mac renderer sandbox cleanup:

- rename the mac platform delegate to be .mm so we can use cocoa in it.
- added the sandbox profile jeremy figured out.
- add the profile file to the project build.
- during renderer startup, check the process type and use our custom profile or
  the pure compute profile based on if we're a renderer or a unittest.
Review URL: http://codereview.chromium.org/21419

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9895 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 39 insertions, 6 deletions

diff --git a/chrome/renderer/renderer.sb b/chrome/renderer/renderer.sb
new file mode 100644
index 0000000..3b2a1fc
--- /dev/null
+++ b/chrome/renderer/renderer.sb
@@ -0,0 +1,15 @@
+;;
+;; Copyright (c) 2009 The Chromium Authors. All rights reserved.
+;; Use of this source code is governed by a BSD-style license that can be
+;; found in the LICENSE file.
+;;
+(version 1)
+(deny default)
+
+; Allow following symlinks
+(allow file-read-metadata)
+; Allow reading files out of /System/Library
+(allow file-read-data (regex #"^/System/Library"))
+
+; Needed for Fonts
+(allow mach-lookup (global-name "com.apple.FontObjectsServer"))
diff --git a/chrome/renderer/renderer_main_platform_delegate_mac.cc b/chrome/renderer/renderer_main_platform_delegate_mac.mm
index bf61141..388305d 100644
--- a/chrome/renderer/renderer_main_platform_delegate_mac.cc
+++ b/chrome/renderer/renderer_main_platform_delegate_mac.mm
@@ -6,12 +6,14 @@
 
 #include "base/debug_util.h"
 
-#include <ApplicationServices/ApplicationServices.h>
+#import <Foundation/Foundation.h>
+#import <ApplicationServices/ApplicationServices.h>
 extern "C" {
 #include <sandbox.h>
 }
 
 #include "base/sys_info.h"
+#include "chrome/common/chrome_switches.h"
 #include "third_party/WebKit/WebKit/mac/WebCoreSupport/WebSystemInterface.h"
 
 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
@@ -50,10 +52,6 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
 
-  // TODO(port): hack
-  // With the sandbox on we don't have fonts in WebKit!
-  return true;
-
   // This call doesn't work when the sandbox is enabled, the implementation
   // caches it's return value so we call it here and then future calls will
   // succeed.
@@ -63,8 +61,28 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
   // with the Sandbox enabled.
   base::SysInfo::CacheSysInfo();
 
+  // For the renderer, we give it a custom sandbox to lock down as tight as
+  // possible, but still be able to draw.  If we're not a renderer process, it
+  // usually means we're a unittest, so we use a pure compute sandbox instead.
+  
+  const char *sandbox_profile = kSBXProfilePureComputation;
+  uint64_t sandbox_flags = SANDBOX_NAMED;
+
+  if (parameters_.sandbox_info_.ProcessType() == switches::kRendererProcess) {
+    NSString* sandbox_profile_path =
+        [[NSBundle mainBundle] pathForResource:@"renderer" ofType:@"sb"];
+    BOOL is_dir = NO;
+    if (![[NSFileManager defaultManager] fileExistsAtPath:sandbox_profile_path
+                                              isDirectory:&is_dir] || is_dir) {
+      LOG(ERROR) << "Failed to find the sandbox profile on disk";
+      return false;
+    }
+    sandbox_profile = [sandbox_profile_path fileSystemRepresentation];
+    sandbox_flags = SANDBOX_NAMED_EXTERNAL;
+  }
+  
   char* error_buff = NULL;
-  int error = sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
+  int error = sandbox_init(sandbox_profile, sandbox_flags,
                            &error_buff);
   bool success = (error == 0 && error_buff == NULL);
   if (error == -1) {