mac: Make the (10.6-only) sandbox hole for the components build smaller

content/common/sandbox_mac.h

Index: content/common/sandbox_mac.h
diff --git a/content/common/sandbox_mac.h b/content/common/sandbox_mac.h
index 60c94ed93994a831b2ed0f274d0dddf4735676b5..225df07085d1b776de4fdc3a568261f0f8969f5f 100644
--- a/content/common/sandbox_mac.h
+++ b/content/common/sandbox_mac.h
@@ -125,6 +125,10 @@ class CONTENT_EXPORT Sandbox {
                   std::string *final_sandbox_profile_str);
 
  private:
+  // Returns an (allow file-read-metadata) rule for |allowed_path| and all its
+  // parent directories.
+  static NSString* AllowMetadataForPath(const FilePath& allowed_path);
+
   // Escape |src_utf8| for use in a plain string variable in a sandbox
   // configuraton file.  On return |dst| is set to the quoted output.
   // Returns: true on success, false otherwise.
@@ -148,7 +152,7 @@ class CONTENT_EXPORT Sandbox {
   // Convert provided path into a "canonical" path matching what the Sandbox
   // expects i.e. one without symlinks.
   // This path is not necessarily unique e.g. in the face of hardlinks.
-  static void GetCanonicalSandboxPath(FilePath* path);
+  static FilePath GetCanonicalSandboxPath(const FilePath& path);
 
   FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);
   FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);