Implement the V2 sandbox in the process launcher.

content/browser/child_process_launcher_helper_mac.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/command_line.h"
+#include "base/feature_list.h"
 #include "base/memory/ptr_util.h"
 #include "base/path_service.h"
 #include "base/posix/global_descriptors.h"
 #include "content/browser/bootstrap_sandbox_manager_mac.h"
 #include "content/browser/child_process_launcher.h"
 #include "content/browser/child_process_launcher_helper.h"
 #include "content/browser/child_process_launcher_helper_posix.h"
 #include "content/browser/mach_broker_mac.h"
+#include "content/browser/sandbox_parameters_mac.h"
+#include "content/grit/content_resources.h"
+#include "content/public/browser/content_browser_client.h"
+#include "content/public/common/content_features.h"
+#include "content/public/common/content_paths.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/common/result_codes.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "mojo/edk/embedder/scoped_platform_handle.h"
 #include "sandbox/mac/bootstrap_sandbox.h"
 #include "sandbox/mac/pre_exec_delegate.h"
+#include "sandbox/mac/seatbelt_exec.h"
 
 namespace content {
 namespace internal {
 
 mojo::edk::ScopedPlatformHandle
 ChildProcessLauncherHelper::PrepareMojoPipeHandlesOnClientThread() {
   DCHECK_CURRENTLY_ON(client_thread_id_);
   return mojo::edk::ScopedPlatformHandle();
 }
 
@@ skipping 12 matching lines @@
 
 void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread(
     const FileMappedForLaunch& files_to_register,
     base::LaunchOptions* options) {
   // Convert FD mapping to FileHandleMappingVector.
   std::unique_ptr<base::FileHandleMappingVector> fds_to_map =
       files_to_register.GetMappingWithIDAdjustment(
           base::GlobalDescriptors::kBaseDescriptor);
 
   options->environ = delegate_->GetEnvironment();
+
+  if (base::FeatureList::IsEnabled(features::kMacV2Sandbox) &&
+      GetProcessType() == switches::kRendererProcess) {
+    seatbelt_exec_client_ = base::MakeUnique<sandbox::SeatbeltExecClient>();
+    base::StringPiece renderer_sb = GetContentClient()->GetDataResource(
+        IDR_RENDERER_SANDBOX_V2_PROFILE, ui::SCALE_FACTOR_NONE);
+    std::string profile = renderer_sb.as_string();
+
+    seatbelt_exec_client_->SetProfile(profile);
+
+    SetupRendererSandboxParameters(seatbelt_exec_client_.get());
+
+    int pipe = seatbelt_exec_client_->SendProfileAndGetFD();
+
+    base::FilePath helper_executable;
+    CHECK(PathService::Get(content::CHILD_PROCESS_EXE, &helper_executable));
+
+    fds_to_map->push_back(std::make_pair(pipe, pipe));
+
+    // Update the command line to enable the V2 sandbox and pass the
+    // communication FD to the helper executable.
+    command_line_->AppendSwitch(switches::kEnableV2Sandbox);
+    command_line_->AppendArg("--fd_mapping=" + std::to_string(pipe));
+  }
+
   // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below.
   options->fds_to_remap = fds_to_map.release();
 
   // Hold the MachBroker lock for the duration of LaunchProcess. The child will
   // send its task port to the parent almost immediately after startup. The Mach
   // message will be delivered to the parent, but updating the record of the
   // launch will wait until after the placeholder PID is inserted below. This
   // ensures that while the child process may send its port to the parent prior
   // to the parent leaving LaunchProcess, the order in which the record in
   // MachBroker is updated is correct.
@@ skipping 104 matching lines @@
 base::File OpenFileToShare(const base::FilePath& path,
                            base::MemoryMappedFile::Region* region) {
   // Not used yet (until required files are described in the service manifest on
   // Mac).
   NOTREACHED();
   return base::File();
 }
 
 }  //  namespace internal
 }  // namespace content