Fix the sandbox to actually allow __NR_sched_getaffinity under ASan.

BUG=127536
Review URL: https://codereview.chromium.org/11434097

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@170883 0039d316-1c4b-4281-b951-d872f2087c98

content/common/sandbox_seccomp_bpf_linux.cc

@@ -1227,16 +1227,20 @@ ErrorCode BaselinePolicy(int sysno) {
   if (IsBaselinePolicyWatched(sysno)) {
     // Previously unseen syscalls. TODO(jln): some of these should
     // be denied gracefully right away.
-    return Sandbox::Trap(CrashSIGSYS_Handler, NULL);
+    return Sandbox::UnsafeTrap(CrashSIGSYS_Handler, NULL);
   }
   // In any other case crash the program with our SIGSYS handler
-  return Sandbox::Trap(CrashSIGSYS_Handler, NULL);
+  return Sandbox::UnsafeTrap(CrashSIGSYS_Handler, NULL);
 }
 
 // x86_64 only for now. Needs to be adapted and tested for i386/ARM.
 ErrorCode GpuProcessPolicy_x86_64(int sysno, void *) {
   switch(sysno) {
     case __NR_ioctl:
+#if defined(ADDRESS_SANITIZER)
+    // Allow to call sched_getaffinity under AddressSanitizer.
+    case __NR_sched_getaffinity:
+#endif
       return ErrorCode(ErrorCode::ERR_ALLOWED);
     case __NR_open:
       // Accelerated video decode is enabled by default only on Chrome OS.
@@ -1251,12 +1255,8 @@ ErrorCode GpuProcessPolicy_x86_64(int sysno, void *) {
         // Hook open() in the GPU process to allow opening /etc/drirc,
         // needed by Mesa.
         // The hook needs dup(), lseek(), and close() to be allowed.
-        return Sandbox::Trap(GpuOpenSIGSYS_Handler, NULL);
+        return Sandbox::UnsafeTrap(GpuOpenSIGSYS_Handler, NULL);
       }
-#if defined(ADDRESS_SANITIZER)
-    // Allow to call sched_getaffinity under AddressSanitizer.
-    case __NR_sched_getaffinity:
-#endif
     default:
       if (IsEventFd(sysno))
         return ErrorCode(ErrorCode::ERR_ALLOWED);