Simplified unit testing of sandboxing code.

sandbox/linux/seccomp-bpf/bpf_tests.cc

Index: sandbox/linux/seccomp-bpf/bpf_tests.cc
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.cc b/sandbox/linux/seccomp-bpf/bpf_tests.cc
new file mode 100644
index 0000000000000000000000000000000000000000..efe4020b4e3e0c4e3fa181e61d2266f53a5e45cf
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.cc
@@ -0,0 +1,35 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+
+using playground2::Die;
+using playground2::Sandbox;
+
+namespace sandbox {
+
+void BpfTests::TestWrapper(void *void_arg) {
+  TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg);
+  Die::EnableSimpleExit();
+  if (Sandbox::supportsSeccompSandbox(-1) ==
+      Sandbox::STATUS_AVAILABLE) {
+    // Ensure the the sandbox is actually available at this time
+    int proc_fd;
+    BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0);
+    BPF_ASSERT(Sandbox::supportsSeccompSandbox(proc_fd) ==
+               Sandbox::STATUS_AVAILABLE);
+
+    // Initialize and then start the sandbox with our custom policy
+    Sandbox::setProcFd(proc_fd);
+    Sandbox::setSandboxPolicy(arg->policy(), NULL);
+    Sandbox::startSandbox();
+    arg->test()();
+  } else {
+    // TODO(markus): (crbug.com/141545) Call the compiler and verify the
+    //   policy. That's the least we can do, if we don't have kernel support.
+    Sandbox::setSandboxPolicy(arg->policy(), NULL);
+  }
+}
+
+}  // namespace