Linux sandbox: add behind-flag USR2 handler for crash debugging.

content/zygote/zygote_main_linux.cc

Index: content/zygote/zygote_main_linux.cc
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
index b77471a88d956a5fae66617ba90718fa4e187460..a8ad39488ae4791b6b2471d45bdb0b54596a0030 100644
--- a/content/zygote/zygote_main_linux.cc
+++ b/content/zygote/zygote_main_linux.cc
@@ -7,6 +7,7 @@
 #include <dlfcn.h>
 #include <fcntl.h>
 #include <pthread.h>
+#include <signal.h>
 #include <string.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ -64,6 +65,29 @@
 
 namespace content {
 
+namespace {
+
+void DoChrootSignalHandler(int) {
+  ignore_result(chroot("/"));

[mdempsky, 2014/09/19 23:07:46]

Do we want to do anything special if this returns? E.g., still crash/exit or do
you think it doesn't matter?

+}
+
+// This is a quick hack to allow testing sandbox crash reports in protection
+// binaries.
+// This installs a signal handler for SIGUSR2 that performs a chroot().
+// In most of our BPF policies, it is a "watched" system call which will
+// trigger a SIGSYS signal whose handler will crash.
+// This has been added during the investigation of https://crbug.com/415842.
+void InstallSandboxCrashTestHandler() {
+  struct sigaction act = {};
+  act.sa_handler = DoChrootSignalHandler;
+  CHECK_EQ(0, sigemptyset(&act.sa_mask));
+  act.sa_flags = 0;
+
+  PCHECK(0 == sigaction(SIGUSR2, &act, NULL));
+}
+
+}
+
 // See http://code.google.com/p/chromium/wiki/LinuxZygote
 
 static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output,
@@ -411,6 +435,8 @@ static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
       return false;
     }
   }
+
+  InstallSandboxCrashTestHandler();
 #endif
 
   return true;