Add --enable-seccomp-filter-sandbox to about:flags on Android.

content/renderer/renderer_main_platform_delegate_android.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "content/public/common/content_switches.h"
 
@@ skipping 17 matching lines @@
 
 void RendererMainPlatformDelegate::PlatformUninitialize() {
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
 #ifdef USE_SECCOMP_BPF
   if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kEnableSeccompFilterSandbox)) {
     return true;
   }
+  if (!sandbox::SandboxBPF::SupportsSeccompSandbox(

[jln (very slow on Chromium), 2014/11/26 22:29:55]

This is especially problematic since we don't have a chrome://sandbox on
Android.

I imagine you don't want this to be fatal because there wouldn't be an easy way
to revert the flag?

[Robert Sesek, 2014/11/26 22:32:25]

Right, if about:flags weren't WebUI I wouldn't have done this.

[no sievers, 2014/11/26 23:35:11]

Yea you'd have to go to Settings -> Apps and erase the app user data.

+          sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) {
+    LOG(WARNING) << "Seccomp-BPF sandbox enabled without kernel support. "

[jln (very slow on Chromium), 2014/11/26 22:29:55]

LOG(ERROR) at least?

+                 << "Ignoring flag and proceeding without seccomp sandbox.";
+    return true;
+  }
 
   sandbox::SandboxBPF sandbox;
   sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
   CHECK(
       sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED));
 #endif
   return true;
 }
 
 }  // namespace content