12 files changed, 19 insertions, 109 deletions
diff --git a/chromium/services/audio/BUILD.gn b/chromium/services/audio/BUILD.gn
index dd4911729ab..84b197a67f2 100644
--- a/chromium/services/audio/BUILD.gn
+++ b/chromium/services/audio/BUILD.gn
@@ -71,24 +71,19 @@ source_set("audio") {
     "//media",
     "//media/webrtc",
     "//services/audio/public/mojom",
-    "//services/service_manager/sandbox",
   ]
 
-  if (is_linux) {
+  if (is_linux || is_chromeos) {
     sources += [
       "audio_sandbox_hook_linux.cc",
       "audio_sandbox_hook_linux.h",
     ]
-    public_deps += [ "//sandbox/linux:sandbox_services" ]
-  }
-
-  if (is_win) {
-    sources += [
-      "audio_sandbox_win.cc",
-      "audio_sandbox_win.h",
+    public_deps += [
+      "//sandbox/linux:sandbox_services",
+      "//sandbox/policy",
     ]
-    public_deps += [ "//sandbox/win:sandbox" ]
   }
+
   configs += [
     "//build/config/compiler:wexit_time_destructors",
     "//media:media_config",
diff --git a/chromium/services/audio/DEPS b/chromium/services/audio/DEPS
index 5c8ac88773d..4e45e6d00ae 100644
--- a/chromium/services/audio/DEPS
+++ b/chromium/services/audio/DEPS
@@ -5,5 +5,4 @@ include_rules = [
    "+media/webrtc",
    "+sandbox",
    "+services/audio/public",
-   "+services/service_manager/sandbox",
 ]
diff --git a/chromium/services/audio/OWNERS b/chromium/services/audio/OWNERS
index e0dbf0d3868..dfd776de26d 100644
--- a/chromium/services/audio/OWNERS
+++ b/chromium/services/audio/OWNERS
@@ -3,6 +3,5 @@ dalecurtis@chromium.org
 miu@chromium.org
 
 per-file audio_sandbox_hook_linux.*=file://sandbox/linux/OWNERS
-per-file audio_sandbox_win.*=file://sandbox/win/OWNERS
 
 # COMPONENT: Internals>Media>Audio
diff --git a/chromium/services/audio/audio_sandbox_hook_linux.cc b/chromium/services/audio/audio_sandbox_hook_linux.cc
index dad4537c4c6..e7928a96372 100644
--- a/chromium/services/audio/audio_sandbox_hook_linux.cc
+++ b/chromium/services/audio/audio_sandbox_hook_linux.cc
@@ -174,9 +174,9 @@ void LoadAudioLibraries() {
 
 }  // namespace
 
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options) {
+bool AudioPreSandboxHook(sandbox::policy::SandboxLinux::Options options) {
   LoadAudioLibraries();
-  auto* instance = service_manager::SandboxLinux::GetInstance();
+  auto* instance = sandbox::policy::SandboxLinux::GetInstance();
   instance->StartBrokerProcess(MakeBrokerCommandSet({
                                  sandbox::syscall_broker::COMMAND_ACCESS,
 #if defined(USE_PULSEAUDIO)
@@ -188,7 +188,7 @@ bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options) {
                                      sandbox::syscall_broker::COMMAND_UNLINK,
                                }),
                                GetAudioFilePermissions(),
-                               service_manager::SandboxLinux::PreSandboxHook(),
+                               sandbox::policy::SandboxLinux::PreSandboxHook(),
                                options);
 
   // TODO(https://crbug.com/850878) enable namespace sandbox. Currently, if
diff --git a/chromium/services/audio/audio_sandbox_hook_linux.h b/chromium/services/audio/audio_sandbox_hook_linux.h
index 528ceaa0790..65a17ccf09e 100644
--- a/chromium/services/audio/audio_sandbox_hook_linux.h
+++ b/chromium/services/audio/audio_sandbox_hook_linux.h
@@ -5,13 +5,13 @@
 #ifndef SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
 #define SERVICES_AUDIO_AUDIO_SANDBOX_HOOK_LINUX_H_
 
-#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#include "sandbox/policy/linux/sandbox_linux.h"
 
 namespace audio {
 
 // Load audio shared libraries and setup allowed commands and filesystem
 // permissions for audio service sandboxed process.
-bool AudioPreSandboxHook(service_manager::SandboxLinux::Options options);
+bool AudioPreSandboxHook(sandbox::policy::SandboxLinux::Options options);
 
 }  // namespace audio
 
diff --git a/chromium/services/audio/audio_sandbox_win.cc b/chromium/services/audio/audio_sandbox_win.cc
deleted file mode 100644
index c6f1c552383..00000000000
--- a/chromium/services/audio/audio_sandbox_win.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "services/audio/audio_sandbox_win.h"
-
-#include "sandbox/win/src/sandbox_policy.h"
-
-// NOTE: changes to this code need to be reviewed by the security team.
-
-namespace audio {
-
-//------------------------------------------------------------------------------
-// Public audio service sandbox configuration extension functions.
-//------------------------------------------------------------------------------
-//
-//  Default policy:
-//
-//  lockdown_level_(sandbox::USER_LOCKDOWN),
-//  initial_level_(sandbox::USER_RESTRICTED_SAME_ACCESS),
-//
-//  job_level_(sandbox::JOB_LOCKDOWN),
-//
-//  integrity_level_(sandbox::INTEGRITY_LEVEL_LOW),
-//  delayed_integrity_level_(sandbox::INTEGRITY_LEVEL_UNTRUSTED),
-
-bool AudioPreSpawnTarget(sandbox::TargetPolicy* policy) {
-  // Audio process privilege requirements:
-  //  - Lockdown level of USER_NON_ADMIN
-  //  - Delayed integrity level of INTEGRITY_LEVEL_LOW
-  //
-  // For audio streams to create shared memory regions, lockdown level must be
-  // at least USER_LIMITED and delayed integrity level INTEGRITY_LEVEL_LOW,
-  // otherwise CreateFileMapping() will fail with error code ERROR_ACCESS_DENIED
-  // (0x5).
-  //
-  // For audio input streams to use ISimpleAudioVolume interface, lockdown
-  // level must be set to USER_NON_ADMIN, otherwise
-  // WASAPIAudioInputStream::Open() will fail with error code E_ACCESSDENIED
-  // (0x80070005) when trying to get a reference to ISimpleAudioVolume
-  // interface. See
-  // https://cs.chromium.org/chromium/src/media/audio/win/audio_low_latency_input_win.cc
-  // Use USER_RESTRICTED_NON_ADMIN over USER_NON_ADMIN to prevent failures when
-  // AppLocker and similar application whitelisting solutions are in place.
-  policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
-                        sandbox::USER_RESTRICTED_NON_ADMIN);
-  policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
-
-  // Custom default policy allowing audio drivers to read device properties
-  // (https://crbug.com/883326).
-  policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
-  policy->SetLockdownDefaultDacl();
-  policy->SetAlternateDesktop(true);
-
-  return true;
-}
-
-}  // namespace audio
diff --git a/chromium/services/audio/audio_sandbox_win.h b/chromium/services/audio/audio_sandbox_win.h
deleted file mode 100644
index 8ce8cb0c7e1..00000000000
--- a/chromium/services/audio/audio_sandbox_win.h
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SERVICES_AUDIO_AUDIO_SANDBOX_WIN_H_
-#define SERVICES_AUDIO_AUDIO_SANDBOX_WIN_H_
-
-namespace sandbox {
-class TargetPolicy;
-}
-
-// These sandbox-config extension functions should be called from
-// UtilitySandboxedProcessLauncherDelegate on Windows (or the appropriate
-// Delegate if SandboxType::kAudio is removed from SandboxType::kUtility).
-//
-// NOTE: changes to this code need to be reviewed by the security team.
-
-namespace audio {
-
-// PreSpawnTarget extension.
-bool AudioPreSpawnTarget(sandbox::TargetPolicy* policy);
-
-}  // namespace audio
-
-#endif  // SERVICES_AUDIO_AUDIO_SANDBOX_WIN_H_
diff --git a/chromium/services/audio/loopback_stream_unittest.cc b/chromium/services/audio/loopback_stream_unittest.cc
index e1e7d53b084..aa7ee9b38a2 100644
--- a/chromium/services/audio/loopback_stream_unittest.cc
+++ b/chromium/services/audio/loopback_stream_unittest.cc
@@ -152,8 +152,7 @@ class LoopbackStreamTest : public testing::Test {
     sources_.emplace_back(std::make_unique<FakeLoopbackGroupMember>(
         media::AudioParameters(media::AudioParameters::AUDIO_PCM_LOW_LATENCY,
                                media::GuessChannelLayout(channels), sample_rate,
-                               (sample_rate * kBufferDuration) /
-                                   base::TimeDelta::FromSeconds(1))));
+                               (sample_rate * kBufferDuration).InSeconds())));
     coordinator_.RegisterMember(group_id_, sources_.back().get());
     return sources_.back().get();
   }
diff --git a/chromium/services/audio/service.cc b/chromium/services/audio/service.cc
index 23bb03023ac..5eacb4c74c0 100644
--- a/chromium/services/audio/service.cc
+++ b/chromium/services/audio/service.cc
@@ -24,7 +24,7 @@
 #include "services/audio/service_metrics.h"
 #include "services/audio/system_info.h"
 
-#if defined(OS_MACOSX)
+#if defined(OS_APPLE)
 #include "media/audio/mac/audio_device_listener_mac.h"
 #endif
 
@@ -158,7 +158,7 @@ void Service::BindTestingApi(
 
 void Service::InitializeDeviceMonitor() {
   DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
-#if defined(OS_MACOSX)
+#if defined(OS_APPLE)
   if (audio_device_listener_mac_)
     return;
 
diff --git a/chromium/services/audio/service.h b/chromium/services/audio/service.h
index cf433ad39ed..0b8343bba04 100644
--- a/chromium/services/audio/service.h
+++ b/chromium/services/audio/service.h
@@ -115,7 +115,7 @@ class Service : public mojom::AudioService {
   std::unique_ptr<AudioManagerAccessor> audio_manager_accessor_;
   const bool enable_remote_client_support_;
   std::unique_ptr<base::SystemMonitor> system_monitor_;
-#if defined(OS_MACOSX)
+#if defined(OS_MAC)
   std::unique_ptr<media::AudioDeviceListenerMac> audio_device_listener_mac_;
 #endif
   std::unique_ptr<SystemInfo> system_info_;
diff --git a/chromium/services/audio/snooper_node_unittest.cc b/chromium/services/audio/snooper_node_unittest.cc
index 63ac9c0aba9..31c606340f6 100644
--- a/chromium/services/audio/snooper_node_unittest.cc
+++ b/chromium/services/audio/snooper_node_unittest.cc
@@ -336,7 +336,8 @@ TEST_P(SnooperNodeTest, MAYBE_ContinuousAudioFlowAdaptsToSkew) {
            (output_skew * output_delay().InSecondsF())) *
           output_params().sample_rate();
       const double frames_in_one_millisecond =
-          output_params().sample_rate() / 1000.0;
+          output_params().sample_rate() /
+          double{base::Time::kMillisecondsPerSecond};
       EXPECT_NEAR(expected_end_of_silence_position,
                   consumer()->FindEndOfSilence(0, 0),
                   frames_in_one_millisecond);
@@ -416,7 +417,7 @@ TEST_P(SnooperNodeTest, HandlesMissingInput) {
   const int output_frames_in_one_second = output_params().sample_rate();
   const int output_frames_in_a_quarter_second = output_frames_in_one_second / 4;
   const int output_frames_in_20_milliseconds =
-      output_frames_in_one_second * 20 / 1000;
+      output_frames_in_one_second * 20 / base::Time::kMillisecondsPerSecond;
   int output_silence_position =
       ((kInputAdvanceTime + output_delay()).InSecondsF() + 1.0) *
       output_params().sample_rate();
@@ -624,7 +625,7 @@ double MapTimeOffsetToATone(base::TimeDelta offset) {
   constexpr double kMaxFrequency = 2000;
   constexpr int kNumToneSteps = 10;
 
-  const int64_t step_number = offset / (kTestDuration / kNumToneSteps);
+  const int64_t step_number = offset.IntDiv(kTestDuration / kNumToneSteps);
   const double t = static_cast<double>(step_number) / kNumToneSteps;
   return kMinFrequency + t * (kMaxFrequency - kMinFrequency);
 }
diff --git a/chromium/services/audio/sync_reader.cc b/chromium/services/audio/sync_reader.cc
index fbd4b1dc4ab..3b7b5537f2c 100644
--- a/chromium/services/audio/sync_reader.cc
+++ b/chromium/services/audio/sync_reader.cc
@@ -54,7 +54,7 @@ SyncReader::SyncReader(
       renderer_callback_count_(0),
       renderer_missed_callback_count_(0),
       trailing_renderer_missed_callback_count_(0),
-#if defined(OS_MACOSX) || defined(OS_CHROMEOS)
+#if defined(OS_MAC) || defined(OS_CHROMEOS)
       maximum_wait_time_(params.GetBufferDuration() / 2),
 #else
       // TODO(dalecurtis): Investigate if we can reduce this on all platforms.