Support DirectWrite with sandbox on

content/common/sandbox_win.cc

Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index aea586054e51329e97627abc203ac3cfdb7f2b06..e2c9e8f1408a86e9177ae2b8b9d3c7a219706981 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -309,6 +309,17 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
   if (result != sandbox::SBOX_ALL_OK)
     return false;
 
+  // XXX: This is in the wrong place, it should only apply to the renderer.

[scottmg, 2014/03/21 23:04:06]

This needs to be made renderer-only rather than in generic.

[Will Harris, 2014/03/21 23:55:47]

suggested location below around 657

+  base::FilePath directory;
+  if (!PathService::Get(base::DIR_WINDOWS_FONTS, &directory))
+    return false;
+  directory.Append(FILE_PATH_LITERAL("\\*"));
+  result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                           sandbox::TargetPolicy::FILES_ALLOW_READONLY,
+                           directory.value().c_str());
+  if (result != sandbox::SBOX_ALL_OK)
+    return false;
+
   // Add the policy for debug message only in debug
 #ifndef NDEBUG
   base::FilePath app_dir;