Expose the sandbox related code through the content API. I did a bit of cleanup while I was doing...

content/common/sandbox_init_win.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/common/sandbox_init_wrapper.h"
+#include "content/public/common/sandbox_init.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
+#include "content/common/sandbox_policy.h"
 #include "content/public/common/content_switches.h"
+#include "sandbox/src/sandbox.h"
+#include "sandbox/src/sandbox_types.h"
 
-void SandboxInitWrapper::SetServices(sandbox::SandboxInterfaceInfo* info) {
-  if (!info)
-    return;
-  if (info->legacy) {
-    // Looks like we are in the case when the new chrome.dll is being launched
-    // by the old chrome.exe, the old chrome exe has SandboxInterfaceInfo as a
-    // union, while now we have a struct.
-    // TODO(cpu): Remove this nasty hack after M10 release.
-    broker_services_ = reinterpret_cast<sandbox::BrokerServices*>(info->legacy);
-    target_services_ = reinterpret_cast<sandbox::TargetServices*>(info->legacy);
-  } else {
-    // Normal case, both the exe and the dll are the same version. Both
-    // interface pointers cannot be non-zero. A process can either be a target
-    // or a broker but not both.
-    broker_services_ = info->broker_services;
-    target_services_ = info->target_services;
-    DCHECK(!(target_services_ && broker_services_));
+namespace content {
+
+bool InitializeSandbox(
+    sandbox::SandboxInterfaceInfo* sandbox_info) {
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  std::string process_type =
+      command_line.GetSwitchValueASCII(switches::kProcessType);
+  if (process_type.empty() || process_type == switches::kNaClBrokerProcess) {
+    // IMPORTANT: This piece of code needs to run as early as possible in the
+    // process because it will initialize the sandbox broker, which requires the
+    // process to swap its window station. During this time all the UI will be
+    // broken. This has to run before threads and windows are created.
+    sandbox::BrokerServices* broker_services = sandbox_info->broker_services;
+    if (broker_services) {
+      sandbox::InitBrokerServices(broker_services);
+      if (!command_line.HasSwitch(switches::kNoSandbox)) {
+        bool use_winsta = !command_line.HasSwitch(
+            switches::kDisableAltWinstation);
+        // Precreate the desktop and window station used by the renderers.
+        sandbox::TargetPolicy* policy = broker_services->CreatePolicy();
+        sandbox::ResultCode result = policy->CreateAlternateDesktop(use_winsta);
+        CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result);
+        policy->Release();
+      }
+    }
+    return true;
   }
-}
 
-bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line,
-                                           const std::string& process_type) {
   if (command_line.HasSwitch(switches::kNoSandbox))
     return true;
+
+  sandbox::TargetServices* target_services = sandbox_info->target_services;
   if ((process_type == switches::kRendererProcess) ||
       (process_type == switches::kWorkerProcess) ||
       (process_type == switches::kNaClLoaderProcess) ||
       (process_type == switches::kUtilityProcess)) {
     // The above five process types must be sandboxed unless --no-sandbox
     // is present in the command line.
-    if (!target_services_)
+    if (!target_services)
       return false;
   } else {
     // Other process types might or might not be sandboxed.
     // TODO(cpu): clean this mess.
-    if (!target_services_)
+    if (!target_services)
       return true;
   }
-  return (sandbox::SBOX_ALL_OK == target_services_->Init());
+  return (sandbox::SBOX_ALL_OK == target_services->Init());
 }
+
+}  // namespace content