Refactor OS X sandbox processing and audit sandbox files

Audited the sandbox files to enusre all rules are necessary and removed
any incorrect comments.

The OS X Sandbox code is refactored to get rid of all string processing
of the raw scheme code in the sandbox profiles. By using the ability to
pass parameters into sandbox profiles, the variable substitution logic
is performed by the scheme interpreter itself.

BUG=242704

Review URL: https://codereview.chromium.org/1186233004

Cr-Commit-Position: refs/heads/master@{#336610}

1 files changed, 4 insertions, 6 deletions

diff --git a/content/ppapi_plugin/ppapi.sb b/content/ppapi_plugin/ppapi.sb
index 9ef9d31..4493cc3 100644
--- a/content/ppapi_plugin/ppapi.sb
+++ b/content/ppapi_plugin/ppapi.sb
@@ -9,12 +9,10 @@
 ; *** The contents of content/common/common.sb are implicitly included here. ***
 
 ; Needed for Fonts.
-(allow file-read* (regex #"^/System/Library/Fonts($|/)"))  ; 10.5.6
-; 10.6 for loading fonts in the renderer.
-; on 10.5 this is needed for the PDF plugin.
+(allow file-read* (regex #"^/System/Library/Fonts($|/)"))
 (allow file-read* (regex #"^/Library/Fonts($|/)"))
-(allow mach-lookup (global-name "com.apple.FontObjectsServer"))  ; 10.5.6
-(allow mach-lookup (global-name "com.apple.FontServer"))  ; 10.6
+(allow mach-lookup (global-name "com.apple.FontObjectsServer"))
+(allow mach-lookup (global-name "com.apple.FontServer"))
 
 ; http://crbug.com/11269
-(allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts"))  ; 10.6
+(allow file-read* (subpath (user-homedir-path "/Library/Fonts")))