Revert of Define a bootstrap sandbox policy for renderer processes and enable it.

content/browser/bootstrap_sandbox_mac.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/bootstrap_sandbox_mac.h"
 
 #include "base/logging.h"
 #include "base/mac/mac_util.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
-#include "content/browser/mach_broker_mac.h"
 #include "content/common/sandbox_init_mac.h"
 #include "content/public/browser/browser_child_process_observer.h"
 #include "content/public/browser/child_process_data.h"
-#include "content/public/browser/notification_details.h"
-#include "content/public/browser/notification_observer.h"
-#include "content/public/browser/notification_registrar.h"
-#include "content/public/browser/notification_service.h"
-#include "content/public/browser/notification_types.h"
-#include "content/public/browser/render_process_host.h"
 #include "content/public/common/sandbox_type_mac.h"
 #include "sandbox/mac/bootstrap_sandbox.h"
 
 namespace content {
 
 namespace {
 
 // This class is responsible for creating the BootstrapSandbox global
 // singleton, as well as registering all associated policies with it.
-class BootstrapSandboxPolicy : public BrowserChildProcessObserver,
-                               public NotificationObserver {
+class BootstrapSandboxPolicy : public BrowserChildProcessObserver {
  public:
   static BootstrapSandboxPolicy* GetInstance();
 
   sandbox::BootstrapSandbox* sandbox() const {
     return sandbox_.get();
   }
 
   // BrowserChildProcessObserver:
   virtual void BrowserChildProcessHostDisconnected(
       const ChildProcessData& data) OVERRIDE;
   virtual void BrowserChildProcessCrashed(
       const ChildProcessData& data) OVERRIDE;
 
-  // NotificationObserver:
-  virtual void Observe(int type,
-                       const NotificationSource& source,
-                       const NotificationDetails& details) OVERRIDE;
-
  private:
   friend struct DefaultSingletonTraits<BootstrapSandboxPolicy>;
   BootstrapSandboxPolicy();
   virtual ~BootstrapSandboxPolicy();
 
   void RegisterSandboxPolicies();
-  void RegisterRendererPolicy();
-
-  void AddBaselinePolicy(sandbox::BootstrapSandboxPolicy* policy);
-
-  NotificationRegistrar notification_registrar_;
 
   scoped_ptr<sandbox::BootstrapSandbox> sandbox_;
 };
 
 BootstrapSandboxPolicy* BootstrapSandboxPolicy::GetInstance() {
   return Singleton<BootstrapSandboxPolicy>::get();
 }
 
 void BootstrapSandboxPolicy::BrowserChildProcessHostDisconnected(
       const ChildProcessData& data) {
   sandbox()->ChildDied(data.handle);
 }
 
 void BootstrapSandboxPolicy::BrowserChildProcessCrashed(
       const ChildProcessData& data) {
   sandbox()->ChildDied(data.handle);
 }
 
-void BootstrapSandboxPolicy::Observe(int type,
-                                     const NotificationSource& source,
-                                     const NotificationDetails& details) {
-  switch (type) {
-    case NOTIFICATION_RENDERER_PROCESS_CLOSED:
-      sandbox()->ChildDied(
-          Details<RenderProcessHost::RendererClosedDetails>(details)->handle);
-      break;
-    default:
-      NOTREACHED() << "Unexpected notification " << type;
-      break;
-  }
-}
-
 BootstrapSandboxPolicy::BootstrapSandboxPolicy()
     : sandbox_(sandbox::BootstrapSandbox::Create()) {
   CHECK(sandbox_.get());
   BrowserChildProcessObserver::Add(this);
-  notification_registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED,
-      NotificationService::AllBrowserContextsAndSources());
   RegisterSandboxPolicies();
 }
 
 BootstrapSandboxPolicy::~BootstrapSandboxPolicy() {
   BrowserChildProcessObserver::Remove(this);
 }
 
 void BootstrapSandboxPolicy::RegisterSandboxPolicies() {
-  RegisterRendererPolicy();
-}
-
-void BootstrapSandboxPolicy::RegisterRendererPolicy() {
-  sandbox::BootstrapSandboxPolicy policy;
-  AddBaselinePolicy(&policy);
-
-  // Permit font queries.
-  policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW);
-  policy.rules["com.apple.FontObjectsServer"] =
-      sandbox::Rule(sandbox::POLICY_ALLOW);
-
-  // Allow access to the windowserver. This is needed to get the colorspace
-  // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this
-  // should be plumbed over IPC instead <http://crbug.com/265709>.
-  policy.rules["com.apple.windowserver.active"] =
-      sandbox::Rule(sandbox::POLICY_ALLOW);
-
-  sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy);
-}
-
-void BootstrapSandboxPolicy::AddBaselinePolicy(
-    sandbox::BootstrapSandboxPolicy* policy) {
-  auto& rules = policy->rules;
-
-  // Allow the child to send its task port to the MachBroker.
-  rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW);
-
-  // Allow logging to the syslog.
-  rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW);
 }
 
 }  // namespace
 
 bool ShouldEnableBootstrapSandbox() {
-  return base::mac::IsOSMavericksOrEarlier();
+  return base::mac::IsOSMountainLionOrEarlier() ||
+         base::mac::IsOSMavericks();
 }
 
 sandbox::BootstrapSandbox* GetBootstrapSandbox() {
   return BootstrapSandboxPolicy::GetInstance()->sandbox();
 }
 
 }  // namespace content