$OpenBSD: patch-content_app_content_main_runner_cc,v 1.18 2018/08/11 16:22:42 robert Exp $

Index: content/app/content_main_runner.cc
--- content/app/content_main_runner.cc.orig
+++ content/app/content_main_runner.cc
@@ -84,17 +84,17 @@
 #include "base/posix/global_descriptors.h"
 #include "content/public/common/content_descriptors.h"
 
-#if !defined(OS_MACOSX)
+#if !defined(OS_MACOSX) && !defined(OS_BSD)
 #include "content/public/common/zygote_fork_delegate_linux.h"
 #endif
-#if !defined(OS_MACOSX) && !defined(OS_ANDROID)
+#if !defined(OS_MACOSX) && !defined(OS_ANDROID) && !defined(OS_BSD)
 #include "content/zygote/zygote_main.h"
 #include "sandbox/linux/services/libc_interceptor.h"
 #endif
 
 #endif  // OS_POSIX
 
-#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(OS_BSD)
 #include "base/native_library.h"
 #include "base/rand_util.h"
 #include "content/common/font_config_ipc_linux.h"
@@ -141,19 +141,30 @@
 #include "content/utility/in_process_utility_thread.h"
 #endif
 
-#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+#if BUILDFLAG(USE_ZYGOTE_HANDLE) || defined(OS_OPENBSD)
 #include "content/browser/sandbox_host_linux.h"
+#if !defined(OS_OPENBSD)
 #include "content/browser/zygote_host/zygote_communication_linux.h"
 #include "content/browser/zygote_host/zygote_host_impl_linux.h"
+#endif
 #include "content/public/common/common_sandbox_support_linux.h"
+#if !defined(OS_OPENBSD)
 #include "content/public/common/zygote_handle.h"
+#endif
 #include "media/base/media_switches.h"
 #endif
 
+#if defined(OS_BSD)
+#include "base/sys_info.h"
+#include "content/public/common/common_sandbox_support_linux.h"
+#include "content/public/common/sandbox_init.h"
+#include "services/service_manager/sandbox/linux/sandbox_linux.h"
+#endif
+
 namespace content {
 extern int GpuMain(const content::MainFunctionParams&);
 #if BUILDFLAG(ENABLE_PLUGINS)
-#if !defined(OS_LINUX)
+#if !defined(OS_LINUX) && !defined(OS_BSD)
 extern int PluginMain(const content::MainFunctionParams&);
 #endif
 extern int PpapiPluginMain(const MainFunctionParams&);
@@ -332,7 +343,7 @@ void InitializeZygoteSandboxForBrowserProcess(
 }
 #endif  // BUILDFLAG(USE_ZYGOTE_HANDLE)
 
-#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(OS_BSD)
 
 #if BUILDFLAG(ENABLE_PLUGINS)
 // Loads the (native) libraries but does not initialize them (i.e., does not
@@ -371,7 +382,7 @@ void PreloadLibraryCdms() {
 }
 #endif  // BUILDFLAG(ENABLE_LIBRARY_CDMS)
 
-#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+#if BUILDFLAG(USE_ZYGOTE_HANDLE) || defined(OS_BSD)
 void PreSandboxInit() {
 #if defined(ARCH_CPU_ARM_FAMILY)
   // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor
@@ -379,9 +390,12 @@ void PreSandboxInit() {
   CRYPTO_library_init();
 #endif
 
+// arc4random
+#if !defined(OS_OPENBSD)
   // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes
   // will work inside the sandbox.
   RAND_set_urandom_fd(base::GetUrandomFD());
+#endif
 
 #if BUILDFLAG(ENABLE_PLUGINS)
   // Ensure access to the Pepper plugins before the sandbox is turned on.
@@ -395,6 +409,11 @@ void PreSandboxInit() {
   InitializeWebRtcModule();
 #endif
 
+#if defined(OS_BSD)
+  // "cache" the amount of physical memory before pledge(2)
+  base::SysInfo::AmountOfPhysicalMemoryMB();
+#endif
+
   SkFontConfigInterface::SetGlobal(new FontConfigIPC(GetSandboxFD()))->unref();
 
   // Set the android SkFontMgr for blink. We need to ensure this is done
@@ -614,6 +633,11 @@ int RunNamedProcessTypeMain(
 
   RegisterMainThreadFactories();
 
+#if defined(OS_OPENBSD)
+  if (!process_type.empty())
+    PreSandboxInit();
+#endif
+
   for (size_t i = 0; i < arraysize(kMainFunctions); ++i) {
     if (process_type == kMainFunctions[i].name) {
       if (delegate) {
@@ -702,7 +726,7 @@ class ContentMainRunnerImpl : public ContentMainRunner
         kFieldTrialDescriptor + base::GlobalDescriptors::kBaseDescriptor);
 #endif  // !OS_ANDROID
 
-#if defined(OS_LINUX) || defined(OS_OPENBSD)
+#if defined(OS_LINUX)
     g_fds->Set(kCrashDumpSignal,
                kCrashDumpSignal + base::GlobalDescriptors::kBaseDescriptor);
 #endif  // OS_LINUX || OS_OPENBSD
@@ -876,6 +900,16 @@ class ContentMainRunnerImpl : public ContentMainRunner
     } else {
       if (!InitializeSandbox())
         return TerminateForFatalInitializationError();
+    }
+#endif
+
+#if defined(OS_OPENBSD)
+    if (process_type.empty()) {
+      service_manager::SandboxLinux::Options sandbox_options;
+      service_manager::SandboxLinux::GetInstance()->InitializeSandbox(
+          service_manager::SandboxTypeFromCommandLine(
+              *base::CommandLine::ForCurrentProcess()),
+          service_manager::SandboxLinux::PreSandboxHook(), sandbox_options);
     }
 #endif
 
