Load mac sandbox definitions from resources instead of the bundle.

content/common/sandbox_init_mac.cc

Index: content/common/sandbox_init_mac.cc
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc
index 86cf9e6737c12e68df3426431e1d6249aa1590b4..0e596892bfc75dcf20bb1f1c8905ff576c042152 100644
--- a/content/common/sandbox_init_mac.cc
+++ b/content/common/sandbox_init_mac.cc
@@ -12,14 +12,20 @@
 
 namespace content {
 
-bool InitializeSandbox() {
-  using sandbox::Sandbox;
+bool InitializeSandbox(int sandbox_type, const FilePath& allowed_dir) {
+  // Warm up APIs before turning on the sandbox.
+  sandbox::Sandbox::SandboxWarmup(sandbox_type);
+
+  // Actually sandbox the process.
+  return sandbox::Sandbox::EnableSandbox(sandbox_type, allowed_dir);
+}
 
+bool InitializeSandbox() {

[jeremy, 2011/11/23 07:02:17]

I think this would be a bit more readable if you split this function further:

void GetSandboxTypeFromCommandLine(int* sandboxtype, FilePath* allowed_dir);

Then InitializeSandbox becomes 3 lines...

[jochen (gone - plz use gerrit), 2011/11/23 10:57:28]

Done.

   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kNoSandbox))
     return true;
 
-  Sandbox::SandboxProcessType sandbox_process_type;
+  SandboxProcessType sandbox_process_type;
   FilePath allowed_dir;  // Empty by default.
 
   std::string process_type =
@@ -36,27 +42,24 @@ bool InitializeSandbox() {
       // this once this flag is removed.
       return true;
     } else {
-      sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;
+      sandbox_process_type = SANDBOX_TYPE_RENDERER;
     }
   } else if (process_type == switches::kUtilityProcess) {
     // Utility process sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;
+    sandbox_process_type = SANDBOX_TYPE_UTILITY;
     allowed_dir =
         command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);
   } else if (process_type == switches::kWorkerProcess) {
     // Worker process sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;
-  } else if (process_type == switches::kNaClLoaderProcess) {
-    // Native Client sel_ldr (user untrusted code) sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;
+    sandbox_process_type = SANDBOX_TYPE_WORKER;
   } else if (process_type == switches::kGpuProcess) {
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;
+    sandbox_process_type = SANDBOX_TYPE_GPU;
   } else if ((process_type == switches::kPluginProcess) ||
              (process_type == switches::kServiceProcess) ||
              (process_type == switches::kPpapiBrokerProcess)) {
     return true;
   } else if (process_type == switches::kPpapiPluginProcess) {
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;
+    sandbox_process_type = SANDBOX_TYPE_PPAPI;
   } else {
     // Failsafe: If you hit an unreached here, is your new process type in need
     // of sandboxing?
@@ -64,11 +67,7 @@ bool InitializeSandbox() {
     return true;
   }
 
-  // Warm up APIs before turning on the sandbox.
-  Sandbox::SandboxWarmup(sandbox_process_type);
-
-  // Actually sandbox the process.
-  return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);
+  return InitializeSandbox(sandbox_process_type, allowed_dir);
 }
 
 }  // namespace content