Upstream version 7.36.149.0

[platform/framework/web/crosswalk.git] / src / content / renderer / renderer_main_platform_delegate_android.cc

diff --git a/src/content/renderer/renderer_main_platform_delegate_android.cc b/src/content/renderer/renderer_main_platform_delegate_android.cc
index 4a19706..a4de860 100644 (file)
--- a/src/content/renderer/renderer_main_platform_delegate_android.cc
+++ b/src/content/renderer/renderer_main_platform_delegate_android.cc
@@ -3,10 +3,17 @@
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
+
+#include "base/command_line.h"
 #include "base/logging.h"
+#include "content/public/common/content_switches.h"
+
+#ifdef USE_SECCOMP_BPF
+#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#endif
 
 #ifdef ENABLE_VTUNE_JIT_INTERFACE
-#include "content/public/common/content_switches.h"
 #include "v8/src/third_party/vtune/v8-vtune.h"
 #endif
 
@@ -36,6 +43,16 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
+#ifdef USE_SECCOMP_BPF
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableSeccompFilterSandbox)) {
+    return true;
+  }
+
+  sandbox::SandboxBPF sandbox;
+  sandbox.SetSandboxPolicy(new SandboxBPFBasePolicyAndroid());
+  CHECK(sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_MULTI_THREADED));
+#endif
   return true;
 }