diff --git a/www/chromium/Makefile b/www/chromium/Makefile index 8d4cdb35057b..d3aba79d5700 100644 --- a/www/chromium/Makefile +++ b/www/chromium/Makefile @@ -1,346 +1,346 @@ PORTNAME= chromium -PORTVERSION= 105.0.5195.52 +PORTVERSION= 105.0.5195.102 CATEGORIES= www wayland MASTER_SITES= https://commondatastorage.googleapis.com/chromium-browser-official/ \ https://nerd.hu/distfiles/:external DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ chrome-linux-${PORTVERSION}-llvm13.profdata${EXTRACT_SUFX}:external MAINTAINER= chromium@FreeBSD.org COMMENT= Google web browser based on WebKit LICENSE= BSD3CLAUSE LGPL21 MPL11 LICENSE_COMB= multi ONLY_FOR_ARCHS= aarch64 amd64 i386 BUILD_DEPENDS= bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}ply>0:devel/py-ply@${PY_FLAVOR} \ gperf:devel/gperf \ flock:sysutils/flock \ node:www/node \ xcb-proto>0:x11/xcb-proto \ ${LOCALBASE}/include/linux/videodev2.h:multimedia/v4l_compat \ ${LOCALBASE}/share/usbids/usb.ids:misc/usbids \ ${PYTHON_PKGNAMEPREFIX}html5lib>0:www/py-html5lib@${PY_FLAVOR} \ ${LOCALBASE}/include/va/va.h:multimedia/libva \ ${LOCALBASE}/libdata/pkgconfig/dri.pc:graphics/mesa-dri LIB_DEPENDS= libatk-bridge-2.0.so:accessibility/at-spi2-atk \ libatspi.so:accessibility/at-spi2-core \ libspeechd.so:accessibility/speech-dispatcher \ libsnappy.so:archivers/snappy \ libFLAC.so:audio/flac \ libopus.so:audio/opus \ libspeex.so:audio/speex \ libdbus-1.so:devel/dbus \ libdbus-glib-1.so:devel/dbus-glib \ libevent.so:devel/libevent \ libicuuc.so:devel/icu \ libjsoncpp.so:devel/jsoncpp \ libpci.so:devel/libpci \ libnspr4.so:devel/nspr \ libre2.so:devel/re2 \ libcairo.so:graphics/cairo \ libdrm.so:graphics/libdrm \ libexif.so:graphics/libexif \ libpng.so:graphics/png \ libwebp.so:graphics/webp \ libopenh264.so:multimedia/openh264 \ libfreetype.so:print/freetype2 \ libharfbuzz.so:print/harfbuzz \ libharfbuzz-icu.so:print/harfbuzz-icu \ libgcrypt.so:security/libgcrypt \ libsecret-1.so:security/libsecret \ libnss3.so:security/nss \ libexpat.so:textproc/expat2 \ libfontconfig.so:x11-fonts/fontconfig \ libwayland-client.so:graphics/wayland \ libxkbcommon.so:x11/libxkbcommon \ libxshmfence.so:x11/libxshmfence RUN_DEPENDS= xdg-open:devel/xdg-utils \ noto-basic>0:x11-fonts/noto-basic USES= bison compiler:c++17-lang cpe desktop-file-utils gl gnome iconv jpeg \ localbase:ldflags ninja perl5 pkgconfig python:3.7+,build shebangfix \ tar:xz xorg CPE_VENDOR= google CPE_PRODUCT= chrome USE_GL= gbm gl USE_GNOME= atk dconf gdkpixbuf2 glib20 gtk30 libxml2 libxslt USE_LDCONFIG= ${DATADIR} USE_PERL5= build USE_XORG= x11 xcb xcomposite xcursor xext xdamage xfixes xi \ xorgproto xrandr xrender xscrnsaver xtst SHEBANG_FILES= chrome/tools/build/linux/chrome-wrapper buildtools/linux64/clang-format MAKE_ARGS= -C out/${BUILDTYPE} ALL_TARGET= chrome BINARY_ALIAS= python3=${PYTHON_CMD} # TODO bz@ : install libwidevinecdm.so (see third_party/widevine/cdm/BUILD.gn) # # Run "./out/${BUILDTYPE}/gn args out/${BUILDTYPE} --list" for all variables. # Some parts don't have use_system_* flag, and can be turned on/off by using # replace_gn_files.py script, some parts just turned on/off for target host # OS "target_os == is_bsd", like libusb, libpci. GN_ARGS+= clang_use_chrome_plugins=false \ enable_hangout_services_extension=true \ enable_js_type_check=false \ enable_nacl=false \ enable_remoting=false \ enable_wmax_tokens=false \ fatal_linker_warnings=false \ icu_use_data_file=false \ is_clang=true \ optimize_webui=true \ toolkit_views=true \ treat_warnings_as_errors=false \ use_allocator="none" \ use_allocator_shim=false \ use_aura=true \ use_custom_libcxx=false \ use_gnome_keyring=false \ use_lld=true \ use_sysroot=false \ use_system_freetype=false \ use_system_harfbuzz=true \ use_system_libjpeg=true \ use_system_libwayland=true \ use_system_wayland_scanner=true \ use_udev=false \ extra_cxxflags="${CXXFLAGS}" \ extra_ldflags="${LDFLAGS}" # TODO: investigate building with these options: # use_system_minigbm GN_BOOTSTRAP_FLAGS= --no-clean --no-rebuild --skip-generate-buildfiles # FreeBSD Chromium Api Key # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for FreeBSD use ONLY. For your own distribution, # please get your own set of keys. GN_ARGS+= google_api_key="AIzaSyBsp9n41JLW8jCokwn7vhoaMejDFRd1mp8" SUB_FILES= chromium-browser.desktop chrome SUB_LIST+= COMMENT="${COMMENT}" OPTIONS_DEFINE= CODECS CUPS DEBUG DRIVER KERBEROS LTO TEST OPTIONS_DEFAULT= CODECS CUPS DRIVER KERBEROS SNDIO OPTIONS_EXCLUDE_aarch64=LTO OPTIONS_GROUP= AUDIO OPTIONS_GROUP_AUDIO= ALSA PULSEAUDIO SNDIO OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= HEIMDAL HEIMDAL_BASE MIT OPTIONS_SUB= yes CODECS_DESC= Compile and enable patented codecs like H.264 DRIVER_DESC= Install chromedriver HEIMDAL_BASE_DESC= Heimdal Kerberos (base) HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) MIT_DESC= MIT Kerberos (security/krb5) ALSA_LIB_DEPENDS= libasound.so:audio/alsa-lib ALSA_RUN_DEPENDS= ${LOCALBASE}/lib/alsa-lib/libasound_module_pcm_oss.so:audio/alsa-plugins \ alsa-lib>=1.1.1_1:audio/alsa-lib ALSA_VARS= GN_ARGS+=use_alsa=true ALSA_VARS_OFF= GN_ARGS+=use_alsa=false CODECS_VARS= GN_ARGS+=ffmpeg_branding="Chrome" \ GN_ARGS+=proprietary_codecs=true CODECS_VARS_OFF= GN_ARGS+=ffmpeg_branding="Chromium" \ GN_ARGS+=proprietary_codecs=false CUPS_LIB_DEPENDS= libcups.so:print/cups CUPS_VARS= GN_ARGS+=use_cups=true CUPS_VARS_OFF= GN_ARGS+=use_cups=false DEBUG_BUILD_DEPENDS= esbuild:devel/esbuild DEBUG_VARS= BUILDTYPE=Debug \ GN_ARGS+=is_debug=true \ GN_ARGS+=is_component_build=false \ GN_ARGS+=symbol_level=1 \ GN_BOOTSTRAP_FLAGS+=--debug \ WANTSPACE="21 GB" DEBUG_VARS_OFF= BUILDTYPE=Release \ GN_ARGS+=blink_symbol_level=0 \ GN_ARGS+=is_debug=false \ GN_ARGS+=is_official_build=true \ GN_ARGS+=symbol_level=0 \ WANTSPACE="14 GB" DRIVER_MAKE_ARGS= chromedriver HEIMDAL_LIB_DEPENDS= libkrb.so.26:security/heimdal KERBEROS_VARS= GN_ARGS+=use_kerberos=true KERBEROS_VARS_OFF= GN_ARGS+=use_kerberos=false LTO_VARS= GN_ARGS+=use_thin_lto=true \ GN_ARGS+=thin_lto_enable_optimizations=true \ WANTSPACE="14 GB" LTO_VARS_OFF= GN_ARGS+=use_thin_lto=false MIT_LIB_DEPENDS= libkrb.so.3:security/krb5 PULSEAUDIO_LIB_DEPENDS= libpulse.so:audio/pulseaudio PULSEAUDIO_VARS= GN_ARGS+=use_pulseaudio=true PULSEAUDIO_VARS_OFF= GN_ARGS+=use_pulseaudio=false # With SNDIO=on we exclude audio_manager_linux from the build (see # media/audio/BUILD.gn) and use audio_manager_openbsd which does not # support falling back to ALSA or PulseAudio. SNDIO_PREVENTS= ALSA PULSEAUDIO SNDIO_LIB_DEPENDS= libsndio.so:audio/sndio SNDIO_VARS= GN_ARGS+=use_sndio=true SNDIO_VARS_OFF= GN_ARGS+=use_sndio=false .include "Makefile.tests" TEST_DISTFILES= ${PORTNAME}-${DISTVERSION}-testdata${EXTRACT_SUFX} \ test_fonts-336e775eec536b2d785cc80eff6ac39051931286.tar.gz:external TEST_ALL_TARGET= ${TEST_TARGETS} .include .include .if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so) IGNORE= you have selected HEIMDAL_BASE but do not have Heimdal installed in base .endif .if ${COMPILER_VERSION} < 130 LLVM_DEFAULT= 13 BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} BINARY_ALIAS+= cpp=${LOCALBASE}/bin/clang-cpp${LLVM_DEFAULT} \ cc=${LOCALBASE}/bin/clang${LLVM_DEFAULT} \ c++=${LOCALBASE}/bin/clang++${LLVM_DEFAULT} \ ar=${LOCALBASE}/bin/llvm-ar${LLVM_DEFAULT} \ nm=${LOCALBASE}/bin/llvm-nm${LLVM_DEFAULT} \ ld=${LOCALBASE}/bin/ld.lld${LLVM_DEFAULT} .else BINARY_ALIAS+= ar=/usr/bin/llvm-ar \ nm=/usr/bin/llvm-nm .endif # swiftshader/lib/{libEGL.so,libGLESv2.so} is x86 only .if ${ARCH} == aarch64 PLIST_SUB+= NOT_AARCH64="@comment " .else PLIST_SUB+= NOT_AARCH64="" .endif # Allow relocations against read-only segments (override lld default) LDFLAGS_i386= -Wl,-znotext # TODO: -isystem, would be just as ugly as this approach, but more reliably # build would fail without C_INCLUDE_PATH/CPLUS_INCLUDE_PATH env var set. MAKE_ENV+= C_INCLUDE_PATH=${LOCALBASE}/include \ CPLUS_INCLUDE_PATH=${LOCALBASE}/include pre-everything:: @${ECHO_MSG} @${ECHO_MSG} "To build Chromium, you should have around 2GB of memory" @${ECHO_MSG} "and around ${WANTSPACE} of free disk space." @${ECHO_MSG} post-extract-TEST-on: @${MKDIR} ${WRKSRC}/third_party/test_fonts/test_fonts @${MV} ${WRKDIR}/test_fonts ${WRKSRC}/third_party/test_fonts/ pre-configure: # We used to remove bundled libraries to be sure that chromium uses # system libraries and not shipped ones. # cd ${WRKSRC} && ${PYTHON_CMD} \ #./build/linux/unbundle/remove_bundled_libraries.py [list of preserved] cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${PYTHON_CMD} \ ./build/linux/unbundle/replace_gn_files.py --system-libraries \ flac fontconfig freetype harfbuzz-ng icu libdrm libevent libpng \ libusb libwebp libxml libxslt openh264 opus snappy || ${FALSE} # Chromium uses an unreleased version of FFmpeg, so configure it .for brand in Chrome Chromium ${CP} -R \ ${WRKSRC}/third_party/ffmpeg/chromium/config/${brand}/linux/ \ ${WRKSRC}/third_party/ffmpeg/chromium/config/${brand}/freebsd .endfor do-configure: # GN generator bootstrapping and generating ninja files cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} CC=${CC} CXX=${CXX} LD=${CXX} \ READELF=${READELF} AR=${AR} NM=${NM} ${PYTHON_CMD} \ ./tools/gn/bootstrap/bootstrap.py ${GN_BOOTSTRAP_FLAGS} cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./out/${BUILDTYPE}/gn \ gen --args='${GN_ARGS}' out/${BUILDTYPE} # Setup nodejs dependency @${MKDIR} ${WRKSRC}/third_party/node/freebsd/node-freebsd/bin ${LN} -sf ${LOCALBASE}/bin/node ${WRKSRC}/third_party/node/freebsd/node-freebsd/bin/node # Setup buildtools/freebsd @${MKDIR} ${WRKSRC}/buildtools/freebsd ${LN} -sf ${WRKSRC}/buildtools/linux64/clang-format ${WRKSRC}/buildtools/freebsd ${LN} -sf ${WRKSRC}/out/${BUILDTYPE}/gn ${WRKSRC}/buildtools/freebsd ${LN} -sf /usr/bin/strip ${WRKSRC}/buildtools/freebsd/strip do-install: @${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_MAN} ${WRKSRC}/chrome/app/resources/manpage.1.in \ ${STAGEDIR}${MANPREFIX}/man/man1/chrome.1 @${SED} -i "" -e 's,\@\@PACKAGE\@\@,chromium,g;s,\@\@MENUNAME\@\@,Chromium Web Browser,g' \ ${STAGEDIR}${MANPREFIX}/man/man1/chrome.1 ${CP} ${WRKSRC}/chrome/app/theme/chromium/product_logo_22_mono.png ${WRKSRC}/chrome/app/theme/chromium/product_logo_22.png .for s in 22 24 48 64 128 256 @${MKDIR} ${STAGEDIR}${PREFIX}/share/icons/hicolor/${s}x${s}/apps ${INSTALL_DATA} ${WRKSRC}/chrome/app/theme/chromium/product_logo_${s}.png \ ${STAGEDIR}${PREFIX}/share/icons/hicolor/${s}x${s}/apps/chrome.png .endfor ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/*.png ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/*.pak ${STAGEDIR}${DATADIR} .for d in protoc mksnapshot ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/${d} ${STAGEDIR}${DATADIR} .endfor .for d in snapshot_blob.bin v8_context_snapshot.bin ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/${d} ${STAGEDIR}${DATADIR} .endfor ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/chrome \ ${STAGEDIR}${DATADIR} cd ${WRKSRC}/out/${BUILDTYPE} && \ ${COPYTREE_SHARE} "locales resources" ${STAGEDIR}${DATADIR} @${MKDIR} ${STAGEDIR}${DESKTOPDIR} ${INSTALL_DATA} ${WRKDIR}/chromium-browser.desktop \ ${STAGEDIR}${DESKTOPDIR} ${INSTALL_SCRIPT} ${WRKDIR}/chrome ${STAGEDIR}${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/chrome/tools/build/linux/chrome-wrapper \ ${STAGEDIR}${DATADIR} # ANGLE, EGL, Vk .for f in libEGL.so libGLESv2.so libVkICD_mock_icd.so ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/${f} ${STAGEDIR}${DATADIR} .endfor ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libvulkan.so.1 \ ${STAGEDIR}${DATADIR}/libvulkan.so .if ${BUILDTYPE} == Debug ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libVkLayer_khronos_validation.so ${STAGEDIR}${DATADIR} .endif # SwiftShader .if ${ARCH} != aarch64 ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libvk_swiftshader.so ${STAGEDIR}${DATADIR} .endif post-install-DEBUG-on: ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/*.so \ ${STAGEDIR}${DATADIR} ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/character_data_generator \ ${STAGEDIR}${DATADIR} post-install-DRIVER-on: ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/chromedriver.unstripped \ ${STAGEDIR}${PREFIX}/bin/chromedriver do-test-TEST-on: .for t in ${TEST_TARGETS} cd ${WRKSRC}/out/${BUILDTYPE} && ${SETENV} LC_ALL=en_US.UTF-8 \ ./${t} --gtest_filter=-${EXCLUDE_${t}:ts:} || ${TRUE} .endfor .include diff --git a/www/chromium/distinfo b/www/chromium/distinfo index a0316463f879..d7115a6ea044 100644 --- a/www/chromium/distinfo +++ b/www/chromium/distinfo @@ -1,9 +1,9 @@ -TIMESTAMP = 1661937622 -SHA256 (chromium-105.0.5195.52.tar.xz) = dc71b2be9c30c2a7a250b3dbfb26f9b0d1aa2df7335b53ed44a203ff69947c42 -SIZE (chromium-105.0.5195.52.tar.xz) = 1597749968 -SHA256 (chrome-linux-105.0.5195.52-llvm13.profdata.tar.xz) = be6371fbfe9949ee56c8ba5c45c2e3d31c36c153e035b89d4bbda4e35077c8c2 -SIZE (chrome-linux-105.0.5195.52-llvm13.profdata.tar.xz) = 24879272 -SHA256 (chromium-105.0.5195.52-testdata.tar.xz) = 486fe655cfc8a4210598f4797fbbc603a8783702c50b5c3a9badd3a179ba9106 -SIZE (chromium-105.0.5195.52-testdata.tar.xz) = 264061000 +TIMESTAMP = 1662203957 +SHA256 (chromium-105.0.5195.102.tar.xz) = 1cba0527c951e3c506ade96cf6ec2507ee9d43661764731ed896348182369262 +SIZE (chromium-105.0.5195.102.tar.xz) = 1597977496 +SHA256 (chrome-linux-105.0.5195.102-llvm13.profdata.tar.xz) = a32f0155ff13a09e3cd9a34b2eb1ab91d193058c89be8d1a3037bd80d8136c31 +SIZE (chrome-linux-105.0.5195.102-llvm13.profdata.tar.xz) = 24879584 +SHA256 (chromium-105.0.5195.102-testdata.tar.xz) = 8ae1595c598a0941c877d4be1874a07bbef68665f5419433c9b91d2d5416d72a +SIZE (chromium-105.0.5195.102-testdata.tar.xz) = 264553400 SHA256 (test_fonts-336e775eec536b2d785cc80eff6ac39051931286.tar.gz) = a2ca2962daf482a8f943163541e1c73ba4b2694fabcd2510981f2db4eda493c8 SIZE (test_fonts-336e775eec536b2d785cc80eff6ac39051931286.tar.gz) = 32624734 diff --git a/www/chromium/files/patch-content_gpu_gpu__main.cc b/www/chromium/files/patch-content_gpu_gpu__main.cc index 5330461d3ca7..b79dc03f2618 100644 --- a/www/chromium/files/patch-content_gpu_gpu__main.cc +++ b/www/chromium/files/patch-content_gpu_gpu__main.cc @@ -1,73 +1,47 @@ ---- content/gpu/gpu_main.cc.orig 2022-08-31 12:19:35 UTC +--- content/gpu/gpu_main.cc.orig 2022-09-02 10:45:05 UTC +++ content/gpu/gpu_main.cc @@ -86,7 +86,7 @@ #include "sandbox/win/src/sandbox.h" #endif -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) #include "content/gpu/gpu_sandbox_hook_linux.h" #include "sandbox/policy/linux/sandbox_linux.h" #include "sandbox/policy/sandbox_type.h" @@ -108,7 +108,7 @@ namespace content { namespace { -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) bool StartSandboxLinux(gpu::GpuWatchdogThread*, const gpu::GPUInfo*, const gpu::GpuPreferences&); @@ -170,7 +170,7 @@ class ContentSandboxHelper : public gpu::GpuSandboxHel bool EnsureSandboxInitialized(gpu::GpuWatchdogThread* watchdog_thread, const gpu::GPUInfo* gpu_info, const gpu::GpuPreferences& gpu_prefs) override { -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) return StartSandboxLinux(watchdog_thread, gpu_info, gpu_prefs); #elif BUILDFLAG(IS_WIN) return StartSandboxWindows(sandbox_info_); @@ -266,7 +266,7 @@ int GpuMain(MainFunctionParams parameters) { std::make_unique( gpu_preferences.message_pump_type); } -#elif BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#elif BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) #error "Unsupported Linux platform." #elif BUILDFLAG(IS_MAC) // Cross-process CoreAnimation requires a CFRunLoop to function at all, and -@@ -396,17 +396,19 @@ int GpuMain(MainFunctionParams parameters) { +@@ -396,7 +396,7 @@ int GpuMain(MainFunctionParams parameters) { namespace { -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) bool StartSandboxLinux(gpu::GpuWatchdogThread* watchdog_thread, const gpu::GPUInfo* gpu_info, const gpu::GpuPreferences& gpu_prefs) { - TRACE_EVENT0("gpu,startup", "Initialize sandbox"); - -+#if !BUILDFLAG(IS_BSD) - if (watchdog_thread) { - // SandboxLinux needs to be able to ensure that the thread - // has really been stopped. - sandbox::policy::SandboxLinux::GetInstance()->StopThread(watchdog_thread); - } -+#endif - - // SandboxLinux::InitializeSandbox() must always be called - // with only one thread. -@@ -453,11 +455,13 @@ bool StartSandboxLinux(gpu::GpuWatchdogThread* watchdo - *base::CommandLine::ForCurrentProcess()), - base::BindOnce(GpuProcessPreSandboxHook), sandbox_options); - -+#if !BUILDFLAG(IS_BSD) - if (watchdog_thread) { - base::Thread::Options thread_options; - thread_options.timer_slack = base::TIMER_SLACK_MAXIMUM; - watchdog_thread->StartWithOptions(std::move(thread_options)); - } -+#endif - - return res; - } diff --git a/www/chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc b/www/chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc index b853583c6f47..ad30b2a4413e 100644 --- a/www/chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc +++ b/www/chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc @@ -1,250 +1,256 @@ ---- sandbox/policy/freebsd/sandbox_freebsd.cc.orig 2022-04-21 18:48:31 UTC +--- sandbox/policy/freebsd/sandbox_freebsd.cc.orig 2022-09-02 10:45:05 UTC +++ sandbox/policy/freebsd/sandbox_freebsd.cc -@@ -0,0 +1,247 @@ +@@ -0,0 +1,253 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/policy/openbsd/sandbox_openbsd.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "base/bind.h" +#include "base/callback_helpers.h" +#include "base/command_line.h" +#include "base/debug/stack_trace.h" +#include "base/feature_list.h" +#include "base/files/file_path.h" +#include "base/files/file_util.h" +#include "base/files/scoped_file.h" +#include "base/logging.h" +#include "base/memory/singleton.h" +#include "base/path_service.h" +#include "base/posix/eintr_wrapper.h" +#include "base/strings/string_number_conversions.h" +#include "base/system/sys_info.h" ++#include "base/threading/thread.h" +#include "base/time/time.h" +#include "build/build_config.h" +#include "sandbox/constants.h" +#include "sandbox/linux/services/credentials.h" +#include "sandbox/linux/services/namespace_sandbox.h" +#include "sandbox/linux/services/proc_util.h" +#include "sandbox/linux/services/resource_limits.h" +#include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/syscall_broker/broker_command.h" +#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/policy/sandbox.h" +#include "sandbox/policy/sandbox_type.h" +#include "sandbox/policy/mojom/sandbox.mojom.h" +#include "sandbox/policy/switches.h" +#include "sandbox/sandbox_buildflags.h" + +#if BUILDFLAG(USING_SANITIZER) +#include +#endif + +#if defined(USE_NSS_CERTS) +#include "crypto/nss_util.h" +#endif + +#include "ui/gfx/x/connection.h" +#include "ui/gfx/font_util.h" + +#include + +#define MAXTOKENS 3 + +#define _UNVEIL_MAIN "/etc/chromium/unveil.main"; +#define _UNVEIL_RENDERER "/etc/chromium/unveil.renderer"; +#define _UNVEIL_GPU "/etc/chromium/unveil.gpu"; +#define _UNVEIL_PLUGIN "/etc/chromium/unveil.plugin"; +#define _UNVEIL_UTILITY "/etc/chromium/unveil.utility"; +#define _UNVEIL_UTILITY_NETWORK "/etc/chromium/unveil.utility_network"; +#define _UNVEIL_UTILITY_AUDIO "/etc/chromium/unveil.utility_audio"; +#define _UNVEIL_UTILITY_VIDEO "/etc/chromium/unveil.utility_video"; + +namespace sandbox { +namespace policy { + +SandboxLinux::SandboxLinux() + : sandbox_status_flags_(kInvalid), + pre_initialized_(false), + initialize_sandbox_ran_(false), + broker_process_(nullptr) { +} + +SandboxLinux::~SandboxLinux() { + if (pre_initialized_) { + CHECK(initialize_sandbox_ran_); + } +} + +SandboxLinux* SandboxLinux::GetInstance() { + SandboxLinux* instance = base::Singleton::get(); + CHECK(instance); + return instance; +} + ++void SandboxLinux::StopThread(base::Thread* thread) { ++ DCHECK(thread); ++ thread->Stop(); ++} ++ +void SandboxLinux::PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type) { + CHECK(!pre_initialized_); +#if BUILDFLAG(USING_SANITIZER) + // Sanitizers need to open some resources before the sandbox is enabled. + // This should not fork, not launch threads, not open a directory. + __sanitizer_sandbox_on_notify(sanitizer_args()); + sanitizer_args_.reset(); +#endif + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + base::SysInfo::AmountOfPhysicalMemory(); + base::SysInfo::NumberOfProcessors(); + +#if defined(USE_NSS_CERTS) + // The main process has to initialize the ~/.pki dir which won't work + // after unveil(2). + if (process_type.empty()) + crypto::EnsureNSSInit(); +#endif + + // cache the XErrorDB by forcing a read on it + { + auto* connection = x11::Connection::Get(); + auto* display = connection->GetXlibDisplay().display(); + + char buf[1]; + XGetErrorDatabaseText(display, "XProtoError", "0", "", buf, std::size(buf)); + } + + if (process_type.empty()) { + base::FilePath cache_directory, local_directory; + + base::PathService::Get(base::DIR_CACHE, &cache_directory); + base::PathService::Get(base::DIR_HOME, &local_directory); + + cache_directory = cache_directory.AppendASCII("chromium"); + local_directory = local_directory.AppendASCII(".local").AppendASCII("share").AppendASCII("applications"); + + if (!base::CreateDirectory(cache_directory)) { + LOG(ERROR) << "Failed to create " << cache_directory.value() << " directory."; + } + + if (!base::CreateDirectory(local_directory)) { + LOG(ERROR) << "Failed to create " << local_directory.value() << " directory."; + } + } + + if (process_type == switches::kRendererProcess) + gfx::InitializeFonts(); + + pre_initialized_ = true; +} + +bool SandboxLinux::InitializeSandbox(sandbox::mojom::Sandbox sandbox_type, + SandboxLinux::PreSandboxHook hook, + const Options& options) { + DCHECK(!initialize_sandbox_ran_); + initialize_sandbox_ran_ = true; + + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + if (command_line->HasSwitch(switches::kNoSandbox)) + return true; + + VLOG(1) << "SandboxLinux::InitializeSandbox: process_type=" + << process_type << " sandbox_type=" << GetSandboxTypeInEnglish(sandbox_type); + + // Only one thread is running, pre-initialize if not already done. + if (!pre_initialized_) + PreinitializeSandbox(sandbox_type); + + // Attempt to limit the future size of the address space of the process. + int error = 0; + const bool limited_as = LimitAddressSpace(&error); + if (error) { + // Restore errno. Internally to |LimitAddressSpace|, the errno due to + // setrlimit may be lost. + errno = error; + PCHECK(limited_as); + } + + return true; +} + +bool SandboxLinux::LimitAddressSpace(int* error) { +#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ + !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + if (SandboxTypeFromCommandLine(*command_line) == sandbox::mojom::Sandbox::kNoSandbox) { + return false; + } + + // Unfortunately, it does not appear possible to set RLIMIT_AS such that it + // will both (a) be high enough to support V8's and WebAssembly's address + // space requirements while also (b) being low enough to mitigate exploits + // using integer overflows that require large allocations, heap spray, or + // other memory-hungry attack modes. + + *error = sandbox::ResourceLimits::Lower( + RLIMIT_DATA, static_cast(sandbox::kDataSizeLimit)); + + // Cache the resource limit before turning on the sandbox. + base::SysInfo::AmountOfVirtualMemory(); + base::SysInfo::MaxSharedMemorySize(); + + return *error == 0; +#else + base::SysInfo::AmountOfVirtualMemory(); + return false; +#endif // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && + // !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) +} + +// static +std::string SandboxLinux::GetSandboxTypeInEnglish(sandbox::mojom::Sandbox sandbox_type) { + switch (sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: + return "Unsandboxed"; + case sandbox::mojom::Sandbox::kRenderer: + return "Renderer"; + case sandbox::mojom::Sandbox::kUtility: + return "Utility"; + case sandbox::mojom::Sandbox::kGpu: + return "GPU"; + case sandbox::mojom::Sandbox::kPpapi: + return "PPAPI"; + case sandbox::mojom::Sandbox::kNetwork: + return "Network"; + case sandbox::mojom::Sandbox::kCdm: + return "CDM"; + case sandbox::mojom::Sandbox::kPrintCompositor: + return "Print Compositor"; + case sandbox::mojom::Sandbox::kAudio: + return "Audio"; + case sandbox::mojom::Sandbox::kSpeechRecognition: + return "Speech Recognition"; + case sandbox::mojom::Sandbox::kService: + return "Service"; + case sandbox::mojom::Sandbox::kVideoCapture: + return "Video Capture"; + default: + return "Unknown"; + } +} + +} // namespace policy +} // namespace sandbox diff --git a/www/chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc b/www/chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc index 0898af1e5a6c..307217ed3ac3 100644 --- a/www/chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc +++ b/www/chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc @@ -1,410 +1,416 @@ ---- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2022-04-21 18:48:31 UTC +--- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2022-09-02 10:45:05 UTC +++ sandbox/policy/openbsd/sandbox_openbsd.cc -@@ -0,0 +1,407 @@ +@@ -0,0 +1,413 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/policy/openbsd/sandbox_openbsd.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "base/bind.h" +#include "base/callback_helpers.h" +#include "base/command_line.h" +#include "base/debug/stack_trace.h" +#include "base/feature_list.h" +#include "base/files/file_path.h" +#include "base/files/file_util.h" +#include "base/files/scoped_file.h" +#include "base/logging.h" +#include "base/memory/singleton.h" +#include "base/path_service.h" +#include "base/posix/eintr_wrapper.h" +#include "base/strings/string_number_conversions.h" +#include "base/system/sys_info.h" ++#include "base/threading/thread.h" +#include "base/time/time.h" +#include "build/build_config.h" +#include "sandbox/constants.h" +#include "sandbox/linux/services/credentials.h" +#include "sandbox/linux/services/namespace_sandbox.h" +#include "sandbox/linux/services/proc_util.h" +#include "sandbox/linux/services/resource_limits.h" +#include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/syscall_broker/broker_command.h" +#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/policy/sandbox.h" +#include "sandbox/policy/sandbox_type.h" +#include "sandbox/policy/mojom/sandbox.mojom.h" +#include "sandbox/policy/switches.h" +#include "sandbox/sandbox_buildflags.h" + +#if BUILDFLAG(USING_SANITIZER) +#include +#endif + +#if defined(USE_NSS_CERTS) +#include "crypto/nss_util.h" +#endif + +#include "third_party/boringssl/src/include/openssl/crypto.h" + +#include "ui/gfx/x/connection.h" +#include "ui/gfx/font_util.h" + +#include + +#define MAXTOKENS 3 + +#define _UNVEIL_MAIN "/etc/chromium/unveil.main"; +#define _UNVEIL_RENDERER "/etc/chromium/unveil.renderer"; +#define _UNVEIL_GPU "/etc/chromium/unveil.gpu"; +#define _UNVEIL_PLUGIN "/etc/chromium/unveil.plugin"; +#define _UNVEIL_UTILITY "/etc/chromium/unveil.utility"; +#define _UNVEIL_UTILITY_NETWORK "/etc/chromium/unveil.utility_network"; +#define _UNVEIL_UTILITY_AUDIO "/etc/chromium/unveil.utility_audio"; +#define _UNVEIL_UTILITY_VIDEO "/etc/chromium/unveil.utility_video"; + +namespace sandbox { +namespace policy { + +SandboxLinux::SandboxLinux() + : unveil_initialized_(false), + sandbox_status_flags_(kInvalid), + pre_initialized_(false), + initialize_sandbox_ran_(false), + broker_process_(nullptr) { +} + +SandboxLinux::~SandboxLinux() { + if (pre_initialized_) { + CHECK(initialize_sandbox_ran_); + } +} + +SandboxLinux* SandboxLinux::GetInstance() { + SandboxLinux* instance = base::Singleton::get(); + CHECK(instance); + return instance; +} + ++void SandboxLinux::StopThread(base::Thread* thread) { ++ DCHECK(thread); ++ thread->Stop(); ++} ++ +void SandboxLinux::PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type) { + CHECK(!pre_initialized_); +#if BUILDFLAG(USING_SANITIZER) + // Sanitizers need to open some resources before the sandbox is enabled. + // This should not fork, not launch threads, not open a directory. + __sanitizer_sandbox_on_notify(sanitizer_args()); + sanitizer_args_.reset(); +#endif + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + base::SysInfo::AmountOfPhysicalMemory(); + base::SysInfo::NumberOfProcessors(); + base::SysInfo::CPUModelName(); + +#if defined(USE_NSS_CERTS) + // The main process has to initialize the ~/.pki dir which won't work + // after unveil(2). + if (process_type.empty()) + crypto::EnsureNSSInit(); +#endif + + if (process_type.empty()) + CRYPTO_pre_sandbox_init(); + + // cache the XErrorDB by forcing a read on it + { + auto* connection = x11::Connection::Get(); + auto* display = connection->GetXlibDisplay().display(); + + char buf[1]; + XGetErrorDatabaseText(display, "XProtoError", "0", "", buf, std::size(buf)); + } + + if (process_type.empty()) { + base::FilePath cache_directory, local_directory; + + base::PathService::Get(base::DIR_CACHE, &cache_directory); + base::PathService::Get(base::DIR_HOME, &local_directory); + + cache_directory = cache_directory.AppendASCII("chromium"); + local_directory = local_directory.AppendASCII(".local").AppendASCII("share").AppendASCII("applications"); + + if (!base::CreateDirectory(cache_directory)) { + LOG(ERROR) << "Failed to create " << cache_directory.value() << " directory."; + } + + if (!base::CreateDirectory(local_directory)) { + LOG(ERROR) << "Failed to create " << local_directory.value() << " directory."; + } + } + + if (process_type == switches::kRendererProcess) + gfx::InitializeFonts(); + + if (!command_line->HasSwitch(switches::kDisableUnveil)) + SetUnveil(process_type, sandbox_type); + + pre_initialized_ = true; +} + +bool SandboxLinux::SetPledge(const char *pstring, const char *ppath) { + FILE *fp; + char *s = NULL; + size_t len = 0; + ssize_t read; + + if (pstring != NULL) { + if (pledge(pstring, NULL) == -1) + goto err; + } else if (ppath != NULL) { + fp = fopen(ppath, "r"); + if (fp != NULL) { + while ((read = getline(&s, &len, fp)) != -1 ) { + if (s[strlen(s)-1] == '\n') + s[strlen(s)-1] = '\0'; + if (pledge(s, NULL) == -1) + goto err; + } + fclose(fp); + } else { + LOG(ERROR) << "fopen() failed, errno: " << errno; + return false; + } + } + return true; +err: + LOG(ERROR) << "pledge() failed, errno: " << errno; + return false; +} + +bool SandboxLinux::SetUnveil(const std::string process_type, sandbox::mojom::Sandbox sandbox_type) { + FILE *fp; + char *s = NULL, *cp = NULL, *home = NULL, **ap, *tokens[MAXTOKENS]; + char path[PATH_MAX]; + const char *ufile; + size_t len = 0, lineno = 0; + + if (process_type.empty()) { + ufile = _UNVEIL_MAIN; + } else if (process_type == switches::kRendererProcess) { + ufile = _UNVEIL_RENDERER; + } else if (process_type == switches::kGpuProcess) { + ufile = _UNVEIL_GPU; + } else if (process_type == switches::kPpapiPluginProcess) { + ufile = _UNVEIL_PLUGIN; + } else if (process_type == switches::kUtilityProcess) { + if (sandbox_type == sandbox::mojom::Sandbox::kNetwork) { + ufile = _UNVEIL_UTILITY_NETWORK; + } else if (sandbox_type == sandbox::mojom::Sandbox::kAudio) { + ufile = _UNVEIL_UTILITY_AUDIO; + } else if (sandbox_type == sandbox::mojom::Sandbox::kVideoCapture) { + ufile = _UNVEIL_UTILITY_VIDEO; + } else { + ufile = _UNVEIL_UTILITY; + } + } + + fp = fopen(ufile, "r"); + if (fp != NULL) { + while (!feof(fp)) { + if ((s = fparseln(fp, &len, &lineno, NULL, + FPARSELN_UNESCCOMM | FPARSELN_UNESCCONT)) == NULL) { + if (ferror(fp)) { + LOG(ERROR) << "ferror(), errno: " << errno; + _exit(1); + } else { + continue; + } + } + cp = s; + cp += strspn(cp, " \t\n"); /* eat whitespace */ + if (cp[0] == '\0') + continue; + + for (ap = tokens; ap < &tokens[MAXTOKENS - 1] && + (*ap = strsep(&cp, " \t")) != NULL;) { + if (**ap != '\0') + ap++; + } + *ap = NULL; + + if (tokens[1] == NULL) { + LOG(ERROR) << ufile << ": line " << lineno << ": must supply value to " << s; + _exit(1); + } + + if (tokens[0][0] == '~') { + if ((home = getenv("HOME")) == NULL || *home == '\0') { + LOG(ERROR) << "failed to get home"; + _exit(1); + } + memmove(tokens[0], tokens[0] + 1, strlen(tokens[0])); + strncpy(path, home, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + strncat(path, tokens[0], sizeof(path) - 1 - strlen(path)); + } else { + strncpy(path, tokens[0], sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + } + + if (unveil(path, tokens[1]) == -1) { + LOG(ERROR) << "failed unveiling " << path << " with permissions " << tokens[1]; + _exit(1); + } else { + VLOG(1) << "unveiling " << path << " with permissions " << tokens[1]; + } + } + fclose(fp); + } else { + LOG(ERROR) << "failed to open " << ufile << " errno: " << errno; + _exit(1); + } + + unveil_initialized_ = true; + + return true; +} + +bool SandboxLinux::unveil_initialized() const { + return unveil_initialized_; +} + +bool SandboxLinux::InitializeSandbox(sandbox::mojom::Sandbox sandbox_type, + SandboxLinux::PreSandboxHook hook, + const Options& options) { + DCHECK(!initialize_sandbox_ran_); + initialize_sandbox_ran_ = true; + + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + if (command_line->HasSwitch(switches::kNoSandbox)) + return true; + + VLOG(1) << "SandboxLinux::InitializeSandbox: process_type=" + << process_type << " sandbox_type=" << GetSandboxTypeInEnglish(sandbox_type); + + // Only one thread is running, pre-initialize if not already done. + if (!pre_initialized_) + PreinitializeSandbox(sandbox_type); + + // Attempt to limit the future size of the address space of the process. + int error = 0; + const bool limited_as = LimitAddressSpace(&error); + if (error) { + // Restore errno. Internally to |LimitAddressSpace|, the errno due to + // setrlimit may be lost. + errno = error; + PCHECK(limited_as); + } + + if (process_type.empty()) { + // XXX use a file for listing pledges of the main process for now + // XXX not having the file is not a fatal error + SetPledge(NULL, "/etc/chromium/pledge.main"); + } else if (process_type == switches::kRendererProcess) { + // prot_exec needed by v8 + // flock needed by sqlite3 locking + SetPledge("stdio rpath flock prot_exec recvfd sendfd ps", NULL); + } else if (process_type == switches::kGpuProcess) { + SetPledge("stdio rpath cpath wpath getpw drm prot_exec recvfd sendfd tmppath", NULL); + } else if (process_type == switches::kPpapiPluginProcess) { + // prot_exec needed by v8 + SetPledge("stdio rpath prot_exec recvfd sendfd", NULL); + } else if (process_type == switches::kUtilityProcess) { + if (sandbox_type == sandbox::mojom::Sandbox::kAudio) + SetPledge(NULL, "/etc/chromium/pledge.utility_audio"); + else if (sandbox_type == sandbox::mojom::Sandbox::kNetwork) + SetPledge(NULL, "/etc/chromium/pledge.utility_network"); + else if (sandbox_type == sandbox::mojom::Sandbox::kVideoCapture) + SetPledge(NULL, "/etc/chromium/pledge.utility_video"); + else + SetPledge("stdio rpath cpath wpath fattr flock sendfd recvfd prot_exec", NULL); + } else { + LOG(ERROR) << "non-pledge()'d process: " << process_type; + return false; + } + + return true; +} + +bool SandboxLinux::LimitAddressSpace(int* error) { +#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ + !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + if (SandboxTypeFromCommandLine(*command_line) == sandbox::mojom::Sandbox::kNoSandbox) { + return false; + } + + // Unfortunately, it does not appear possible to set RLIMIT_AS such that it + // will both (a) be high enough to support V8's and WebAssembly's address + // space requirements while also (b) being low enough to mitigate exploits + // using integer overflows that require large allocations, heap spray, or + // other memory-hungry attack modes. + + *error = sandbox::ResourceLimits::Lower( + RLIMIT_DATA, static_cast(sandbox::kDataSizeLimit)); + + // Cache the resource limit before turning on the sandbox. + base::SysInfo::AmountOfVirtualMemory(); + base::SysInfo::MaxSharedMemorySize(); + + return *error == 0; +#else + base::SysInfo::AmountOfVirtualMemory(); + return false; +#endif // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && + // !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) +} + +// static +std::string SandboxLinux::GetSandboxTypeInEnglish(sandbox::mojom::Sandbox sandbox_type) { + switch (sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: + return "Unsandboxed"; + case sandbox::mojom::Sandbox::kRenderer: + return "Renderer"; + case sandbox::mojom::Sandbox::kUtility: + return "Utility"; + case sandbox::mojom::Sandbox::kGpu: + return "GPU"; + case sandbox::mojom::Sandbox::kPpapi: + return "PPAPI"; + case sandbox::mojom::Sandbox::kNetwork: + return "Network"; + case sandbox::mojom::Sandbox::kCdm: + return "CDM"; + case sandbox::mojom::Sandbox::kPrintCompositor: + return "Print Compositor"; + case sandbox::mojom::Sandbox::kAudio: + return "Audio"; + case sandbox::mojom::Sandbox::kSpeechRecognition: + return "Speech Recognition"; + case sandbox::mojom::Sandbox::kService: + return "Service"; + case sandbox::mojom::Sandbox::kVideoCapture: + return "Video Capture"; + default: + return "Unknown"; + } +} + +} // namespace policy +} // namespace sandbox