Fixes font access in sandbox v2

1. Allows reading ~/Library/Fonts (bug 786777)
2. Allows downloaded font access (bug 662686)


Bug: 786777,662686
Test: See crbug.com/786777 (comment 0 and comment 17) and crbug.com/662686
Change-Id: I3734f38bc72d8324dc482849e5a4bcb3238b88e5
Reviewed-on: https://chromium-review.googlesource.com/784473
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519934}

services/service_manager/sandbox/mac/renderer_v2.sb

@@ -75,7 +75,8 @@
   (path (user-homedir-path "/.CFUserTextEncoding"))
   (path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist"))
   (path (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist"))
-  (regex (user-homedir-path #"/Library/Preferences/ByHost/.GlobalPreferences.*")))
+  (regex (user-homedir-path #"/Library/Preferences/ByHost/.GlobalPreferences.*"))
+  (subpath (user-homedir-path "/Library/Fonts")))
 
 ; Reads of /dev devices.
 (allow file-read-data
@@ -156,6 +157,11 @@
 (if (< os-version 1012)
   (allow mach-lookup (global-name "com.apple.FontServer")))
 
+; To allow accessing downloaded and other hidden fonts in
+; /System/Library/Asssets/com_apple_MobileAsset_Font*.
+; (https://crbug.com/662686)
+(allow file-read* (extension "com.apple.app-sandbox.read"))
+
 ; sysctl
 (if (= os-version 1009)
   (allow sysctl-read)