Disable child process sandboxing on Fuchsia.

There are some issues that need to be worked out, such as sharing
resource files to embedder processes, before sandboxing will work
satisfactorily on Fuchsia. This CL disables sandboxing and logs a
soft NOTIMPLEMENTED() error when the browser attempts to launch one.

Bug: 750938
Change-Id: I7a0253a2c4532e79fd8158d23cd262779285cf6f
Reviewed-on: https://chromium-review.googlesource.com/701636Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Kevin Marshall <kmarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506910}

content/common/sandbox_policy_fuchsia.cc

@@ -15,10 +15,16 @@ namespace content {
 
 void UpdateLaunchOptionsForSandbox(service_manager::SandboxType type,
                                    base::LaunchOptions* options) {
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoSandbox))
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoSandbox)) {
     type = service_manager::SANDBOX_TYPE_NO_SANDBOX;
+  }
 
   if (type != service_manager::SANDBOX_TYPE_NO_SANDBOX) {
+    // TODO(750938): Implement sandboxed/isolated subprocess launching
+    //               once we implement a solution for accessing file resources
+    //               from sandboxed processes.
+    NOTIMPLEMENTED();
+
     options->clone_flags = LP_CLONE_FDIO_STDIO;
   } else {
     options->clone_flags = LP_CLONE_FDIO_NAMESPACE | LP_CLONE_DEFAULT_JOB |

content/renderer/renderer_main_platform_delegate_fuchsia.cc

@@ -16,7 +16,10 @@ void RendererMainPlatformDelegate::PlatformInitialize() {}
 void RendererMainPlatformDelegate::PlatformUninitialize() {}
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
-  return true;
+  // TODO(750938): Implement sandboxed/isolated subprocess launching,
+  // and perform some checks to ensure that sandboxing is effective.
+
+  return false;
 }
 
 }  // namespace content