Revert 149692 - Create a LinuxSandbox class.

content/common/sandbox_linux.h

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CONTENT_COMMON_SANDBOX_LINUX_H_
-#define CONTENT_COMMON_SANDBOX_LINUX_H_
-
-#include "base/memory/scoped_ptr.h"
-#include "content/public/common/sandbox_linux.h"
-
-// TODO(jln) move this somewhere else.
-#if defined(__i386__) || defined(__x86_64__)
-#define SECCOMP_BPF_SANDBOX
-#endif
-
-template <typename T> struct DefaultSingletonTraits;
-namespace sandbox { class SetuidSandboxClient; }
-
-namespace content {
-
-// A singleton class to represent and change our sandboxing state for the
-// three main Linux sandboxes.
-class LinuxSandbox {
- public:
-  // This is a list of sandbox IPC methods which the renderer may send to the
-  // sandbox host. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
-  // This isn't the full list, values < 32 are reserved for methods called from
-  // Skia.
-  enum LinuxSandboxIPCMethods {
-    METHOD_GET_FONT_FAMILY_FOR_CHARS = 32,
-    METHOD_LOCALTIME = 33,
-    METHOD_GET_CHILD_WITH_INODE = 34,
-    METHOD_GET_STYLE_FOR_STRIKE = 35,
-    METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36,
-    METHOD_MATCH_WITH_FALLBACK = 37,
-  };
-
-  // Get our singleton instance.
-  static LinuxSandbox* GetInstance();
-
-  // Do some initialization that can only be done before any of the sandboxes
-  // is enabled.
-  //
-  // There are two versions of this function. One takes a process_type
-  // as an argument, the other doesn't.
-  // It may be necessary to call PreinitializeSandboxBegin before knowing the
-  // process type (this is for instance the case with the Zygote).
-  // In that case, it is crucial that PreinitializeSandboxFinish() gets
-  // called for every child process.
-  // TODO(markus,jln) we know this is not always done at the moment
-  // (crbug.com/139877).
-  void PreinitializeSandbox(const std::string& process_type);
-  // These should be called together.
-  void PreinitializeSandboxBegin();
-  void PreinitializeSandboxFinish(const std::string& process_type);
-
-  // Returns the Status of the sandbox. Can only be queried if we went through
-  // PreinitializeSandbox() or PreinitializeSandboxBegin(). This is a bitmask
-  // and uses the constants defined in "enum LinuxSandboxStatus".
-  // Since we need to provide the status before the sandboxes are actually
-  // started, this returns what will actually happen once the various Start*
-  // functions are called from inside a renderer.
-  int GetStatus();
-
-  // Simple accessor for our instance of the setuid sandbox. Will never return
-  // NULL.
-  // There is no StartSetuidSandbox(), the SetuidSandboxClient instance should
-  // be used directly.
-  sandbox::SetuidSandboxClient* setuid_sandbox_client() const;
-
-  // Check the policy and eventually start the seccomp-legacy sandbox.
-  bool StartSeccompLegacy(const std::string& process_type);
-  // Check the policy and eventually start the seccomp-bpf sandbox.
-  // TODO(jln): not implemented at the moment.
-  bool StartSeccompBpf(const std::string& process_type);
-
- private:
-  friend struct DefaultSingletonTraits<LinuxSandbox>;
-  bool ShouldEnableSeccompLegacy(const std::string& process_type);
-
-  int proc_fd_;
-  // Have we been through PreinitializeSandbox or PreinitializeSandboxBegin ?
-  bool pre_initialized_;
-  bool seccomp_legacy_supported_;  // Accurate if pre_initialized_.
-  scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
-  LinuxSandbox();
-  ~LinuxSandbox();
-  DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
-};
-
-}  // namespace content
-
-#endif  // CONTENT_COMMON_SANDBOX_LINUX_H_
-