Index: content/renderer/renderer_main_platform_delegate_android.cc |
diff --git a/content/renderer/renderer_main_platform_delegate_android.cc b/content/renderer/renderer_main_platform_delegate_android.cc |
index 4a19706360269bd76526fc348869c5c37775a198..ec4fdac5f6135e127e0631f7e79672c76f75adad 100644 |
--- a/content/renderer/renderer_main_platform_delegate_android.cc |
+++ b/content/renderer/renderer_main_platform_delegate_android.cc |
@@ -3,10 +3,14 @@ |
// found in the LICENSE file. |
#include "content/renderer/renderer_main_platform_delegate.h" |
+ |
+#include "base/command_line.h" |
#include "base/logging.h" |
+#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h" |
+#include "content/public/common/content_switches.h" |
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
#ifdef ENABLE_VTUNE_JIT_INTERFACE |
-#include "content/public/common/content_switches.h" |
#include "v8/src/third_party/vtune/v8-vtune.h" |
#endif |
@@ -36,6 +40,14 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { |
} |
bool RendererMainPlatformDelegate::EnableSandbox() { |
+ if (!base::CommandLine::ForCurrentProcess()->HasSwitch( |
+ switches::kEnableSeccompFilterSandbox)) { |
+ return true; |
+ } |
+ |
+ sandbox::SandboxBPF sandbox; |
+ sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid()); |
+ CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED)); |
return true; |
} |