Move sandbox code in content to content namespace.

content/common/sandbox_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_policy.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 590 matching lines @@
     // Callers use CHECK macro to make sure we get the right stack.
     CheckDuplicateHandle(handle);
   }
 
   return TRUE;
 }
 #endif
 
 }  // namespace
 
-namespace sandbox {
+namespace content {
 
 bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
   // TODO(abarth): DCHECK(CalledOnValidThread());
   //               See <http://b/1287166>.
   DCHECK(broker_services);
   DCHECK(!g_broker_services);
   sandbox::ResultCode result = broker_services->Init();
   g_broker_services = broker_services;
 
 // In non-official builds warn about dangerous uses of DuplicateHandle.
@@ skipping 12 matching lines @@
     if (result && (result != MAX_PATH)) {
       ResolveNTFunctionPtr("NtQueryObject", &g_QueryObject);
       g_iat_orig_duplicate_handle = ::DuplicateHandle;
       g_iat_patch_duplicate_handle.Patch(
           module_name, "kernel32.dll", "DuplicateHandle",
           DuplicateHandlePatch);
     }
   }
 #endif
 
-  return SBOX_ALL_OK == result;
+  return sandbox::SBOX_ALL_OK == result;
 }
 
 bool InitTargetServices(sandbox::TargetServices* target_services) {
   DCHECK(target_services);
   DCHECK(!g_target_services);
   sandbox::ResultCode result = target_services->Init();
   g_target_services = target_services;
-  return SBOX_ALL_OK == result;
+  return sandbox::SBOX_ALL_OK == result;
 }
 
 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
                                            const FilePath& exposed_dir) {
   const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
-  content::ProcessType type;
+  ProcessType type;
   std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType);
   if (type_str == switches::kRendererProcess) {
-    type = content::PROCESS_TYPE_RENDERER;
+    type = PROCESS_TYPE_RENDERER;
   } else if (type_str == switches::kPluginProcess) {
-    type = content::PROCESS_TYPE_PLUGIN;
+    type = PROCESS_TYPE_PLUGIN;
   } else if (type_str == switches::kWorkerProcess) {
-    type = content::PROCESS_TYPE_WORKER;
+    type = PROCESS_TYPE_WORKER;
   } else if (type_str == switches::kNaClLoaderProcess) {
-    type = content::PROCESS_TYPE_NACL_LOADER;
+    type = PROCESS_TYPE_NACL_LOADER;
   } else if (type_str == switches::kUtilityProcess) {
-    type = content::PROCESS_TYPE_UTILITY;
+    type = PROCESS_TYPE_UTILITY;
   } else if (type_str == switches::kNaClBrokerProcess) {
-    type = content::PROCESS_TYPE_NACL_BROKER;
+    type = PROCESS_TYPE_NACL_BROKER;
   } else if (type_str == switches::kGpuProcess) {
-    type = content::PROCESS_TYPE_GPU;
+    type = PROCESS_TYPE_GPU;
   } else if (type_str == switches::kPpapiPluginProcess) {
-    type = content::PROCESS_TYPE_PPAPI_PLUGIN;
+    type = PROCESS_TYPE_PPAPI_PLUGIN;
   } else if (type_str == switches::kPpapiBrokerProcess) {
-    type = content::PROCESS_TYPE_PPAPI_BROKER;
+    type = PROCESS_TYPE_PPAPI_BROKER;
   } else {
     NOTREACHED();
     return 0;
   }
 
   TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess", 0, type_str);
 
   // To decide if the process is going to be sandboxed we have two cases.
   // First case: all process types except the nacl broker, and the plugin
   // process are sandboxed by default.
   bool in_sandbox =
-      (type != content::PROCESS_TYPE_NACL_BROKER) &&
-      (type != content::PROCESS_TYPE_PLUGIN) &&
-      (type != content::PROCESS_TYPE_PPAPI_BROKER);
+      (type != PROCESS_TYPE_NACL_BROKER) &&
+      (type != PROCESS_TYPE_PLUGIN) &&
+      (type != PROCESS_TYPE_PPAPI_BROKER);
 
   // If it is the GPU process then it can be disabled by a command line flag.
-  if ((type == content::PROCESS_TYPE_GPU) &&
+  if ((type == PROCESS_TYPE_GPU) &&
       (cmd_line->HasSwitch(switches::kDisableGpuSandbox))) {
     in_sandbox = false;
     DVLOG(1) << "GPU sandbox is disabled";
   }
 
   if (browser_command_line.HasSwitch(switches::kNoSandbox) ||
       cmd_line->HasSwitch(switches::kNoSandbox)) {
     // The user or the caller has explicity opted-out from all sandboxing.
     in_sandbox = false;
   }
@@ skipping 36 matching lines @@
     base::ProcessHandle process = 0;
     base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process);
     g_broker_services->AddTargetPeer(process);
     return process;
   }
 
   base::win::ScopedProcessInformation target;
   sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
 
   // TODO(jschuh): Make NaCl work with DEP and SEHOP. crbug.com/147752
-  sandbox::MitigationFlags mitigations = MITIGATION_HEAP_TERMINATE |
-                                         MITIGATION_BOTTOM_UP_ASLR |
-                                         MITIGATION_HIGH_ENTROPY_ASLR;
+  sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE |
+                                         sandbox::MITIGATION_BOTTOM_UP_ASLR |
+                                         sandbox::MITIGATION_HIGH_ENTROPY_ASLR;
 #if !defined(NACL_WIN64)
-  mitigations |= MITIGATION_DEP |
-                 MITIGATION_DEP_NO_ATL_THUNK |
-                 MITIGATION_SEHOP;
+  mitigations |= sandbox::MITIGATION_DEP |
+                 sandbox::MITIGATION_DEP_NO_ATL_THUNK |
+                 sandbox::MITIGATION_SEHOP;
 #if defined(NDEBUG)
-  mitigations |= MITIGATION_RELOCATE_IMAGE |
-                 MITIGATION_RELOCATE_IMAGE_REQUIRED;
+  mitigations |= sandbox::MITIGATION_RELOCATE_IMAGE |
+                 sandbox::MITIGATION_RELOCATE_IMAGE_REQUIRED;
 #endif
 #endif
 
   if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
-  mitigations = MITIGATION_STRICT_HANDLE_CHECKS |
-                MITIGATION_DLL_SEARCH_ORDER;
+  mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
+                sandbox::MITIGATION_DLL_SEARCH_ORDER;
 #if defined(NACL_WIN64)
-  mitigations |= MITIGATION_DEP |
-                 MITIGATION_DEP_NO_ATL_THUNK;
+  mitigations |= sandbox::MITIGATION_DEP |
+                 sandbox::MITIGATION_DEP_NO_ATL_THUNK;
 #endif
 
   if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
-  SetJobLevel(*cmd_line, JOB_LOCKDOWN, 0, policy);
+  SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy);
 
-  if (type == content::PROCESS_TYPE_GPU) {
+  if (type == PROCESS_TYPE_GPU) {
     if (!AddPolicyForGPU(cmd_line, policy))
       return 0;
   } else {
     if (!AddPolicyForRenderer(policy))
       return 0;
     // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
     // Just have to figure out what needs to be warmed up first.
-    if (type == content::PROCESS_TYPE_RENDERER ||
-        type == content::PROCESS_TYPE_WORKER) {
+    if (type == PROCESS_TYPE_RENDERER ||
+        type == PROCESS_TYPE_WORKER) {
       AddBaseHandleClosePolicy(policy);
     }
 
     // Pepper uses the renderer's policy, whith some tweaks.
     if (cmd_line->HasSwitch(switches::kGuestRenderer) ||
-        type == content::PROCESS_TYPE_PPAPI_PLUGIN) {
+        type == PROCESS_TYPE_PPAPI_PLUGIN) {
       if (!AddPolicyForPepperPlugin(policy))
         return 0;
     }
 
 
     if (type_str != switches::kRendererProcess) {
       // Hack for Google Desktop crash. Trick GD into not injecting its DLL into
       // this subprocess. See
       // http://code.google.com/p/chromium/issues/detail?id=25580
       cmd_line->AppendSwitchASCII("ignored", " --type=renderer ");
@@ skipping 36 matching lines @@
     return 0;
   }
 
 #if !defined(NACL_WIN64)
   // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of
   // address space to prevent later failure due to address space fragmentation
   // from .dll loading. The NaCl process will attempt to locate this space by
   // scanning the address space using VirtualQuery.
   // TODO(bbudge) Handle the --no-sandbox case.
   // http://code.google.com/p/nativeclient/issues/detail?id=2131
-  if (type == content::PROCESS_TYPE_NACL_LOADER) {
+  if (type == PROCESS_TYPE_NACL_LOADER) {
     const SIZE_T kOneGigabyte = 1 << 30;
     void* nacl_mem = VirtualAllocEx(target.process_handle(),
                                     NULL,
                                     kOneGigabyte,
                                     MEM_RESERVE,
                                     PAGE_NOACCESS);
     if (!nacl_mem) {
       DLOG(WARNING) << "Failed to reserve address space for Native Client";
     }
   }
 #endif  // !defined(NACL_WIN64)
 
   ResumeThread(target.thread_handle());
 
   // Help the process a little. It can't start the debugger by itself if
   // the process is in a sandbox.
   if (child_needs_help)
     base::debug::SpawnDebuggerOnProcess(target.process_id());
 
   return target.TakeProcessHandle();
 }
 
-}  // namespace sandbox
-
-namespace content {
-
 bool BrokerDuplicateHandle(HANDLE source_handle,
                            DWORD target_process_id,
                            HANDLE* target_handle,
                            DWORD desired_access,
                            DWORD options) {
   // If our process is the target just duplicate the handle.
   if (::GetCurrentProcessId() == target_process_id) {
     return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
                                ::GetCurrentProcess(), target_handle,
                                desired_access, FALSE, options);
@@ skipping 18 matching lines @@
                                 desired_access, FALSE, options);
   }
 
   return false;
 }
 
 bool BrokerAddTargetPeer(HANDLE peer_process) {
   return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
 }
 
-base::ProcessHandle StartProcessWithAccess(
-    CommandLine* cmd_line,
-    const FilePath& exposed_dir) {
-  return sandbox::StartProcessWithAccess(cmd_line, exposed_dir);
-}
-
 }  // namespace content