seccomp: simplify enable/disable logic

1) Only compile in seccomp code at all if it's on a platform we
intend to support (non-ChromeOS non-ARM non-Views Linux).
2) Move usage of seccomp code behind a define and usage of seccomp
flags into a function call.

The former helps catch bugs in the latter: it will be a link error
if I accidentally break the enable/disable logic in code.

Review URL: http://codereview.chromium.org/7519016

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94784 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 2 deletions

diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc
index b20caf9..6467f57 100644
--- a/content/renderer/renderer_main_platform_delegate_linux.cc
+++ b/content/renderer/renderer_main_platform_delegate_linux.cc
@@ -6,7 +6,14 @@
 
 #include "base/command_line.h"
 #include "content/common/content_switches.h"
+
+// This #ifdef logic must be kept in sync with zygote_main_linux.cc.
+// TODO(evan): this file doesn't do anything anyway, we should delete it.
+#if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) && \
+  !defined(__clang__) && !defined(OS_CHROMEOS) && !defined(TOOLKIT_VIEWS)
+#define SECCOMP_SANDBOX
 #include "seccompsandbox/sandbox.h"
+#endif
 
 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
     const MainFunctionParams& parameters)
@@ -34,8 +41,7 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
   //
   // The seccomp sandbox is started in the renderer.
   // http://code.google.com/p/seccompsandbox/
-#if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) && \
-    !defined(__clang__)
+#if defined(SECCOMP_SANDBOX)
   // N.b. SupportsSeccompSandbox() returns a cached result, as we already
   // called it earlier in the zygote. Thus, it is OK for us to not pass in
   // a file descriptor for "/proc".