Revert 149692 - Create a LinuxSandbox class.

content/zygote/zygote_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/zygote/zygote_linux.h"
 
 #include <fcntl.h>
 #include <string.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
 #include "base/command_line.h"
 #include "ipc/ipc_switches.h"
 #include "content/public/common/sandbox_linux.h"
 #include "base/process_util.h"
 #include "content/public/common/result_codes.h"
 #include "ipc/ipc_channel.h"
 #include "base/debug/trace_event.h"
 #include "base/file_util.h"
 #include "base/linux_util.h"
 #include "base/eintr_wrapper.h"
 #include "base/global_descriptors_posix.h"
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/posix/unix_domain_socket.h"
 #include "content/common/set_process_title.h"
-#include "content/common/sandbox_linux.h"
+#include "content/common/sandbox_methods_linux.h"
 #include "content/common/zygote_commands_linux.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/zygote_fork_delegate_linux.h"
 
 #if defined(CHROMIUM_SELINUX)
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 #endif
 
 // See http://code.google.com/p/chromium/wiki/LinuxZygote
@@ skipping 22 matching lines @@
     LOG(FATAL) << "dynamic transition to type '" << type << "' failed. "
                   "(this binary has been built with SELinux support, but maybe "
                   "the policies haven't been loaded into the kernel?)";
   }
 }
 #endif  // CHROMIUM_SELINUX
 
 }  // namespace
 
 Zygote::Zygote(int sandbox_flags,
-               ZygoteForkDelegate* helper)
+               ZygoteForkDelegate* helper,
+               int proc_fd_for_seccomp)
     : sandbox_flags_(sandbox_flags),
       helper_(helper),
+#if defined(SECCOMP_SANDBOX)
+      proc_fd_for_seccomp_(proc_fd_for_seccomp),
+#endif
       initial_uma_sample_(0),
       initial_uma_boundary_value_(0) {
   if (helper_) {
     helper_->InitialUMA(&initial_uma_name_,
                         &initial_uma_sample_,
                         &initial_uma_boundary_value_);
   }
 }
 
 Zygote::~Zygote() {
@@ skipping 328 matching lines @@
 
   mapping.push_back(std::make_pair(
       static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor));
 
   // Returns twice, once per process.
   base::ProcessId child_pid = ForkWithRealPid(process_type, fds, channel_id,
                                               uma_name, uma_sample,
                                               uma_boundary_value);
   if (!child_pid) {
     // This is the child process.
-
-    // At this point, we finally know our process type.
-    LinuxSandbox::GetInstance()->PreinitializeSandboxFinish(process_type);
+#if defined(SECCOMP_SANDBOX)
+    if (proc_fd_for_seccomp_ >= 0) {
+      if (process_type == switches::kRendererProcess &&
+          SeccompSandboxEnabled()) {
+        SeccompSandboxSetProcFd(proc_fd_for_seccomp_);
+      } else {
+        close(proc_fd_for_seccomp_);
+      }
+      proc_fd_for_seccomp_ = -1;
+    }
+#endif
 
     close(kBrowserDescriptor);  // Our socket from the browser.
     if (UsingSUIDSandbox())
       close(kZygoteIdFd);  // Another socket from the browser.
     base::GlobalDescriptors::GetInstance()->Reset(mapping);
 
 #if defined(CHROMIUM_SELINUX)
     SELinuxTransitionToTypeOrDie("chromium_renderer_t");
 #endif
 
@@ skipping 56 matching lines @@
                                     PickleIterator iter) {
   if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) !=
                    sizeof(sandbox_flags_)) {
     PLOG(ERROR) << "write";
   }
 
   return false;
 }
 
 }  // namespace content