Add sandbox support for AsanCoverage.

content/common/sandbox_linux/sandbox_linux.cc

Index: content/common/sandbox_linux/sandbox_linux.cc
diff --git a/content/common/sandbox_linux/sandbox_linux.cc b/content/common/sandbox_linux/sandbox_linux.cc
index 237cc89deb9947af3d96fe8753e641a7c907f07a..a3439c49835bec92177db019b920f751925c194d 100644
--- a/content/common/sandbox_linux/sandbox_linux.cc
+++ b/content/common/sandbox_linux/sandbox_linux.cc
@@ -34,6 +34,11 @@
 #include "sandbox/linux/services/yama.h"
 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
 
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+     defined(LEAK_SANITIZER)
+#include <sanitizer/common_interface_defs.h>
+#endif
+
 using sandbox::Yama;
 
 namespace {
@@ -109,10 +114,19 @@ LinuxSandbox::LinuxSandbox()
       pre_initialized_(false),
       seccomp_bpf_supported_(false),
       yama_is_enforcing_(false),
-      setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) {
+      setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create())
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+    defined(LEAK_SANITIZER)
+      , sanitizer_args_(new __sanitizer_sandbox_arguments)
+#endif

[jln (very slow on Chromium), 2014/05/14 17:49:41]

Maybe just put it below in the body of the constructor rather than in the
initializer list then?

[earthdok, 2014/05/20 16:53:57]

Done.

+{
   if (setuid_sandbox_client_ == NULL) {
     LOG(FATAL) << "Failed to instantiate the setuid sandbox client.";
   }
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+    defined(LEAK_SANITIZER)
+  *sanitizer_args_ = {0};
+#endif
 }
 
 LinuxSandbox::~LinuxSandbox() {
@@ -124,20 +138,14 @@ LinuxSandbox* LinuxSandbox::GetInstance() {
   return instance;
 }
 
-#if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
-     defined(LEAK_SANITIZER))  && defined(OS_LINUX)
-// Sanitizer API call to notify the tool the sandbox is going to be turned on.
-extern "C" void __sanitizer_sandbox_on_notify(void *reserved);
-#endif
-
 void LinuxSandbox::PreinitializeSandbox() {
   CHECK(!pre_initialized_);
   seccomp_bpf_supported_ = false;
-#if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
-     defined(LEAK_SANITIZER))  && defined(OS_LINUX)
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+     defined(LEAK_SANITIZER)
   // Sanitizers need to open some resources before the sandbox is enabled.
   // This should not fork, not launch threads, not open a directory.
-  __sanitizer_sandbox_on_notify(/*reserved*/ NULL);
+  __sanitizer_sandbox_on_notify(sanitizer_args());

[jln (very slow on Chromium), 2014/05/14 17:49:41]

Before the process exits, when the LinuxSandbox singleton gets destroyed, what
happens if we delete the sanitizer_args?

I would think that this needs to survive for the lifetime of the process, no? In
that case I would .release() here to pass ownership (and *SAN itself can "leak"
it, i.e. pass ownership to the kernel to bind it to the process' life time).

[earthdok, 2014/05/14 19:21:47]

In the current implementation, the structure is only read once, in
__sanitizer_sandbox_on_notify(). We don't care about it after we leave that
function.

[jln (very slow on Chromium), 2014/05/14 23:26:30]

Ok. Let's have a GetSanitizerArgs() that .Pass() the scoped ptr then. And let's
.reset() it after it's passed to __sanitizer_sandbox_on_notify().

This will serve as documentation of how ownership of the pointer works and also
guard against any future use of that pointer by mistake.

[jln (very slow on Chromium), 2014/05/14 23:27:41]

err, no need to .reset() manually, it will happen automatically once this
function returns.

[earthdok, 2014/05/20 16:53:57]

Making this accessor .Pass() the pointer is incorrect if we want to keep using
it to set structure members in ZygoteMain() and gpu::StartSandboxLinux().

I've added a reset() call.

 #endif
 
 #if !defined(NDEBUG)