Remove flag --test-sandbox

content/renderer/renderer_main_platform_delegate_linux.cc

Index: content/renderer/renderer_main_platform_delegate_linux.cc
diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc
index bc9deec23a811a3dc69091fc6390cb473b202271..637aec233d19e3b7c3b9a548c984137766f5bee1 100644
--- a/content/renderer/renderer_main_platform_delegate_linux.cc
+++ b/content/renderer/renderer_main_platform_delegate_linux.cc
@@ -39,12 +39,6 @@ void RendererMainPlatformDelegate::PlatformInitialize() {
 void RendererMainPlatformDelegate::PlatformUninitialize() {
 }
 
-bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
-  // The sandbox is started in the zygote process: zygote_main_linux.cc
-  // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
-  return true;
-}
-
 bool RendererMainPlatformDelegate::EnableSandbox() {
   // The setuid sandbox is started in the zygote process: zygote_main_linux.cc
   // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
@@ -54,41 +48,4 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
   return true;
 }
 
-void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {

[jln (very slow on Chromium), 2014/05/20 02:29:11]

I really would like to keep this sanity check that the sandbox is working as
expected. The logic is really complicated and error-prone. Moreover, on Linux
we're dealing with a variety of kernels, libc versions etc that make life
harder.

Having a sanity check of the real status of the sandbox right before a renderer
starts is great.

For now, we could perhaps simply add this at the end of EnableSandbox() instead
(no need for |no_sandbox|)? I can then move it to InitializeSandbox() soon.

Are we sure we don't want to keep something similar on all platforms? Unit tests
will never have the same safety. This tests that someone didn't comment out
platform.EnableSandbox() by mistake as well.
How does Windows run sandboxing tests within a real renderer now? I have added a
comment to the bug as well.

[luken, 2014/05/28 19:19:39]

Done.

-  // The LinuxSandbox class requires going through initialization before
-  // GetStatus() and others can be used.  When we are not launched through the
-  // Zygote, this initialization will only happen in the renderer process if
-  // EnableSandbox() above is called, which it won't necesserily be.
-  // This only happens with flags such as --renderer-cmd-prefix which are
-  // for debugging.
-  if (no_sandbox)
-    return;
-
-  // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before
-  // any renderer has been started.
-  // Here, we test that the status of SeccompBpf in the renderer is consistent
-  // with what LinuxSandbox::GetStatus() said we would do.
-  class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
-  if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBPF) {
-    CHECK(linux_sandbox->seccomp_bpf_started());
-  }
-
-  // Under the setuid sandbox, we should not be able to open any file via the
-  // filesystem.
-  if (linux_sandbox->GetStatus() & kSandboxLinuxSUID) {
-    CHECK(!base::PathExists(base::FilePath("/proc/cpuinfo")));
-  }
-
-#if defined(__x86_64__)
-  // Limit this test to architectures where seccomp BPF is active in renderers.
-  if (linux_sandbox->seccomp_bpf_started()) {
-    errno = 0;
-    // This should normally return EBADF since the first argument is bogus,
-    // but we know that under the seccomp-bpf sandbox, this should return EPERM.
-    CHECK_EQ(fchmod(-1, 07777), -1);
-    CHECK_EQ(errno, EPERM);
-  }
-#endif  // __x86_64__
-}
-
 }  // namespace content