1. Create a new sandbox type which allows access to Unix sockets in the Mac

renderer sandbox to support running Native Client.
2. Put the Native Client sel_ldr (which contains the user's untrusted code)
into a new Mac sandbox type.
3. Open /dev/random in SandboxWarmup().
4. Remove the "--nosandbox" flag when running Mac tests.

See http://codereview.chromium.org/1234003/show which was reverted because of
problems on Mac 10.6. This change is identical except for the ";NACL" lines
in the *.sb files. I've removed the 10.6-specific sandbox commands and used
the generic commands that work on 10.5 and 10.6. I will work on adding the
10.6-specific commands in a different change list.

BUG=http://code.google.com/p/nativeclient/issues/detail?id=327
TEST=nacl_ui_tests still pass while running in the sandbox.

Review URL: http://codereview.chromium.org/1525005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43253 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 1 deletions

diff --git a/chrome/common/sandbox_mac.h b/chrome/common/sandbox_mac.h
index a8a55b0..c8ef4c3 100644
--- a/chrome/common/sandbox_mac.h
+++ b/chrome/common/sandbox_mac.h
@@ -12,12 +12,20 @@ namespace sandbox {
 enum SandboxProcessType {
   SANDBOX_TYPE_RENDERER,
 
-  // Worker process has *everything* not needed for Cocoa locked down.
+  // The worker processes uses the most restrictive sandbox which has almost
+  // *everything* locked down. Only a couple of /System/Library/ paths and
+  // some other very basic operations (e.g., reading metadata to allow
+  // following symlinks) are permitted.
   SANDBOX_TYPE_WORKER,
 
   // Utility process is as restrictive as the worker process except full access
   // is allowed to one configurable directory.
   SANDBOX_TYPE_UTILITY,
+
+  // Native Client sandboxes. The plugin contains trusted code and the
+  // loader contains the user's untrusted code.
+  SANDBOX_TYPE_NACL_PLUGIN,
+  SANDBOX_TYPE_NACL_LOADER,
 };
 
 // Warm up System APIs that empirically need to be accessed before the Sandbox