[Android] Define a baseline seccomp-bpf sandbox policy.

content/renderer/renderer_main_platform_delegate_android.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
+
+#include "base/command_line.h"
 #include "base/logging.h"
+#include "base/rand_util.h"
+#include "base/sys_info.h"
+#include "content/common/android/sandbox_bpf_base_policy_android.h"
+#include "content/public/common/content_switches.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "third_party/skia/include/ports/SkFontConfigInterface.h"
+#include "v8/include/v8.h"
 
 #ifdef ENABLE_VTUNE_JIT_INTERFACE
-#include "content/public/common/content_switches.h"
 #include "v8/src/third_party/vtune/v8-vtune.h"
 #endif
 
 namespace content {
 
+namespace {
+
+bool GenerateEntropy(unsigned char* buffer, size_t length) {
+  base::RandBytes(buffer, length);
+  return true;
+}
+
+void PreSandboxWarmUp() {
+  base::RandUint64();
+
+  base::SysInfo::AmountOfPhysicalMemory();
+  base::SysInfo::MaxSharedMemorySize();
+  base::SysInfo::NumberOfProcessors();
+
+  v8::V8::SetEntropySource(&GenerateEntropy);
+  v8::V8::Initialize();
+
+  SkFontConfigInterface::GetSingletonDirectInterface();
+}
+
+}  // namespace
+
 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
     const MainFunctionParams& parameters)
     : parameters_(parameters) {
 }
 
 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
 }
 
 void RendererMainPlatformDelegate::PlatformInitialize() {
 #ifdef ENABLE_VTUNE_JIT_INTERFACE
   const CommandLine& command_line = parameters_.command_line;
   if (command_line.HasSwitch(switches::kEnableVtune))
     vTune::InitializeVtuneForV8();
 #endif
 }
 
 void RendererMainPlatformDelegate::PlatformUninitialize() {
 }
 
 bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
   return true;
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
-  return true;
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableAndroidSeccompBPF)) {
+    return true;
+  }
+
+  PreSandboxWarmUp();
+
+  sandbox::SandboxBPF sandbox;

[jln (very slow on Chromium), 2014/03/31 22:57:43]

I would rather not duplicate this.

Could you use sandbox_seccomp_bpf_linux.h, StartSandboxWithExternalPolicy?

It does call SupportsSeccompSandbox(), so we should fix that first.
Probably the StartSandbox() API should return a bool across the board and we
should be able to remove calls to SupportsSeccompSandbox() when actually
enabling the sandbox.

[Robert Sesek, 2014/04/08 20:33:45]

StartSandboxWithExternalPolicy() will call through the single-threadedness
checks. I think with the new bool-returning API, this is not enough code to
worry about duplicating.

[jln (very slow on Chromium), 2014/04/09 05:11:07]

I'm on the fence (we could add a parameter to StartSandboxWithExternalPolicy),
so let's do it your way. But I'm always reminded by how evil code duplication is
in surprising ways :)

+  sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
+  sandbox.StartSandbox();
+  bool enabled = sandbox.SupportsSeccompSandbox(-1) ==
+      sandbox::SandboxBPF::STATUS_ENABLED;

[jln (very slow on Chromium), 2014/03/31 22:57:43]

Let's try and fix StartSandbox() to return a bool instead.

[Robert Sesek, 2014/04/08 20:33:45]

Done.

+  CHECK(enabled);
+  return enabled;
 }
 
 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {
 }
 
 }  // namespace content