Add check for file system access to the sandbox.

chrome/common/chrome_content_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/chrome_content_client.h"
 
 #include <stdint.h>
+#include <sys/stat.h>
 
 #include <map>
 #include <memory>
 #include <tuple>
 
 #include "base/command_line.h"
 #include "base/debug/crash_logging.h"
 #include "base/files/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/memory/ptr_util.h"
@@ skipping 274 matching lines @@
   std::string flash_version =
       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
           switches::kPpapiFlashVersion);
 
   plugins->push_back(
       CreatePepperFlashInfo(base::FilePath(flash_path),
                             flash_version, false, true, false));
 }
 
 #if defined(OS_LINUX)
 // This function tests if DIR_USER_DATA can be accessed, as a simple check to

[rickyz (no longer on Chrome), 2016/09/22 17:31:15]

Update the comment as well.

 // see if the zygote has been sandboxed at this point.
-bool IsUserDataDirAvailable() {
-  base::FilePath user_data_dir;
-  return PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
+bool IsSandboxed() {
+  struct stat st;
+  return stat("/proc/self/exe", &st) == -1;
 }
 
 // This method is used on Linux only because of architectural differences in how
 // it loads the component updated flash plugin, and not because the other
 // platforms do not support component updated flash. On other platforms, the
 // component updater sends an IPC message to all threads, at undefined points in
 // time, with the URL of the component updated flash. Because the linux zygote
 // thread has no access to the file system after it warms up, it must preload
 // the component updated flash.
 bool GetComponentUpdatedPepperFlash(content::PepperPluginInfo* plugin) {
@@ skipping 169 matching lines @@
     std::vector<content::PepperPluginInfo>* plugins) {
 #if defined(ENABLE_PLUGINS)
   ComputeBuiltInPlugins(plugins);
   AddPepperFlashFromCommandLine(plugins);
 
 #if defined(OS_LINUX)
   // Depending on the sandbox configurtion, the user data directory
   // is not always available. If it is not available, do not try and load any
   // flash plugin. The flash player, if any, preloaded before the sandbox
   // initialization will continue to be used.
-  if (!IsUserDataDirAvailable()) {
+  if (IsSandboxed()) {
     return;
   }
 #endif  // defined(OS_LINUX)
 
   ScopedVector<content::PepperPluginInfo> flash_versions;
 
 #if defined(OS_LINUX)
   std::unique_ptr<content::PepperPluginInfo> component_flash(
       new content::PepperPluginInfo);
   if (GetComponentUpdatedPepperFlash(component_flash.get()))
@@ skipping 180 matching lines @@
   if (!origin_trial_policy_)
     origin_trial_policy_ = base::MakeUnique<ChromeOriginTrialPolicy>();
   return origin_trial_policy_.get();
 }
 
 #if defined(OS_ANDROID)
 media::MediaClientAndroid* ChromeContentClient::GetMediaClientAndroid() {
   return new ChromeMediaClientAndroid();
 }
 #endif  // OS_ANDROID