https://chromiumcodereview.appspot.com/11612014/ and https://chromiumcodereview.appspot.com/11618010/ up for review.

The sum of these allow us to compile on Android. Unfortunately we had to replicate part of Android-missing headers.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=173954

------------------------------------------------------------------------
r173954 | jln@chromium.org | 2012-12-19T18:26:18.599693Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf.h?r1=173954&r2=173953&pathrev=173954
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall_unittest.cc?r1=173954&r2=173953&pathrev=173954
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/syscall.cc?r1=173954&r2=173953&pathrev=173954
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/sandbox.gyp?r1=173954&r2=173953&pathrev=173954
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=173954&r2=173953&pathrev=173954
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc?r1=173954&r2=173953&pathrev=173954

Linux sandbox: compile partially under Android.

Get a subset of sandbox/linux to compile under Android.

BUG= 166704 
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11612014
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174070

------------------------------------------------------------------------
r174070 | jln@chromium.org | 2012-12-20T01:28:52.778494Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf.h?r1=174070&r2=174069&pathrev=174070
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_arm_ucontext.h?r1=174070&r2=174069&pathrev=174070
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=174070&r2=174069&pathrev=174070
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc?r1=174070&r2=174069&pathrev=174070
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf.cc?r1=174070&r2=174069&pathrev=174070

Linux Sandbox: get everything to compile on Android.

We define our own android_arm_ucontext.h file since
signal.h doesn't define ucontext_t on Android.

BUG= 166704 
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/11618010
------------------------------------------------------------------------

sandbox_linux_unittests pretty much all passed with a few minor bugs in the test themselves which palmer and I have now fixed (https://chromiumcodereview.appspot.com/11647024/).

Next step is to get sandbox_linux_unittests to run automatically on the bots.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174116

------------------------------------------------------------------------
r174116 | palmer@chromium.org | 2012-12-20T07:56:53.490545Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc?r1=174116&r2=174115&pathrev=174116
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/broker_process_unittest.cc?r1=174116&r2=174115&pathrev=174116

Update Linux sandbox tests to pass on Android.

BUG= 166704 
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/11647024
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174193

------------------------------------------------------------------------
r174193 | jln@chromium.org | 2012-12-20T18:46:09.479830Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/all_android.gyp?r1=174193&r2=174192&pathrev=174193

Android: compile sandbox_linux_unittests

Note: tests that require kernel seccomp-bpf support to do
anything will just pass if kernel support is lacking.

BUG= 166704 
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/11639036
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174244

------------------------------------------------------------------------
r174244 | jln@chromium.org | 2012-12-20T21:18:30.367241Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=174244&r2=174243&pathrev=174244

Fix Android x86 build with a quick hack.


BUG= 166704 
TBR=markus
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/11649044
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174727

------------------------------------------------------------------------
r174727 | jln@chromium.org | 2012-12-28T09:59:55.360873Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/buildbot/buildbot_functions.sh?r1=174727&r2=174726&pathrev=174727

Add sandbox_linux_unittests to Android FYI bots.


BUG= 166704 
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11674008
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=175695

------------------------------------------------------------------------
r175695 | jln@chromium.org | 2013-01-09T03:40:26.352793Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/buildbot/buildbot_functions.sh?r1=175695&r2=175694&pathrev=175695
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/run_tests.py?r1=175695&r2=175694&pathrev=175695

Android: enable sandbox_linux_unittests by default.

Move sandbox_linux_unittests away from the FYI bots and enable them
by default.

BUG= 166704 
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11828008
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=175711

------------------------------------------------------------------------
r175711 | ilevy@chromium.org | 2013-01-09T05:15:01.084794Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/run_tests.py?r1=175711&r2=175710&pathrev=175711
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/buildbot/bb_tests.py?r1=175711&r2=175710&pathrev=175711

Move sandbox_linux_unittests back to FYI bots

4 tests are failing to run.
http://build.chromium.org/p/chromium.linux/builders/Android%20Tests%20%28dbg%29/builds/6093/steps/sandbox_linux_unittests/logs/stdio

They were passing on FYI bot but kicking until we figure out why they
are failing here.

BUG= 166704 
TBR=jln

Review URL: https://codereview.chromium.org/11826019
------------------------------------------------------------------------

Isaac: I don't see any error in this log. What's happening?

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=176254

------------------------------------------------------------------------
r176254 | jln@chromium.org | 2013-01-11T03:36:12.704011Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/pylib/gtest/gtest_config.py?r1=176254&r2=176253&pathrev=176254

Android: upgrade sandbox_linux_unitests to a stable test


BUG= 166704 
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11783106
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=176269

------------------------------------------------------------------------
r176269 | ilevy@chromium.org | 2013-01-11T05:39:42.105001Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/android/pylib/gtest/gtest_config.py?r1=176269&r2=176268&pathrev=176269

Revert 176254
> Android: upgrade sandbox_linux_unitests to a stable test
> 
> 
> BUG= 166704 
> NOTRY=true
> 
> Review URL: https://chromiumcodereview.appspot.com/11783106

Tests are flaky and closed the tree again...

TBR=jln@chromium.org
Review URL: https://codereview.chromium.org/11860004
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=177321

------------------------------------------------------------------------
r177321 | jln@chromium.org | 2013-01-17T02:43:23.110295Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_arm_ucontext.h?r1=177321&r2=177320&pathrev=177321
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_ucontext.h?r1=177321&r2=177320&pathrev=177321
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=177321&r2=177320&pathrev=177321
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf.cc?r1=177321&r2=177320&pathrev=177321
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_x86_ucontext.h?r1=177321&r2=177320&pathrev=177321

Android: create a generic android_ucontext.h

We now have a generic android_ucontext.h that should work on both
ARM and X86.

Note: if this needs to be reverted on X86, please only revert
the GYP file and send me the error message.

(Thanks to Yin Fengwei for his related work in
https://chromiumcodereview.appspot.com/11639038/)

BUG= 166704 
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11971028
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=177371

------------------------------------------------------------------------
r177371 | jln@chromium.org | 2013-01-17T09:26:33.726565Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=177371&r2=177370&pathrev=177371

Android: remove x86 from sandbox/linux once again.


BUG= 166704 
TBR=markus
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/11958035
------------------------------------------------------------------------

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=177542

------------------------------------------------------------------------
r177542 | jln@chromium.org | 2013-01-18T00:13:38.316392Z

Changed paths:
   A http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_i386_ucontext.h?r1=177542&r2=177541&pathrev=177542
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_arm_ucontext.h?r1=177542&r2=177541&pathrev=177542
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_ucontext.h?r1=177542&r2=177541&pathrev=177542
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/sandbox_linux.gypi?r1=177542&r2=177541&pathrev=177542
   D http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/services/android_x86_ucontext.h?r1=177542&r2=177541&pathrev=177542

Android make sandbox/linux/seccomp-bpf compile on i386


BUG= 166704 
NOTRY=true


Review URL: https://chromiumcodereview.appspot.com/12025004
------------------------------------------------------------------------

Robert is now is owner of this.

------------------------------------------------------------------
r263017 | rsesek@chromium.org | 2014-04-10T17:04:34.294042Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/common/content_switches.h?r1=263017&r2=263016&pathrev=263017
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/OWNERS?r1=263017&r2=263016&pathrev=263017
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/renderer/renderer_main_platform_delegate_android.cc?r1=263017&r2=263016&pathrev=263017
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_process_host_impl.cc?r1=263017&r2=263016&pathrev=263017
   A http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/android?r1=263017&r2=263016&pathrev=263017
   A http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc?r1=263017&r2=263016&pathrev=263017
   A http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h?r1=263017&r2=263016&pathrev=263017
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/content_common.gypi?r1=263017&r2=263016&pathrev=263017
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/common/content_switches.cc?r1=263017&r2=263016&pathrev=263017

[Android] Define a baseline seccomp-bpf sandbox policy.

This is not used in production yet, since Android kernels do not have seccomp
mode two support, yet.

BUG= 308763 ,  166704 

Review URL: https://codereview.chromium.org/180783019
-----------------------------------------------------------------

------------------------------------------------------------------
r263107 | zhenyu.liang@intel.com | 2014-04-10T22:46:07.143080Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc?r1=263107&r2=263106&pathrev=263107

Fixes for sandbox unit tests on Android

In bionic, open, access and dup2 are wrappers of openat, faccessat and dup3 instead of real syscalls.

BUG= 166704 

Review URL: https://codereview.chromium.org/226923003
-----------------------------------------------------------------

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a30ebba811bf0ec710193473bc9b7b26ce3c09fc

commit a30ebba811bf0ec710193473bc9b7b26ce3c09fc
Author: rsesek <rsesek@chromium.org>
Date: Mon Dec 01 21:55:54 2014

Add --enable-seccomp-filter-sandbox to about:flags on Android.

This also actually defines USE_SECCOMP_BPF in //content/renderer so the
sandbox can be turned on for real.

BUG= 166704 
R=jln@chromium.org

Review URL: https://codereview.chromium.org/759403002

Cr-Commit-Position: refs/heads/master@{#306263}

[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/chrome/app/generated_resources.grd
[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/chrome/browser/about_flags.cc
[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/content/content_renderer.gypi
[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/content/public/common/content_switches.h
[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/content/renderer/renderer_main_platform_delegate_android.cc
[modify] http://crrev.com/a30ebba811bf0ec710193473bc9b7b26ce3c09fc/tools/metrics/histograms/histograms.xml

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d1b63a26471e4c3ac8acd12276010b79affc26a

commit 0d1b63a26471e4c3ac8acd12276010b79affc26a
Author: rsesek <rsesek@chromium.org>
Date: Thu Dec 04 21:29:01 2014

[Android] Get renderers working again under seccomp-bpf.

Android 5.0 added some additional prctl()s that are used by the framework. This
also permits __NR_set_tid_address and fstat().

BUG= 437067 , 166704 
R=jln@chromium.org

Review URL: https://codereview.chromium.org/775943004

Cr-Commit-Position: refs/heads/master@{#306895}

[modify] http://crrev.com/0d1b63a26471e4c3ac8acd12276010b79affc26a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
[modify] http://crrev.com/0d1b63a26471e4c3ac8acd12276010b79affc26a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f36de642ae5dc210de4543252198c0cf2c960fc5

commit f36de642ae5dc210de4543252198c0cf2c960fc5
Author: rsesek <rsesek@chromium.org>
Date: Thu May 19 20:46:31 2016

[Android] Permit __NR_msync under the seccomp sandbox.

BUG= 166704 ,591884
R=jln@chromium.org

Review-Url: https://codereview.chromium.org/1988303003
Cr-Commit-Position: refs/heads/master@{#394853}

[modify] https://crrev.com/f36de642ae5dc210de4543252198c0cf2c960fc5/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/29172b46e7a0e89f892a52fde8145238b70893dc

commit 29172b46e7a0e89f892a52fde8145238b70893dc
Author: rsesek <rsesek@chromium.org>
Date: Wed Dec 07 21:40:18 2016

Add fieldtrial_testing_config.json entry for SeccompSandboxAndroid.

BUG= 166704 

Review-Url: https://codereview.chromium.org/2552323004
Cr-Commit-Position: refs/heads/master@{#437068}

[modify] https://crrev.com/29172b46e7a0e89f892a52fde8145238b70893dc/testing/variations/fieldtrial_testing_config.json

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f4a66e3215736c4df4e10ad5868b7c7174c6778f

commit f4a66e3215736c4df4e10ad5868b7c7174c6778f
Author: rsesek <rsesek@chromium.org>
Date: Fri Mar 17 15:29:38 2017

Make SeccompSandboxAndroid feature enabled by default.

BUG= 166704 

Review-Url: https://codereview.chromium.org/2748393002
Cr-Commit-Position: refs/heads/master@{#457773}

[modify] https://crrev.com/f4a66e3215736c4df4e10ad5868b7c7174c6778f/content/public/common/content_features.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/253f8c677519fd6e6700047a2b08a09bb438c694

commit 253f8c677519fd6e6700047a2b08a09bb438c694
Author: Robert Sesek <rsesek@chromium.org>
Date: Thu Jun 01 20:59:10 2017

[Android] Only warn about existing SIGSYS handlers pre-O.

Bug:  166704 
Change-Id: I3f95a10ea12e1155272a0d3213e1cc0eb4c7a607
Reviewed-on: https://chromium-review.googlesource.com/521388
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Alexandre Elias <aelias@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#476432}
[modify] https://crrev.com/253f8c677519fd6e6700047a2b08a09bb438c694/content/renderer/renderer_main_platform_delegate_android.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e6ce90df55d5e491197c37ec9403267b917cddd9

commit e6ce90df55d5e491197c37ec9403267b917cddd9
Author: Robert Sesek <rsesek@chromium.org>
Date: Mon Jun 05 19:07:09 2017

Remove the feature flag for Seccomp-BPF on Android.

The feature experiment has launched to 100% and is no longer needed.

Bug:  166704 
Change-Id: I6fab725e6789d623a881a5bed4d6b42216c0677c
Reviewed-on: https://chromium-review.googlesource.com/521927
Reviewed-by: Alexei Svitkine <asvitkine@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#477048}
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/chrome/browser/about_flags.cc
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/chrome/browser/flag_descriptions.cc
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/chrome/browser/flag_descriptions.h
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/content/public/common/content_features.cc
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/content/public/common/content_features.h
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/content/renderer/renderer_main_platform_delegate_android.cc
[modify] https://crrev.com/e6ce90df55d5e491197c37ec9403267b917cddd9/testing/variations/fieldtrial_testing_config.json

With the release of Chrome 58 on Android, the seccomp-bpf sandbox is enabled by default for all compatible devices.