Add an initial Linux GPU sandbox using the seccomp filter framework.

content/gpu/gpu_main.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdlib.h>
 
 #if defined(OS_WIN)
 #include <windows.h>
 #endif
 
 #include "base/environment.h"
 #include "base/message_loop.h"
+#include "base/rand_util.h"
 #include "base/stringprintf.h"
 #include "base/threading/platform_thread.h"
 #include "base/win/scoped_com_initializer.h"
 #include "build/build_config.h"
 #include "content/common/gpu/gpu_config.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/main_function_params.h"
 #include "content/gpu/gpu_child_thread.h"
 #include "content/gpu/gpu_info_collector.h"
 #include "content/gpu/gpu_process.h"
 #include "ui/gfx/gl/gl_surface.h"
 #include "ui/gfx/gl/gl_switches.h"
 
 #if defined(OS_WIN)
 #include "content/common/gpu/media/dxva_video_decode_accelerator.h"
 #include "sandbox/src/sandbox.h"
 #endif
 
 #if defined(USE_X11)
 #include "ui/base/x/x11_util.h"
 #endif
 
 #if defined(TOOLKIT_GTK)
 #include "ui/gfx/gtk_util.h"
 #endif
 
+#if defined(OS_LINUX)
+#include "content/public/common/sandbox_init.h"
+#endif
+
 // Main function for starting the Gpu process.
 int GpuMain(const content::MainFunctionParams& parameters) {
   base::Time start_time = base::Time::Now();
 
   const CommandLine& command_line = parameters.command_line;
   if (command_line.HasSwitch(switches::kGpuStartupDialog)) {
     ChildProcess::WaitForDebugger("Gpu");
   }
 
   if (!command_line.HasSwitch(switches::kSingleProcess)) {
@@ skipping 43 matching lines @@
 #endif
 
     // Set the GPU info even if it failed.
     content::GetContentClient()->SetGpuInfo(gpu_info);
   } else {
     LOG(INFO) << "gfx::GLSurface::InitializeOneOff failed";
     gpu_info.gpu_accessible = false;
     dead_on_arrival = true;
   }
 
+  // Warm up the random subsystem, which needs to done pre-sandbox on all
+  // platforms.
+  (void) base::RandUint64();
+
+#if defined(OS_LINUX)
+  content::InitializeSandbox();
+#endif
+
   base::win::ScopedCOMInitializer com_initializer;
 
 #if defined(OS_WIN)
   // Preload this DLL because the sandbox prevents it from loading.
   LoadLibrary(L"setupapi.dll");
 
-  // Cause advapi32 to load before the sandbox is turned on.
-  unsigned int dummy_rand;
-  rand_s(&dummy_rand);
-
   sandbox::TargetServices* target_services =
       parameters.sandbox_info->target_services;
   // Initialize H/W video decoding stuff which fails in the sandbox.
   DXVAVideoDecodeAccelerator::PreSandboxInitialization();
   // For windows, if the target_services interface is not zero, the process
   // is sandboxed and we must call LowerToken() before rendering untrusted
   // content.
   if (target_services)
     target_services->LowerToken();
 #endif
@@ skipping 21 matching lines @@
   child_thread->Init(start_time);
 
   gpu_process.set_main_thread(child_thread);
 
   main_message_loop.Run();
 
   child_thread->StopWatchdog();
 
   return 0;
 }