// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/renderer/renderer_main_platform_delegate.h"

#include "base/command_line.h"
#include "base/logging.h"
#include "content/public/common/content_switches.h"

#ifdef USE_SECCOMP_BPF
#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#endif

namespace content {

RendererMainPlatformDelegate::RendererMainPlatformDelegate(
    const MainFunctionParams& parameters)
    : parameters_(parameters) {
}

RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
}

void RendererMainPlatformDelegate::PlatformInitialize() {
}

void RendererMainPlatformDelegate::PlatformUninitialize() {
}

bool RendererMainPlatformDelegate::EnableSandbox() {
#ifdef USE_SECCOMP_BPF
  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
          switches::kEnableSeccompFilterSandbox)) {
    return true;
  }
  if (!sandbox::SandboxBPF::SupportsSeccompSandbox(
          sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED)) {
    LOG(WARNING) << "Seccomp-BPF sandbox enabled without kernel support. "
                 << "Ignoring flag and proceeding without seccomp sandbox.";
    return true;
  }

  sandbox::SandboxBPF sandbox(new SandboxBPFBasePolicyAndroid());
  CHECK(
      sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::MULTI_THREADED));
#endif
  return true;
}

}  // namespace content