Revert of Add seccomp sandbox for non-SFI NaCl (https://codereview.chromium.org/196793023/)

Reason for revert:
Broke ASAN on main WF.

/b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: error: obj/base/libsanitizer_options.a(obj/base/debug/sanitizer_options.sanitizer_options.o): multiple definition of '__asan_default_options'
/b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: obj/components/nacl/loader/nacl_helper.nacl_helper_linux.o: previous definition here
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.

Original issue's description:
> Add seccomp sandbox for non-SFI NaCl
> 
> All syscalls except whitelisted ones will cause SIGSYS.
> 
> We test the sandbox with BPF_TEST and BPF_TEST_DEATH, which appropriately fork the process so the main process of the test will never enable the sandbox.
> 
> TEST=Our app works with this sandbox on i686 and ARM 
> TEST=Build chrome and nacl_helper on i686, x86-64, and ARM 
> TEST=./out/Release/components_unittests --gtest_filter='NaClNonSfi*'
>      # on i686, x86-64, and ARM
> TEST=SFI NaCl apps still work 
> TEST=trybots 
> BUG=359285
> 
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264383

TBR=mseaborn@chromium.org,wad@chromium.org,jochen@chromium.org,hamaji@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=359285

Review URL: https://codereview.chromium.org/240613003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@264384 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 8 insertions, 55 deletions

diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index 7b516f7..75f37c9 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -57,22 +57,6 @@
       ],
     },
     {
-      'target_name': 'sandbox_linux_test_utils',
-      'type': 'static_library',
-      'dependencies': [
-        '../testing/gtest.gyp:gtest',
-      ],
-      'include_dirs': [
-        '../..',
-      ],
-      'sources': [
-        'tests/test_utils.cc',
-        'tests/test_utils.h',
-        'tests/unit_tests.cc',
-        'tests/unit_tests.h',
-      ],
-    },
-    {
       # The main sandboxing test target.
       'target_name': 'sandbox_linux_unittests',
       'includes': [
diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi
index ffbf9c6..01db0e9 100644
--- a/sandbox/linux/sandbox_linux_test_sources.gypi
+++ b/sandbox/linux/sandbox_linux_test_sources.gypi
@@ -7,7 +7,6 @@
 {
   'dependencies': [
     'sandbox',
-    'sandbox_linux_test_utils',
     '../base/base.gyp:base',
     '../base/base.gyp:test_support_base',
     '../testing/gtest.gyp:gtest',
@@ -17,6 +16,10 @@
   ],
   'sources': [
     'tests/main.cc',
+    'tests/test_utils.cc',
+    'tests/test_utils.h',
+    'tests/unit_tests.cc',
+    'tests/unit_tests.h',
     'tests/unit_tests_unittest.cc',
     'services/broker_process_unittest.cc',
     'services/scoped_process_unittest.cc',
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
index 47c9989..4cefa4c 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -13,11 +13,6 @@
 #include "build/build_config.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 
-#define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure"
-#define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure"
-#define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure"
-#define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure"
-
 namespace {
 
 inline bool IsArchitectureX86_64() {
@@ -59,7 +54,7 @@ void PrintSyscallError(uint32_t sysno) {
     sysno_base10[i] = '0' + mod;
   }
   static const char kSeccompErrorPrefix[] =
-      __FILE__":**CRASHING**:" SECCOMP_MESSAGE_COMMON_CONTENT " in syscall ";
+      __FILE__":**CRASHING**:seccomp-bpf failure in syscall ";
   static const char kSeccompErrorPostfix[] = "\n";
   WriteToStdErr(kSeccompErrorPrefix, sizeof(kSeccompErrorPrefix) - 1);
   WriteToStdErr(sysno_base10, sizeof(sysno_base10));
@@ -100,7 +95,7 @@ intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
 
 intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) {
   static const char kSeccompCloneError[] =
-      __FILE__":**CRASHING**:" SECCOMP_MESSAGE_CLONE_CONTENT "\n";
+      __FILE__":**CRASHING**:clone() failure\n";
   WriteToStdErr(kSeccompCloneError, sizeof(kSeccompCloneError) - 1);
   // "flags" is the first argument in the kernel's clone().
   // Mark as volatile to be able to find the value on the stack in a minidump.
@@ -120,7 +115,7 @@ intptr_t SIGSYSCloneFailure(const struct arch_seccomp_data& args, void* aux) {
 intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args,
                             void* /* aux */) {
   static const char kSeccompPrctlError[] =
-      __FILE__":**CRASHING**:" SECCOMP_MESSAGE_PRCTL_CONTENT "\n";
+      __FILE__":**CRASHING**:prctl() failure\n";
   WriteToStdErr(kSeccompPrctlError, sizeof(kSeccompPrctlError) - 1);
   // Mark as volatile to be able to find the value on the stack in a minidump.
   volatile uint64_t option = args.args[0];
@@ -134,7 +129,7 @@ intptr_t SIGSYSPrctlFailure(const struct arch_seccomp_data& args,
 intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args,
                             void* /* aux */) {
   static const char kSeccompIoctlError[] =
-      __FILE__":**CRASHING**:" SECCOMP_MESSAGE_IOCTL_CONTENT "\n";
+      __FILE__":**CRASHING**:ioctl() failure\n";
   WriteToStdErr(kSeccompIoctlError, sizeof(kSeccompIoctlError) - 1);
   // Make "request" volatile so that we can see it on the stack in a minidump.
   volatile uint64_t request = args.args[1];
@@ -147,20 +142,4 @@ intptr_t SIGSYSIoctlFailure(const struct arch_seccomp_data& args,
     _exit(1);
 }
 
-const char* GetErrorMessageContentForTests() {
-  return SECCOMP_MESSAGE_COMMON_CONTENT;
-}
-
-const char* GetCloneErrorMessageContentForTests() {
-  return SECCOMP_MESSAGE_CLONE_CONTENT;
-}
-
-const char* GetPrctlErrorMessageContentForTests() {
-  return SECCOMP_MESSAGE_PRCTL_CONTENT;
-}
-
-const char* GetIoctlErrorMessageContentForTests() {
-  return SECCOMP_MESSAGE_IOCTL_CONTENT;
-}
-
 }  // namespace sandbox.
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
index b8f626a..0bada37 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
@@ -39,13 +39,6 @@ SANDBOX_EXPORT intptr_t
 SANDBOX_EXPORT intptr_t
     SIGSYSIoctlFailure(const struct arch_seccomp_data& args, void* aux);
 
-// Following four functions return substrings of error messages used
-// in the above four functions. They are useful in death tests.
-SANDBOX_EXPORT const char* GetErrorMessageContentForTests();
-SANDBOX_EXPORT const char* GetCloneErrorMessageContentForTests();
-SANDBOX_EXPORT const char* GetPrctlErrorMessageContentForTests();
-SANDBOX_EXPORT const char* GetIoctlErrorMessageContentForTests();
-
 }  // namespace sandbox.
 
 #endif  // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SIGSYS_HANDLERS_H_
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h
index 357e29c..cc3fc25 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.h
@@ -44,12 +44,6 @@ namespace sandbox {
 
 // Assertions are handled exactly the same as with a normal SANDBOX_TEST()
 #define BPF_ASSERT SANDBOX_ASSERT
-#define BPF_ASSERT_EQ(x, y) BPF_ASSERT((x) == (y))
-#define BPF_ASSERT_NE(x, y) BPF_ASSERT((x) != (y))
-#define BPF_ASSERT_LT(x, y) BPF_ASSERT((x) < (y))
-#define BPF_ASSERT_GT(x, y) BPF_ASSERT((x) > (y))
-#define BPF_ASSERT_LE(x, y) BPF_ASSERT((x) <= (y))
-#define BPF_ASSERT_GE(x, y) BPF_ASSERT((x) >= (y))
 
 // The "Aux" type is optional. We use an "empty" type by default, so that if
 // the caller doesn't provide any type, all the BPF_AUX related data compiles