Reland "macOS V2 Sandbox: Report correct sandbox profile for nacl-loader."

This is a reland of 6d83f4b9

Original change's description:
> macOS V2 Sandbox: Report correct sandbox profile for nacl-loader.
>
> The nacl loader process, used only on macOS, currently tries to load an
> invalid profile type under the V2 sandbox. This loads the correct type.
>
> Bug: 892554
> Change-Id: I7b2733db426e3c91181b1f375d791d2918ac6763
> Reviewed-on: https://chromium-review.googlesource.com/c/1268671
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Reviewed-by: Derek Schuff <dschuff@chromium.org>
> Reviewed-by: Greg Kerr <kerrnel@chromium.org>
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Commit-Queue: Greg Kerr <kerrnel@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#598380}

TBR: rsesek@chromium.org,dschuff@chromium.org,tsepez@chromium.org

Bug: 892554
Change-Id: Ic9cd4da3a17f2a6d36b3ed7145762baf22d8c7f4
Reviewed-on: https://chromium-review.googlesource.com/c/1279201Reviewed-by: Derek Schuff <dschuff@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599391}

components/nacl/loader/DEPS

@@ -9,6 +9,7 @@ include_rules = [
   "+sandbox/linux/services",
   "+sandbox/linux/suid",
   "+sandbox/linux/system_headers",
+  "+sandbox/mac",
   "+sandbox/sandbox_buildflags.h",
   "+sandbox/win/src",
   "+services/service_manager/sandbox",

components/nacl/loader/nacl_main_platform_delegate_mac.mm

@@ -6,13 +6,22 @@
 
 #import <Cocoa/Cocoa.h>
 
+#include "base/command_line.h"
 #include "base/logging.h"
 #include "components/nacl/common/nacl_switches.h"
 #include "content/public/common/sandbox_init.h"
+#include "sandbox/mac/seatbelt.h"
+#include "sandbox/mac/seatbelt_exec.h"
 #include "services/service_manager/sandbox/sandbox_type.h"
 
 void NaClMainPlatformDelegate::EnableSandbox(
     const content::MainFunctionParams& parameters) {
-  CHECK(content::InitializeSandbox(service_manager::SANDBOX_TYPE_NACL_LOADER))
-      << "Error initializing sandbox for " << switches::kNaClLoaderProcess;
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          sandbox::switches::kSeatbeltClientName)) {
+    // Make sure the sandbox is actually enabled if the V2 flag is present.
+    CHECK(sandbox::Seatbelt::IsSandboxed());
+  } else {
+    CHECK(content::InitializeSandbox(service_manager::SANDBOX_TYPE_NACL_LOADER))
+        << "Error initializing sandbox for " << switches::kNaClLoaderProcess;
+  }
 }

services/service_manager/sandbox/sandbox_type.cc

@@ -126,6 +126,11 @@ SandboxType SandboxTypeFromCommandLine(const base::CommandLine& command_line) {
   if (process_type == switches::kPpapiPluginProcess)
     return SANDBOX_TYPE_PPAPI;
 
+#if defined(OS_MACOSX)
+  if (process_type == switches::kNaClLoaderProcess)
+    return SANDBOX_TYPE_NACL_LOADER;
+#endif
+
   // This is a process which we don't know about.
   return SANDBOX_TYPE_INVALID;
 }

services/service_manager/sandbox/switches.cc

@@ -107,6 +107,7 @@ const char kEnableSandboxLogging[] = "enable-sandbox-logging";
 
 // Flags spied upon from other layers.
 const char kGpuProcess[] = "gpu-process";
+const char kNaClLoaderProcess[] = "nacl-loader";
 const char kPpapiBrokerProcess[] = "ppapi-broker";
 const char kPpapiPluginProcess[] = "ppapi";
 const char kRendererProcess[] = "renderer";

services/service_manager/sandbox/switches.h

@@ -59,6 +59,7 @@ SERVICE_MANAGER_SANDBOX_EXPORT extern const char kEnableSandboxLogging[];
 
 // Flags spied upon from other layers.
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kGpuProcess[];
+SERVICE_MANAGER_SANDBOX_EXPORT extern const char kNaClLoaderProcess[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiBrokerProcess[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kPpapiPluginProcess[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kRendererProcess[];