Implement GetSandboxType() on all platforms and implement for all process types.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 193fb825402ee04941759fda1dfc8adf57013700..57731be4afd250ad8d0bf6fce214fc9cc4410f3d 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -84,6 +84,7 @@
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/chrome_version_info.h"
 #include "chrome/common/env_vars.h"
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/pepper_permission_util.h"
@@ -124,6 +125,7 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/child_process_host.h"
 #include "content/public/common/content_descriptors.h"
+#include "content/public/common/sandbox_type.h"
 #include "content/public/common/service_registry.h"
 #include "content/public/common/url_utils.h"
 #include "content/public/common/web_preferences.h"
@@ -2335,6 +2337,54 @@ const wchar_t* ChromeContentBrowserClient::GetResourceDllName() {
   return chrome::kBrowserResourcesDll;
 }
 
+base::string16 ChromeContentBrowserClient::GetAppContainerSidForSandboxType(
+    int sandbox_type) const {
+  base::string16 sid;
+
+#if defined(GOOGLE_CHROME_BUILD)
+  const chrome::VersionInfo::Channel channel =
+      chrome::VersionInfo::GetChannel();
+
+  // It's possible to have a SxS installation running at the same time as a
+  // non-SxS so isolate them from each other.
+  if (channel == chrome::VersionInfo::CHANNEL_CANARY) {
+    sid.assign(
+        L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+        L"924012150-");
+  } else {
+    sid.assign(
+        L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+        L"924012149-");
+  }
+#else
+  sid.assign(
+      L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+      L"924012148-");
+#endif
+
+  // TODO(wfh): Add support for more process types here. crbug.com/499523
+  switch (sandbox_type) {
+    case content::SANDBOX_TYPE_RENDERER:
+      return sid + L"129201922";
+    case content::SANDBOX_TYPE_UTILITY:
+      return base::string16();
+    case content::SANDBOX_TYPE_GPU:
+      return base::string16();
+    case content::SANDBOX_TYPE_PPAPI:
+      return sid + L"129201925";

[nasko, 2015/06/24 13:11:38]

nit: Since the PPAPI process isn't using the SID quite yet, let's have this
return empty string and put the real one in a CL with the PPAPI work.

[Will Harris, 2015/06/24 15:17:20]

Done.

+#if !defined(DISABLE_NACL)
+    case PROCESS_TYPE_NACL_LOADER:
+      return base::string16();
+    case PROCESS_TYPE_NACL_BROKER:
+      return base::string16();
+#endif
+    default:
+      NOTREACHED();
+  }
+
+  return base::string16();

[nasko, 2015/06/24 13:11:38]

NOTREACHED before the return? Could also be CHECK, as we don't expect to want to
allocate a SID but fail to do so and get to the end of the method, right?

[Will Harris, 2015/06/24 15:17:20]

Done.

+}
+
 void ChromeContentBrowserClient::PreSpawnRenderer(
     sandbox::TargetPolicy* policy,
     bool* success) {