Remove deprecated sandbox::SandboxCompiler constructor

Also tidy up test invocations. Bug: 1315988 Change-Id: I05c09411bb711d30ce78d49c9fbcc5e0a4105708 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4083665 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/main@{#1079985}
qweri0p · Dec 6, 2022 · 874d19f · 874d19f
1 parent 6826c31
commit 874d19f
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 57 deletions.
diff --git a/content/renderer/sandbox_mac_v2_unittest.mm b/content/renderer/sandbox_mac_v2_unittest.mm
@@ -90,7 +90,8 @@ void SetParametersForTest(sandbox::SandboxCompiler* compiler,
   const std::string profile =
       std::string(sandbox::policy::kSeatbeltPolicyString_common) +
       sandbox::policy::kSeatbeltPolicyString_renderer;
-  sandbox::SandboxCompiler compiler(profile);
+  sandbox::SandboxCompiler compiler;
+  compiler.SetProfile(profile);
 
   // Create the logging file and pass /bin/ls as the executable path.
   base::ScopedTempDir temp_dir;

diff --git a/sandbox/mac/sandbox_compiler.cc b/sandbox/mac/sandbox_compiler.cc
@@ -19,11 +19,6 @@ SandboxCompiler::SandboxCompiler(Target mode) : mode_(mode) {
   }
 }
 
-SandboxCompiler::SandboxCompiler(const std::string& profile_str)
-    : SandboxCompiler(Target::kImmediate) {
-  SetProfile(profile_str);
-}
-
 SandboxCompiler::~SandboxCompiler() {}
 
 void SandboxCompiler::SetProfile(const std::string& policy) {

diff --git a/sandbox/mac/sandbox_compiler.h b/sandbox/mac/sandbox_compiler.h
@@ -26,10 +26,6 @@ class SEATBELT_EXPORT SandboxCompiler {
     // The result of compilation is a SandboxPolicy proto containing a sealed,
     // compiled, binary sandbox policy that can be applied immediately.
     kCompiled,
-
-    // The result of compilation is to be immediately applied to the current
-    // process using CompileAndApplyProfile().
-    kImmediate = kCompiled,
   };
 
   // Creates a compiler in the default mode, `Target::kSource`.
@@ -38,10 +34,6 @@ class SEATBELT_EXPORT SandboxCompiler {
   // Creates a compiler with the specified target mode.
   explicit SandboxCompiler(Target mode);
 
-  // Creates a compiler with the specified policy `profile_str` in
-  // `Target::kImmediate` mode.
-  explicit SandboxCompiler(const std::string& profile_str);
-
   ~SandboxCompiler();
   SandboxCompiler(const SandboxCompiler& other) = delete;
   SandboxCompiler& operator=(const SandboxCompiler& other) = delete;

diff --git a/sandbox/mac/sandbox_compiler_unittest.cc b/sandbox/mac/sandbox_compiler_unittest.cc
@@ -45,13 +45,12 @@ class SandboxCompilerTest
 };
 
 MULTIPROCESS_TEST_MAIN(BasicProfileProcess) {
-  std::string profile =
-      "(version 1)"
-      "(deny default (with no-log))"
-      "(allow file-read* file-write* (literal \"/\"))";
-
   SandboxCompiler compiler(GetParamInChild());
-  compiler.SetProfile(profile);
+  compiler.SetProfile(R"(
+      (version 1)
+      (deny default (with no-log))
+      (allow file-read* file-write* (literal "/"))
+  )");
 
   std::string error;
   CHECK(compiler.CompileAndApplyProfile(&error));
@@ -69,13 +68,12 @@ TEST_P(SandboxCompilerTest, BasicProfileTest) {
 }
 
 MULTIPROCESS_TEST_MAIN(BasicProfileWithParamProcess) {
-  std::string profile =
-      "(version 1)"
-      "(deny default (with no-log))"
-      "(allow file-read* file-write* (literal (param \"DIR\")))";
-
   SandboxCompiler compiler(GetParamInChild());
-  compiler.SetProfile(profile);
+  compiler.SetProfile(R"(
+      (version 1)
+      (deny default (with no-log))
+      (allow file-read* file-write* (literal (param "DIR")))
+  )");
   CHECK(compiler.SetParameter("DIR", "/"));
 
   std::string error;
@@ -94,13 +92,12 @@ TEST_P(SandboxCompilerTest, BasicProfileTestWithParam) {
 }
 
 MULTIPROCESS_TEST_MAIN(ProfileFunctionalProcess) {
-  std::string profile =
-      "(version 1)"
-      "(deny default (with no-log))"
-      "(allow file-read-data file-read-metadata (literal \"/dev/urandom\"))";
-
   SandboxCompiler compiler(GetParamInChild());
-  compiler.SetProfile(profile);
+  compiler.SetProfile(R"(
+      (version 1)
+      (deny default (with no-log))
+      (allow file-read-data file-read-metadata (literal "/dev/urandom"))
+  )");
 
   std::string error;
   CHECK(compiler.CompileAndApplyProfile(&error));
@@ -126,15 +123,14 @@ TEST_P(SandboxCompilerTest, ProfileFunctionalityTest) {
 }
 
 MULTIPROCESS_TEST_MAIN(ProfileFunctionalTestWithParamsProcess) {
-  std::string profile =
-      "(version 1)"
-      "(deny default (with no-log))"
-      "(if (string=? (param \"ALLOW_FILE\") \"TRUE\")"
-      "    (allow file-read-data file-read-metadata (literal (param "
-      "\"URANDOM\"))))";
-
   SandboxCompiler compiler(GetParamInChild());
-  compiler.SetProfile(profile);
+  compiler.SetProfile(R"(
+      (version 1)
+      (deny default (with no-log))
+      (if (string=? (param "ALLOW_FILE") "TRUE")
+          (allow file-read-data file-read-metadata (literal (param "URANDOM")))
+      )
+  )");
 
   CHECK(compiler.SetBooleanParameter("ALLOW_FILE", true));
   CHECK(!compiler.SetParameter("ALLOW_FILE", "duplicate key is not allowed"));
@@ -168,10 +164,8 @@ TEST_P(SandboxCompilerTest, ProfileFunctionalityTestWithParams) {
 }
 
 MULTIPROCESS_TEST_MAIN(ProfileFunctionalityTestErrorProcess) {
-  std::string profile = "(+ 5 a)";
-
   SandboxCompiler compiler(GetParamInChild());
-  compiler.SetProfile(profile);
+  compiler.SetProfile("(+ 5 a)");
 
   // Make sure that this invalid profile results in an error returned.
   std::string error;
@@ -215,20 +209,9 @@ TEST_P(SandboxCompilerTest, DuplicateKeys) {
   }
 }
 
-TEST_F(SandboxCompilerTest, DefaultConstructor) {
-  std::string profile =
-      R"((version 1) (deny default) (allow file-read* (path "/")))";
-  SandboxCompiler compiler(profile);
-  absl::optional<mac::SandboxPolicy> policy =
-      compiler.CompilePolicyToProto(nullptr);
-  ASSERT_TRUE(policy.has_value());
-  EXPECT_FALSE(policy->compiled().data().empty());
-}
-
 INSTANTIATE_TEST_SUITE_P(Target,
                          SandboxCompilerTest,
                          testing::Values(SandboxCompiler::Target::kSource,
-                                         SandboxCompiler::Target::kCompiled,
-                                         SandboxCompiler::Target::kImmediate));
+                                         SandboxCompiler::Target::kCompiled));
 
 }  // namespace sandbox
diff --git a/sandbox/mac/seatbelt_extension_unittest.cc b/sandbox/mac/seatbelt_extension_unittest.cc
@@ -78,7 +78,8 @@ TEST_F(SeatbeltExtensionTest, FileReadAccess) {
 }
 
 MULTIPROCESS_TEST_MAIN(FileReadAccess) {
-  sandbox::SandboxCompiler compiler(kSandboxProfile);
+  sandbox::SandboxCompiler compiler;
+  compiler.SetProfile(kSandboxProfile);
   std::string error;
   CHECK(compiler.CompileAndApplyProfile(&error)) << error;
 
@@ -166,7 +167,8 @@ TEST_F(SeatbeltExtensionTest, DirReadWriteAccess) {
 }
 
 MULTIPROCESS_TEST_MAIN(DirReadWriteAccess) {
-  sandbox::SandboxCompiler compiler(kSandboxProfile);
+  sandbox::SandboxCompiler compiler;
+  compiler.SetProfile(kSandboxProfile);
   std::string error;
   CHECK(compiler.CompileAndApplyProfile(&error)) << error;