c640242894
This CL implements sandboxing for OnDeviceTranslation service on Linux. We allow `membarrier` syscall and reading "/sys/devices/system/cpu/possible" inside the sandboxed OnDeviceTranslation service process. Note: The sandboxed OnDeviceTranslation service will crash until https://crbug.com/369491267 is resolved. Bug: 340778819 Change-Id: I289294f35d55bb5dad6bcc0fba422b4077ae2ae7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5884817 Reviewed-by: Rakina Zata Amni <rakina@chromium.org> Commit-Queue: Tsuyoshi Horo <horo@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Matthew Denton <mpdenton@chromium.org> Cr-Commit-Position: refs/heads/main@{#1362827}