ASL_STRING_INFO;
-      break;
-  }
-
-  asl_set(asl_message.get(), ASL_KEY_LEVEL, asl_level_string.c_str());
-  asl_set(asl_message.get(), ASL_KEY_MSG, message);
-  asl_send(asl_client.get(), asl_message.get());
-
-  if (__builtin_available(macOS 10.11, *)) {
-    if (level == Level::FATAL) {
-      abort_report_np(message);
-    }
-  }
-}
-
-#else
-
 void SendOsLog(Level level, const char* message) {
   const class OSLog {
    public:
@@ -158,8 +76,6 @@ void SendOsLog(Level level, const char* message) {
   }
 }
 
-#endif  // defined(USE_ASL)
-
 // |error| is strerror(errno) when a P* logging function is called. Pass
 // |nullptr| if no errno is set.
 void DoLogging(Level level,
@@ -170,11 +86,7 @@ void DoLogging(Level level,
   int ret = vsnprintf(message, sizeof(message), fmt, args);
 
   if (ret < 0) {
-#if defined(USE_ASL)
-    SendAslLog(level, "warning: log message could not be formatted");
-#else
     SendOsLog(level, "warning: log message could not be formatted");
-#endif  // defined(USE_ASL)
     return;
   }
 
@@ -185,18 +97,10 @@ void DoLogging(Level level,
   if (error)
     final_message += ": " + *error;
 
-#if defined(USE_ASL)
-  SendAslLog(level, final_message.c_str());
-#else
   SendOsLog(level, final_message.c_str());
-#endif  // defined(USE_ASL)
 
   if (truncated) {
-#if defined(USE_ASL)
-    SendAslLog(level, "warning: previous log message truncated");
-#else
     SendOsLog(level, "warning: previous log message truncated");
-#endif  // defined(USE_ASL)
   }
 }
 

sandbox/mac/seatbelt_exec.cc

@@ -171,20 +171,7 @@ SeatbeltExecServer::CreateFromArguments(const char* executable_path,
     return result;
   }
 
-  char full_exec_path[PATH_MAX];
-  if (realpath(executable_path, full_exec_path) == NULL) {
-    logging::PError("realpath");
-    return result;
-  }
-
-  auto server = std::make_unique<SeatbeltExecServer>(seatbelt_client_fd);
-  // These parameters are provided for every profile to use.
-  if (!server->SetParameter("EXECUTABLE_PATH", full_exec_path)) {
-    logging::Error("Failed to set up parameters for sandbox.");
-    return result;
-  }
-
-  result.server = std::move(server);
+  result.server.reset(new SeatbeltExecServer(seatbelt_client_fd));
   return result;
 }
 

sandbox/mac/seatbelt_unittest.cc

@@ -4,10 +4,14 @@
 
 #include "sandbox/mac/seatbelt.h"
 
+#include <errno.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <sys/sysctl.h>
 #include <unistd.h>
 
+#include <iterator>
+
 #include "base/files/file.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/mac/mac_util.h"
@@ -108,4 +112,42 @@ TEST_F(SeatbeltTest, Ftruncate) {
   }
 }
 
+MULTIPROCESS_TEST_MAIN(ProcessSelfInfo) {
+  const char* profile = R"(
+    (version 1)
+    (deny default (with no-log))
+    ; `process-info` is default-allowed.
+    (deny process-info*)
+    (allow process-info-pidinfo (target self))
+    (deny sysctl-read)
+  )";
+
+  std::string error;
+  CHECK(Seatbelt::Init(profile, 0, &error)) << error;
+
+  int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()};
+  kinfo_proc proc;
+  size_t size = sizeof(proc);
+
+  int rv = sysctl(mib, std::size(mib), &proc, &size, nullptr, 0);
+  PCHECK(rv == 0);
+
+  mib[std::size(mib) - 1] = getppid();
+  errno = 0;
+  rv = sysctl(mib, std::size(mib), &proc, &size, nullptr, 0);
+  PCHECK(rv == -1);
+  PCHECK(errno == EPERM);
+
+  return 0;
+}
+
+TEST_F(SeatbeltTest, ProcessSelfInfo) {
+  base::Process process = SpawnChild("ProcessSelfInfo");
+  ASSERT_TRUE(process.IsValid());
+  int exit_code = 42;
+  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
+                                             &exit_code));
+  EXPECT_EQ(exit_code, 0);
+}
+
 }  // namespace sandbox

sandbox/policy/BUILD.gn

@@ -132,7 +132,6 @@ component("policy") {
       "CoreGraphics.framework",
       "Foundation.framework",
       "IOSurface.framework",
-      "ImageIO.framework",
     ]
   }
   if (is_win) {

sandbox/policy/mac/common.sb

@@ -95,7 +95,7 @@
 
 ; Allow logging for all processes.
 (if (not (defined? 'vnode-type))
-  (allow file-write* (path (param log-file-path)))  
+  (allow file-write* (path (param log-file-path)))
 ;else
   (allow file-write*
     (require-all
@@ -179,7 +179,7 @@
 
 ; Access to /dev.
 (if (not (defined? 'vnode-type))
-  (allow file-ioctl file-ioctl file-read-data file-write-data (path "/dev/dtracehelper"))  
+  (allow file-ioctl file-ioctl file-read-data file-write-data (path "/dev/dtracehelper"))
 ;else
   (allow file-ioctl file-read-data file-write-data
     (require-all

sandbox/policy/mac/renderer.sb

@@ -40,7 +40,7 @@
 (allow-cvms-blobs)
 
 (if (not (defined? 'vnode-type))
-  (allow file-write-data (path "/dev/null"))  
+  (allow file-write-data (path "/dev/null"))
 ;else
   (allow file-write-data
     (require-all

sandbox/policy/mac/sandbox_mac.h

@@ -35,23 +35,6 @@ SANDBOX_POLICY_EXPORT base::FilePath GetCanonicalPath(
 SANDBOX_POLICY_EXPORT std::string GetSandboxProfile(
     sandbox::mojom::Sandbox sandbox_type);
 
-class SANDBOX_POLICY_EXPORT SandboxMac {
- public:
-  SandboxMac() = delete;
-  // Warm up System APIs that empirically need to be accessed before the
-  // sandbox is turned on. |sandbox_type| is the type of sandbox to warm up.
-  // Valid |sandbox_type| values are defined by the enum SandboxType, or can be
-  // defined by the embedder via
-  // ContentClient::GetSandboxProfileForProcessType().
-  static void Warmup(sandbox::mojom::Sandbox sandbox_type);
-
-  // Turns on the OS X sandbox for this process.
-  // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal
-  // values.
-  //
-  // Returns true on success, false if an error occurred enabling the sandbox.
-  static bool Enable(sandbox::mojom::Sandbox sandbox_type);
-};
 // Returns true if the compiled policy for the sandbox `sandbox_type` can be
 // cached and reused across multiple processes. Some sandbox policies bind
 // parameters that prevent the policy from being reused.

sandbox/policy/mac/sandbox_mac.mm

@@ -4,41 +4,13 @@
 
 #include "sandbox/policy/mac/sandbox_mac.h"
 
-#import <Cocoa/Cocoa.h>
-#include <stddef.h>
-#include <stdint.h>
-
-#include <CoreFoundation/CFTimeZone.h>
-#include <signal.h>
 #include <fcntl.h>
 #include <sys/param.h>
 
-#include <algorithm>
-#include <iterator>
-#include <map>
 #include <string>
 
-#include "base/command_line.h"
-#include "base/compiler_specific.h"
-#include "base/files/file_util.h"
 #include "base/feature_list.h"
 #include "base/files/scoped_file.h"
-#include "base/mac/bundle_locations.h"
-#include "base/mac/foundation_util.h"
-#include "base/mac/mac_util.h"
-#include "base/mac/mach_port_rendezvous.h"
-#include "base/mac/scoped_cftyperef.h"
-#include "base/mac/scoped_nsobject.h"
-#include "base/rand_util.h"
-#include "base/stl_util.h"
-#include "base/strings/string_piece.h"
-#include "base/strings/string_split.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "base/strings/sys_string_conversions.h"
-#include "base/strings/utf_string_conversions.h"
-#include "base/system/sys_info.h"
-#include "sandbox/mac/sandbox_compiler.h"
 #include "base/logging.h"
 #include "base/posix/eintr_wrapper.h"
 #include "components/services/screen_ai/buildflags/buildflags.h"
@@ -61,57 +33,11 @@
 #endif
 #include "sandbox/policy/mac/speech_recognition.sb.h"
 #include "sandbox/policy/mac/utility.sb.h"
-#include "sandbox/policy/sandbox_type.h"
-#include "sandbox/policy/switches.h"
 #include "sandbox/policy/mojom/sandbox.mojom.h"
 
 namespace sandbox {
 namespace policy {
 
-// Load the appropriate template for the given sandbox type.
-// Returns the template as a string or an empty string on error.
-std::string LoadSandboxTemplate(sandbox::mojom::Sandbox sandbox_type) {
-  DCHECK_EQ(sandbox_type, sandbox::mojom::Sandbox::kGpu);
-  return kSeatbeltPolicyString_gpu;
-}
-
-// Turns on the OS X sandbox for this process.
-
-// static
-bool SandboxMac::Enable(sandbox::mojom::Sandbox sandbox_type) {
-  DCHECK_EQ(sandbox_type, sandbox::mojom::Sandbox::kGpu);
-
-  std::string sandbox_data = LoadSandboxTemplate(sandbox_type);
-  if (sandbox_data.empty())
-    return false;
-
-  SandboxCompiler compiler(sandbox_data);
-
-  // Enable verbose logging if enabled on the command line. (See common.sb
-  // for details).
-  const base::CommandLine* command_line =
-      base::CommandLine::ForCurrentProcess();
-  bool enable_logging =
-      command_line->HasSwitch(switches::kEnableSandboxLogging);
-
-  // Splice the path of the user's home directory into the sandbox profile
-  // (see renderer.sb for details).
-  std::string home_dir = [NSHomeDirectory() fileSystemRepresentation];
-  base::FilePath home_dir_canonical =
-      GetCanonicalPath(base::FilePath(home_dir));
-
-  if (sandbox_type == sandbox::mojom::Sandbox::kGpu) {
-    base::FilePath bundle_path =
-        GetCanonicalPath(base::mac::FrameworkBundlePath());
-  }
-
-  // Initialize sandbox.
-  std::string error_str;
-  bool success = compiler.CompileAndApplyProfile(&error_str);
-  DLOG_IF(FATAL, !success) << "Failed to initialize sandbox: " << error_str;
-  return success;
-}
-
 base::FilePath GetCanonicalPath(const base::FilePath& path) {
   base::ScopedFD fd(HANDLE_EINTR(open(path.value().c_str(), O_RDONLY)));
   if (!fd.is_valid()) {