Linux: make current InitializeSandbox() private.

content/common/sandbox_seccomp_bpf_linux.cc

Index: content/common/sandbox_seccomp_bpf_linux.cc
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index 2f3f0efa449c5308268f543f97e946cdee1cab24..7462ca70d92a70d287e4ddb081e9d5bdce96dfea 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -38,6 +38,7 @@
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
+using content::LinuxSandbox;
 using playground2::arch_seccomp_data;
 using playground2::ErrorCode;
 using playground2::Sandbox;
@@ -1505,8 +1506,8 @@ void WarmupPolicy(Sandbox::EvaluateSyscall policy,
 
 Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
     const CommandLine& command_line,
-    const std::string& process_type) {
-  if (process_type == switches::kGpuProcess) {
+    LinuxSandbox::SandboxConfig sandbox_config) {
+  if (sandbox_config == LinuxSandbox::SANDBOX_CONFIG_GPU) {
     // On Chrome OS, --enable-gpu-sandbox enables the more restrictive policy.
     // However, we don't yet enable the more restrictive GPU process policy
     // on ARM.
@@ -1517,18 +1518,18 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
       return GpuProcessPolicy;
   }
 
-  if (process_type == switches::kPpapiPluginProcess) {
+  if (sandbox_config == LinuxSandbox::SANDBOX_CONFIG_PPAPI) {
     // TODO(jln): figure out what to do with non-Flash PPAPI
     // out-of-process plug-ins.
     return FlashProcessPolicy;
   }
 
-  if (process_type == switches::kRendererProcess ||
-      process_type == switches::kWorkerProcess) {
+  if (sandbox_config == LinuxSandbox::SANDBOX_CONFIG_RENDERER ||
+      sandbox_config == LinuxSandbox::SANDBOX_CONFIG_WORKER) {
     return RendererOrWorkerProcessPolicy;
   }
 
-  if (process_type == switches::kUtilityProcess) {
+  if (sandbox_config == LinuxSandbox::SANDBOX_CONFIG_UTILITY) {
     return BlacklistDebugAndNumaPolicy;
   }
 
@@ -1552,9 +1553,9 @@ void StartSandboxWithPolicy(Sandbox::EvaluateSyscall syscall_policy,
 
 // Initialize the seccomp-bpf sandbox.
 bool StartBpfSandbox(const CommandLine& command_line,
-                     const std::string& process_type) {
+                     LinuxSandbox::SandboxConfig sandbox_config) {
   Sandbox::EvaluateSyscall syscall_policy =
-      GetProcessSyscallPolicy(command_line, process_type);
+      GetProcessSyscallPolicy(command_line, sandbox_config);
 
   BrokerProcess* broker_process = NULL;
   // Warm up resources needed by the policy we're about to enable and
@@ -1584,10 +1585,10 @@ bool SandboxSeccompBpf::IsSeccompBpfDesired() {
 }
 
 bool SandboxSeccompBpf::ShouldEnableSeccompBpf(
-    const std::string& process_type) {
+    LinuxSandbox::SandboxConfig sandbox_config) {
 #if defined(SECCOMP_BPF_SANDBOX)
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
-  if (process_type == switches::kGpuProcess)
+  if (sandbox_config == LinuxSandbox::SANDBOX_CONFIG_GPU)
     return !command_line.HasSwitch(switches::kDisableGpuSandbox);
 
   return true;
@@ -1612,16 +1613,17 @@ bool SandboxSeccompBpf::SupportsSandbox() {
   return false;
 }
 
-bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) {
+bool SandboxSeccompBpf::StartSandbox(
+    LinuxSandbox::SandboxConfig sandbox_config) {
 #if defined(SECCOMP_BPF_SANDBOX)
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
   if (IsSeccompBpfDesired() &&  // Global switches policy.
-      ShouldEnableSeccompBpf(process_type) &&  // Process-specific policy.
+      ShouldEnableSeccompBpf(sandbox_config) &&  // Process-specific policy.
       SupportsSandbox()) {
     // If the kernel supports the sandbox, and if the command line says we
     // should enable it, enable it or die.
-    bool started_sandbox = StartBpfSandbox(command_line, process_type);
+    bool started_sandbox = StartBpfSandbox(command_line, sandbox_config);
     CHECK(started_sandbox);
     return true;
   }