Load mac sandbox definitions from resources instead of the bundle.

Also, move all mac sandbox unittests to content

BUG=90443
TEST=content_unittests

Review URL: http://codereview.chromium.org/8589001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@111614 0039d316-1c4b-4281-b951-d872f2087c98

11 files changed, 55 insertions, 15 deletions

diff --git a/chrome/app/chrome_main_delegate.cc b/chrome/app/chrome_main_delegate.cc
index 380e0553..c015c0b 100644
--- a/chrome/app/chrome_main_delegate.cc
+++ b/chrome/app/chrome_main_delegate.cc
@@ -282,8 +282,12 @@ bool SubprocessNeedsResourceBundle(const std::string& process_type) {
       process_type == switches::kZygoteProcess ||
 #endif
 #if defined(OS_MACOSX)
-      // Mac needs them to for scrollbar related images.
+      // Mac needs them too for scrollbar related images and for sandbox
+      // profiles.
       process_type == switches::kWorkerProcess ||
+      process_type == switches::kNaClLoaderProcess ||
+      process_type == switches::kPpapiPluginProcess ||
+      process_type == switches::kPpapiBrokerProcess ||
 #endif
       process_type == switches::kRendererProcess ||
       process_type == switches::kUtilityProcess;
@@ -607,7 +611,10 @@ void ChromeMainDelegate::PreSandboxStartup() {
     // sources.  The language should have been passed in to us from the
     // browser process as a command line flag.
     DCHECK(command_line.HasSwitch(switches::kLang) ||
-           process_type == switches::kZygoteProcess);
+           process_type == switches::kZygoteProcess ||
+           process_type == switches::kNaClLoaderProcess ||
+           process_type == switches::kPpapiBrokerProcess ||
+           process_type == switches::kPpapiPluginProcess);
 
     // TODO(markusheintz): The command line flag --lang is actually processed
     // by the CommandLinePrefStore, and made available through the PrefService
diff --git a/chrome/browser/browser_resources.grd b/chrome/browser/browser_resources.grd
index a9e39bd..630f21a 100644
--- a/chrome/browser/browser_resources.grd
+++ b/chrome/browser/browser_resources.grd
@@ -167,9 +167,6 @@
       <if expr="pp_ifdef('chromeos') and pp_ifdef('_google_chrome')">
         <include name="IDR_HELP_MANIFEST" file="resources\help_app\manifest.json" type="BINDATA" />
       </if>
-      <if expr="pp_ifdef('is_macosx')">
-        <include name="IDR_NACL_SANDBOX_DEFINITION" file="nacl_loader.sb" type="BINDATA" />
-      </if>
     </includes>
   </release>
 </grit>
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index b4c09eb..e696465 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -4447,9 +4447,6 @@
               '$(SDKROOT)/System/Library/Frameworks/QuartzCore.framework',
               '$(SDKROOT)/System/Library/Frameworks/SecurityInterface.framework',
             ],
-            'mac_bundle_resources': [
-              'browser/nacl_loader.sb',
-            ],
           },
           'dependencies': [
             '../content/content.gyp:closure_blocks_leopard_compat',
diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi
index 3f2f4871..ed15ce2 100644
--- a/chrome/chrome_common.gypi
+++ b/chrome/chrome_common.gypi
@@ -76,6 +76,7 @@
         'common/chrome_notification_types.h',
         'common/chrome_plugin_messages.h',
         'common/chrome_result_codes.h',
+        'common/chrome_sandbox_type_mac.h',
         'common/chrome_utility_messages.h',
         'common/chrome_version_info.cc',
         'common/chrome_version_info_linux.cc',
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi
index 4ed0c4c..c6a5917 100644
--- a/chrome/chrome_tests.gypi
+++ b/chrome/chrome_tests.gypi
@@ -2011,11 +2011,6 @@
         'tools/convert_dict/convert_dict_unittest.cc',
         '../content/browser/tab_contents/navigation_controller_unittest.cc',
         '../content/browser/tab_contents/render_view_host_manager_unittest.cc',
-        '../content/common/sandbox_mac_diraccess_unittest.mm',
-        '../content/common/sandbox_mac_fontloading_unittest.mm',
-        '../content/common/sandbox_mac_unittest_helper.h',
-        '../content/common/sandbox_mac_unittest_helper.mm',
-        '../content/common/sandbox_mac_system_access_unittest.mm',
         '../testing/gtest_mac_unittest.mm',
         '../third_party/cld/encodings/compact_lang_det/compact_lang_det_unittest_small.cc',
         '../ui/views/test/test_views_delegate.cc',
diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
index 9c8ca65..da07553 100644
--- a/chrome/common/chrome_content_client.cc
+++ b/chrome/common/chrome_content_client.cc
@@ -21,6 +21,7 @@
 #include "chrome/common/render_messages.h"
 #include "chrome/default_plugin/plugin_main.h"
 #include "content/public/common/pepper_plugin_info.h"
+#include "grit/common_resources.h"
 #include "remoting/client/plugin/pepper_entrypoints.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
@@ -30,6 +31,8 @@
 
 #if defined(OS_WIN)
 #include "sandbox/src/sandbox.h"
+#elif defined(OS_MACOSX)
+#include "chrome/common/chrome_sandbox_type_mac.h"
 #endif
 
 namespace {
@@ -399,4 +402,17 @@ bool ChromeContentClient::SandboxPlugin(CommandLine* command_line,
 }
 #endif
 
+#if defined(OS_MACOSX)
+bool ChromeContentClient::GetSandboxProfileForSandboxType(
+    int sandbox_type,
+    int* sandbox_profile_resource_id) const {
+  DCHECK(sandbox_profile_resource_id);
+  if (sandbox_type == CHROME_SANDBOX_TYPE_NACL_LOADER) {
+    *sandbox_profile_resource_id = IDR_NACL_SANDBOX_PROFILE;
+    return true;
+  }
+  return false;
+}
+#endif
+
 }  // namespace chrome
diff --git a/chrome/common/chrome_content_client.h b/chrome/common/chrome_content_client.h
index 6c252e1..d925c34 100644
--- a/chrome/common/chrome_content_client.h
+++ b/chrome/common/chrome_content_client.h
@@ -33,6 +33,12 @@ class ChromeContentClient : public content::ContentClient {
   virtual bool SandboxPlugin(CommandLine* command_line,
                              sandbox::TargetPolicy* policy) OVERRIDE;
 #endif
+
+#if defined(OS_MACOSX)
+  virtual bool GetSandboxProfileForSandboxType(
+      int sandbox_type,
+      int* sandbox_profile_resource_id) const OVERRIDE;
+#endif
 };
 
 }  // namespace chrome
diff --git a/chrome/common/chrome_sandbox_type_mac.h b/chrome/common/chrome_sandbox_type_mac.h
new file mode 100644
index 0000000..86aafef
--- /dev/null
+++ b/chrome/common/chrome_sandbox_type_mac.h
@@ -0,0 +1,17 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_COMMON_CHROME_SANDBOX_TYPE_MAC_H_
+#define CHROME_COMMON_CHROME_SANDBOX_TYPE_MAC_H_
+#pragma once
+
+#include "content/public/common/sandbox_type_mac.h"
+
+enum ChromeSandboxType {
+  CHROME_SANDBOX_TYPE_FIRST_TYPE = content::SANDBOX_TYPE_AFTER_LAST_TYPE,
+
+  CHROME_SANDBOX_TYPE_NACL_LOADER = CHROME_SANDBOX_TYPE_FIRST_TYPE,
+};
+
+#endif  // CHROME_COMMON_CHROME_SANDBOX_TYPE_MAC_H_
diff --git a/chrome/common/common_resources.grd b/chrome/common/common_resources.grd
index 619b92e..63c7a54 100644
--- a/chrome/common/common_resources.grd
+++ b/chrome/common/common_resources.grd
@@ -14,6 +14,9 @@
       <include name="IDR_I18N_TEMPLATE_JS" file="..\browser\resources\shared\js\i18n_template.js" type="BINDATA" />
       <include name="IDR_JSTEMPLATE_JS" file="..\browser\resources\shared\js\jstemplate_compiled.js" flattenhtml="true" type="BINDATA" />
       <include name="IDR_WEB_APP_SCHEMA" file="web_app_schema.json" type="BINDATA" />
+      <if expr="is_macosx">
+        <include name="IDR_NACL_SANDBOX_PROFILE" file="nacl_loader.sb" type="BINDATA" />
+      </if>
     </includes>
   </release>
 </grit>
diff --git a/chrome/browser/nacl_loader.sb b/chrome/common/nacl_loader.sb
index e881afe..e881afe 100644
--- a/chrome/browser/nacl_loader.sb
+++ b/chrome/common/nacl_loader.sb
diff --git a/chrome/nacl/nacl_main_platform_delegate_mac.mm b/chrome/nacl/nacl_main_platform_delegate_mac.mm
index 6e3121e..b818ce7 100644
--- a/chrome/nacl/nacl_main_platform_delegate_mac.mm
+++ b/chrome/nacl/nacl_main_platform_delegate_mac.mm
@@ -9,6 +9,7 @@
 #include "base/file_path.h"
 #include "base/logging.h"
 #include "base/native_library.h"
+#include "chrome/common/chrome_sandbox_type_mac.h"
 #include "chrome/common/chrome_switches.h"
 #include "content/common/sandbox_mac.h"
 #include "content/public/common/sandbox_init.h"
@@ -55,8 +56,8 @@ void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
 }
 
 void NaClMainPlatformDelegate::EnableSandbox() {
-  CHECK(content::InitializeSandbox()) << "Error initializing sandbox for "
-                                      << switches::kNaClLoaderProcess;
+  CHECK(content::InitializeSandbox(CHROME_SANDBOX_TYPE_NACL_LOADER, FilePath()))
+      << "Error initializing sandbox for " << switches::kNaClLoaderProcess;
 }
 
 bool NaClMainPlatformDelegate::RunSandboxTests() {