Add flags for v2 sandbox to Chrome and Helper executable.

chrome/app/chrome_exe_main_mac.cc

Index: chrome/app/chrome_exe_main_mac.cc
diff --git a/chrome/app/chrome_exe_main_mac.cc b/chrome/app/chrome_exe_main_mac.cc
index f446f445864a359ec57e120b5163082fd180c878..c91126094e7ec6e2a0fcd09218a62b24a7f753ee 100644
--- a/chrome/app/chrome_exe_main_mac.cc
+++ b/chrome/app/chrome_exe_main_mac.cc
@@ -32,6 +32,12 @@ typedef int (*ChromeMainPtr)(int, char**);
 #if defined(HELPER_EXECUTABLE)
 // The command line parameter to engage the v2 sandbox.
 constexpr char v2_sandbox_arg[] = "--v2-sandbox";
+// The command line paramter indicating that the v2 sandbox is enabled. This
+// must be different than the "v2-sandbox" flag to avoid endless re-executing.
+// The flag tells the sandbox initialization code inside Chrome that the sandbox
+// should already be enabled.

[Charlie Reis, 2017/06/02 20:50:41]

Can you repeat this comment in content_switches.cc?  It's hard to understand why
both flags are needed there at the moment, without digging around.

[Greg K, 2017/06/02 23:59:02]

Done.

+// TODO(kerrnel): Remove this once the V2 sandbox migration is complete.
+constexpr char v2_sandbox_enabled_arg[] = "--v2-sandbox-enabled";
 // The command line parameter for the file descriptor used to receive the
 // sandbox policy.
 constexpr char fd_mapping_arg[] = "--fd_mapping=";
@@ -71,6 +77,10 @@ __attribute__((noreturn)) void SandboxExec(const char* exec_path,
       new_argv.push_back(argv[i]);
     }
   }
+  // Tell Chrome that the sandbox should already be enabled.
+  // Note that execv() is documented to treat the argv as constants, so the
+  // const_cast is safe.
+  new_argv.push_back(const_cast<char*>(v2_sandbox_enabled_arg));
   new_argv.push_back(nullptr);
 
   // The helper executable re-executes itself under the sandbox.