Call SetApplicationIsDaemon() in V2 sandbox.

content/renderer/renderer_main_platform_delegate_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
 
 #include <Carbon/Carbon.h>
 #import <Cocoa/Cocoa.h>
 #include <objc/runtime.h>
 #include <stdint.h>
 
+#include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/sys_string_conversions.h"
 #include "content/common/sandbox_init_mac.h"
 #include "content/common/sandbox_mac.h"
 #include "content/public/common/content_switches.h"
+#include "sandbox/mac/seatbelt.h"
+
+extern "C" {
+void CGSSetDenyWindowServerConnections(bool);
+void CGSShutdownServerConnections();
+OSStatus SetApplicationIsDaemon(Boolean isDaemon);
+};
 
 namespace content {
 
 namespace {
 
+// This disconnects from the window server, and then indicates that Chrome
+// should continue execution without access to launchservicesd.
+void DisconnectWindowServer() {
+  // Now disconnect from WindowServer, after all objects have been warmed up.
+  // Shutting down the connection requires connecting to WindowServer,
+  // so do this before actually engaging the sandbox. This may cause two log
+  // messages to be printed to the system logger on certain OS versions.
+  CGSSetDenyWindowServerConnections(true);
+  CGSShutdownServerConnections();
+  // Allow the process to continue without a LaunchServices ASN. The
+  // INIT_Process function in HIServices will abort if it cannot connect to
+  // launchservicesd to get an ASN. By setting this flag, HIServices skips
+  // that.
+  SetApplicationIsDaemon(true);
+}
+
 // You are about to read a pretty disgusting hack. In a static initializer,
 // CoreFoundation decides to connect with cfprefsd(8) using Mach IPC. There is
 // no public way to close this Mach port after-the-fact, nor a way to stop it
 // from happening since it is done pre-main in dyld. But the address of the
 // CFMachPort can be found in the run loop's string description. Below, that
 // address is parsed, cast, and then used to invalidate the Mach port to
 // disable communication with cfprefsd.
 void DisconnectCFNotificationCenter() {
   base::ScopedCFTypeRef<CFStringRef> run_loop_description(
       CFCopyDescription(CFRunLoopGetCurrent()));
@@ skipping 85 matching lines @@
     [NSThread detachNewThreadSelector:@selector(length)
                              toTarget:string
                            withObject:nil];
   }
 }
 
 void RendererMainPlatformDelegate::PlatformUninitialize() {
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
-  // Enable the sandbox.
-  bool sandbox_initialized = InitializeSandbox();
+  bool sandbox_initialized = sandbox::Seatbelt::IsSandboxed();
+
+  // If the sandbox is already engaged, just disconnect from the window server.
+  if (sandbox_initialized) {
+    DisconnectWindowServer();
+  } else {
+    sandbox_initialized = InitializeSandboxWithPostWarmupHook(
+        base::BindOnce(&DisconnectWindowServer));
+  }
 
   // The sandbox is now engaged. Make sure that the renderer has not connected
   // itself to Cocoa.
   CHECK(NSApp == nil);
 
   DisconnectCFNotificationCenter();
 
   return sandbox_initialized;
 }
 
 }  // namespace content