Revert 43086 - 1. Create a new sandbox type which allows access to Unix sockets in the Mac

renderer sandbox to support running Native Client.
2. Put the Native Client sel_ldr (which contains the user's untrusted code
into a new Mac sandbox type.
3. Open /dev/random in SandboxWarmup().
4. Remove the "nosandbox" flag when running Mac tests.

BUG=http://code.google.com/p/nativeclient/issues/detail?id=327
TEST=nacl_ui_tests still pass while running in the sandbox.
Review URL: http://codereview.chromium.org/1234003

TBR=msneck@google.com

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43093 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 12 deletions

diff --git a/chrome/common/sandbox_mac.h b/chrome/common/sandbox_mac.h
index cf2652d..a8a55b0 100644
--- a/chrome/common/sandbox_mac.h
+++ b/chrome/common/sandbox_mac.h
@@ -12,23 +12,12 @@ namespace sandbox {
 enum SandboxProcessType {
   SANDBOX_TYPE_RENDERER,
 
-  // The most restrictive sandbox has almost *everything* locked down.
-  // Only a couple of /System/Library/ paths and some other very basic
-  // operations (e.g., reading metadata to allow following symlinks)
-  // are permitted.
-  SANDBOX_TYPE_MOST_RESTRICTIVE,
-
-  // Worker process uses the most restrictive sandbox.
+  // Worker process has *everything* not needed for Cocoa locked down.
   SANDBOX_TYPE_WORKER,
 
   // Utility process is as restrictive as the worker process except full access
   // is allowed to one configurable directory.
   SANDBOX_TYPE_UTILITY,
-
-  // Native Client sandboxes. The plugin contains trusted code and the
-  // loader contains the user's untrusted code.
-  SANDBOX_TYPE_NACL_PLUGIN,
-  SANDBOX_TYPE_NACL_LOADER,
 };
 
 // Warm up System APIs that empirically need to be accessed before the Sandbox