Load mac sandbox definitions from resources instead of the bundle.

content/common/sandbox_init_mac.cc

Index: content/common/sandbox_init_mac.cc
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc
index 86cf9e6737c12e68df3426431e1d6249aa1590b4..59dc055096c3fd8bd26ea3778228cae8ab4f4cb1 100644
--- a/content/common/sandbox_init_mac.cc
+++ b/content/common/sandbox_init_mac.cc
@@ -9,17 +9,28 @@
 #include "base/logging.h"
 #include "content/common/sandbox_mac.h"
 #include "content/public/common/content_switches.h"
+#include "grit/content_resources.h"
 
 namespace content {
 
-bool InitializeSandbox() {
+bool InitializeSandbox(int sandbox_definition_resource_id) {

[jeremy, 2011/11/17 13:36:11]

I would refactor this into 3 functions:
InitializeSandbox(sandbox_type, filepath)
ReadSandboxDefsFromCommandLine(sandbox_type*,fiepath*) <- not happy with this
name, feel free to pick a better one.
InitializeSandboxFromCommandLine() which calls the above 2 functions.

+  using sandbox::Sandbox;
+
+  // Warm up APIs before turning on the sandbox.
+  Sandbox::SandboxWarmup(sandbox_definition_resource_id);
+
+  // Actually sandbox the process.
+  return Sandbox::EnableSandbox(sandbox_definition_resource_id, FilePath());
+}
+
+bool InitializeSandboxFromProcessType() {
   using sandbox::Sandbox;
 
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kNoSandbox))
     return true;
 
-  Sandbox::SandboxProcessType sandbox_process_type;
+  int sandbox_definition_resource_id;
   FilePath allowed_dir;  // Empty by default.
 
   std::string process_type =
@@ -36,27 +47,24 @@ bool InitializeSandbox() {
       // this once this flag is removed.
       return true;
     } else {
-      sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;
+      sandbox_definition_resource_id = IDR_RENDERER_SANDBOX_DEFINITION;
     }
   } else if (process_type == switches::kUtilityProcess) {
     // Utility process sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;
+    sandbox_definition_resource_id = IDR_UTILITY_SANDBOX_DEFINITION;
     allowed_dir =
         command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);
   } else if (process_type == switches::kWorkerProcess) {
     // Worker process sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;
-  } else if (process_type == switches::kNaClLoaderProcess) {
-    // Native Client sel_ldr (user untrusted code) sandbox.
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;
+    sandbox_definition_resource_id = IDR_WORKER_SANDBOX_DEFINITION;
   } else if (process_type == switches::kGpuProcess) {
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;
+    sandbox_definition_resource_id = IDR_GPU_SANDBOX_DEFINITION;
   } else if ((process_type == switches::kPluginProcess) ||
              (process_type == switches::kServiceProcess) ||
              (process_type == switches::kPpapiBrokerProcess)) {
     return true;
   } else if (process_type == switches::kPpapiPluginProcess) {
-    sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;
+    sandbox_definition_resource_id = IDR_PPAPI_SANDBOX_DEFINITION;
   } else {
     // Failsafe: If you hit an unreached here, is your new process type in need
     // of sandboxing?
@@ -65,10 +73,10 @@ bool InitializeSandbox() {
   }
 
   // Warm up APIs before turning on the sandbox.
-  Sandbox::SandboxWarmup(sandbox_process_type);
+  Sandbox::SandboxWarmup(sandbox_definition_resource_id);
 
   // Actually sandbox the process.
-  return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);
+  return Sandbox::EnableSandbox(sandbox_definition_resource_id, allowed_dir);
 }
 
 }  // namespace content