[Android] Define a baseline seccomp-bpf sandbox policy.

content/renderer/renderer_main_platform_delegate_android.cc

Index: content/renderer/renderer_main_platform_delegate_android.cc
diff --git a/content/renderer/renderer_main_platform_delegate_android.cc b/content/renderer/renderer_main_platform_delegate_android.cc
index 4a19706360269bd76526fc348869c5c37775a198..ec4fdac5f6135e127e0631f7e79672c76f75adad 100644
--- a/content/renderer/renderer_main_platform_delegate_android.cc
+++ b/content/renderer/renderer_main_platform_delegate_android.cc
@@ -3,10 +3,14 @@
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
+
+#include "base/command_line.h"
 #include "base/logging.h"
+#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
+#include "content/public/common/content_switches.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 
 #ifdef ENABLE_VTUNE_JIT_INTERFACE
-#include "content/public/common/content_switches.h"
 #include "v8/src/third_party/vtune/v8-vtune.h"
 #endif
 
@@ -36,6 +40,14 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableSeccompFilterSandbox)) {
+    return true;
+  }
+
+  sandbox::SandboxBPF sandbox;
+  sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
+  CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED));
   return true;
 }