Unify the sandboxed vs. unsandboxed code paths more, for two reasons:

1) It seems dangerous to have developers and tests running different code
paths to production users.
2) It's needed for the new in-progress seccomp filter sandbox.
Review URL: https://chromiumcodereview.appspot.com/10082040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132472 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 13 deletions

diff --git a/content/browser/zygote_main_linux.cc b/content/browser/zygote_main_linux.cc
index 671c7ce99..db8039fb 100644
--- a/content/browser/zygote_main_linux.cc
+++ b/content/browser/zygote_main_linux.cc
@@ -854,6 +854,10 @@ static void PreSandboxInit() {
 
 #if !defined(CHROMIUM_SELINUX)
 static bool EnterSandbox() {
+  PreSandboxInit();
+  SkiaFontConfigSetImplementation(
+      new FontConfigIPC(kMagicSandboxIPCDescriptor));
+
   // The SUID sandbox sets this environment variable to a file descriptor
   // over which we can signal that we have completed our startup and can be
   // chrooted.
@@ -870,8 +874,6 @@ static bool EnterSandbox() {
       return false;
     const int fd = fd_long;
 
-    PreSandboxInit();
-
     static const char kMsgChrootMe = 'C';
     static const char kMsgChrootSuccessful = 'O';
 
@@ -894,9 +896,6 @@ static bool EnterSandbox() {
       return false;
     }
 
-    SkiaFontConfigSetImplementation(
-        new FontConfigIPC(kMagicSandboxIPCDescriptor));
-
 #if !defined(OS_OPENBSD)
     // Previously, we required that the binary be non-readable. This causes the
     // kernel to mark the process as non-dumpable at startup. The thinking was
@@ -924,14 +923,6 @@ static bool EnterSandbox() {
       }
     }
 #endif
-#if defined(SECCOMP_SANDBOX)
-  } else if (SeccompSandboxEnabled()) {
-    PreSandboxInit();
-    SkiaFontConfigSetImplementation(
-        new FontConfigIPC(kMagicSandboxIPCDescriptor));
-#endif
-  } else {
-    SkiaFontConfigUseDirectImplementation();
   }
 
   return true;