Fully remove the hole in the Mac Sandbox that was used to support...

chrome/common/sandbox_mac.mm

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/sandbox_mac.h"
 
 #include "base/debug_util.h"
 
 #import <Cocoa/Cocoa.h>
 extern "C" {
@@ skipping 237 matching lines @@
   // passed in.
   if (sandbox_type != SANDBOX_TYPE_UTILITY) {
     DCHECK(allowed_dir.empty())
         << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter.";
   }
   // We use a custom sandbox definition file to lock things down as
   // tightly as possible.
   // TODO(jeremy): Look at using include syntax to unify common parts of sandbox
   // definition files.
   NSString* sandbox_config_filename = nil;
-  bool allow_nacl_lines = false;
   switch (sandbox_type) {
     case SANDBOX_TYPE_RENDERER:
       sandbox_config_filename = @"renderer";
       break;
     case SANDBOX_TYPE_WORKER:
       sandbox_config_filename = @"worker";
       break;
     case SANDBOX_TYPE_UTILITY:
       sandbox_config_filename = @"utility";
       break;
-    case SANDBOX_TYPE_NACL_PLUGIN:
-      // The Native Client plugin is a standard renderer sandbox with some
-      // additional lines to support use of Unix sockets.
-      // TODO(msneck): Remove the use of Unix sockets from Native Client and
-      // then remove the associated rules from chrome/renderer/renderer.sb.
-      // See http://code.google.com/p/nativeclient/issues/detail?id=344
-      sandbox_config_filename = @"renderer";
-      allow_nacl_lines = true;
-      break;
     case SANDBOX_TYPE_NACL_LOADER:
       // The Native Client loader is used for safeguarding the user's
       // untrusted code within Native Client.
-      // TODO(msneck): Remove the use of Unix sockets from Native Client and
-      // then decide on an appropriate sandbox type for the untrusted code.
-      // This might simply mean removing the Unix socket rules from
-      // chrome/browser/nacl_loader.sb or it might mean sharing the
-      // sandbox configuration with SANDBOX_TYPE_WORKER.
-      // See http://code.google.com/p/nativeclient/issues/detail?id=344
       sandbox_config_filename = @"nacl_loader";
       break;
     default:
       NOTREACHED();
       return false;
   }
 
   // Read in the sandbox profile and the common prefix file.
   NSString* common_sandbox_prefix_path =
       [mac_util::MainAppBundle() pathForResource:@"common"
@@ skipping 29 matching lines @@
 
   // Enable verbose logging if enabled on the command line.
   // (see renderer.sb for details).
   const CommandLine *command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(switches::kEnableSandboxLogging)) {
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";ENABLE_LOGGING"
                                   withString:@""];
   }
 
-  // Enable Native Client lines if they are allowed.
-  if (allow_nacl_lines) {
-    sandbox_data = [sandbox_data
-        stringByReplacingOccurrencesOfString:@";NACL"
-                                  withString:@""];
-  }
-
   if (!allowed_dir.empty()) {
     // The sandbox only understands "real" paths.  This resolving step is
     // needed so the caller doesn't need to worry about things like /var
     // being a link to /private/var (like in the paths CreateNewTempDirectory()
     // returns).
     FilePath allowed_dir_canonical(allowed_dir);
     GetCanonicalSandboxPath(&allowed_dir_canonical);
 
     std::string allowed_dir_escaped;
     if (!QuoteStringForRegex(allowed_dir_canonical.value(),
@@ skipping 72 matching lines @@
   if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) {
     PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: "
                 << path->value();
     return;
   }
 
   *path = FilePath(canonical_path);
 }
 
 }  // namespace sandbox