Add the SeatbeltExec classes to facilitate the V2 sandbox.

sandbox/mac/sandbox_mac_compiler_v2_unittest.mm

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import <Foundation/Foundation.h>
 #import <IOSurface/IOSurface.h>
 
 #include <fcntl.h>
 #include <stdint.h>
 #include <sys/mman.h>
@@ skipping 17 matching lines @@
 // These tests are designed to begin testing the V2 style sandbox rules on the
 // bots, rendering the earliest possible test results on how the rules perform
 // consistently across all test bots and supported OS versions.
 class SandboxMacCompilerV2Test : public base::MultiProcessTest {};
 
 MULTIPROCESS_TEST_MAIN(V2ProfileProcess) {
   // Note: newlines are not necessary in the profile, but do make it easier to
   // print the profile out for debugging purposes.
   std::string profile =
       "(version 1)\n"
-      "(deny default)\n"
+      "(deny default (with no-log))\n"
       "(define allowed-dir \"ALLOWED_READ_DIR\")\n"
       "(define temp-file \"ALLOWED_TEMP_FILE\")\n"
       "(define is-pre-10_10 \"IS_PRE_10_10\")\n"
       "; Make it easier to drop (literal) once we stop supporting 10.9\n"
       "(define (path x) (literal x))\n"
       "(allow file-read-metadata (subpath \"/Applications\"))\n"
       "(allow file-read* (subpath (param allowed-dir)))\n"
       "(allow file-read-data (path \"/usr/share/zoneinfo/zone.tab\"))\n"
       "(allow file-write* (path (param temp-file)))\n"
       "(allow ipc-posix-shm-read-data (ipc-posix-name "
@@ skipping 79 matching lines @@
 TEST_F(SandboxMacCompilerV2Test, V2ProfileTest) {
   base::SpawnChildResult spawn_child = SpawnChild("V2ProfileProcess");
   ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
   EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
       TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
 }  // namespace sandbox