Fully remove the hole in the Mac Sandbox that was used to support

Native Client.  This removes the special sandbox commands as well
as all special code.

This CL replaces http://codereview.chromium.org/2881016/show which
was rolled back because of problems on Mac OS X 10.5.  Those problems
were addressed in Native Client and pulled into Chrome with a DEPS
file update in http://codereview.chromium.org/2881034/show which was
committed as Chrome revision 53711.

BUG=http://code.google.com/p/nativeclient/issues/detail?id=344
TEST=all tests pass, including nacl_ui_tests

Review URL: http://codereview.chromium.org/3077003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53936 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/nacl_loader.sb

@@ -12,14 +12,3 @@
 ; Allow a Native Client application to use semaphores, specifically
 ; sem_init(), et.al.
 (allow ipc-posix-sem)
-
-; Needed for the Native Client plugin and loader.
-; TODO(msneck): Refactor Native Client to use something other than Unix
-; sockets.
-; See http://code.google.com/p/nativeclient/issues/detail?id=344
-;BEFORE_10.6 (allow network-inbound (from unix-socket))
-;BEFORE_10.6 (allow network-outbound (to unix-socket))
-;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-"))
-;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-"))
-;10.6_ONLY (allow network-bind (local ip4))
-;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))

chrome/common/sandbox_init_wrapper_mac.cc

@@ -26,14 +26,6 @@ bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line,
       // platform because the sandbox is initialized later. Remove
       // this once this flag is removed.
       return true;
-    } else if (command_line.HasSwitch(switches::kInternalNaCl)) {
-      // Renderer process sandbox. If --internal_nacl is present then use the
-      // version of the renderer sandbox which allows Native Client to use Unix
-      // sockets.
-      // TODO(msneck): Remove the use of Unix sockets from Native Client and
-      // then get rid of the SANDBOX_TYPE_NACL_PLUGIN enum.
-      // See http://code.google.com/p/nativeclient/issues/detail?id=344
-      sandbox_process_type = sandbox::SANDBOX_TYPE_NACL_PLUGIN;
     } else {
       sandbox_process_type = sandbox::SANDBOX_TYPE_RENDERER;
     }

chrome/common/sandbox_mac.h

@@ -26,9 +26,7 @@ enum SandboxProcessType {
   // is allowed to one configurable directory.
   SANDBOX_TYPE_UTILITY,
 
-  // Native Client sandboxes. The plugin contains trusted code and the
-  // loader contains the user's untrusted code.
-  SANDBOX_TYPE_NACL_PLUGIN,
+  // Native Client sandbox for the user's untrusted code.
   SANDBOX_TYPE_NACL_LOADER,
 
   SANDBOX_AFTER_TYPE_LAST_TYPE,  // Placeholder to ease iteration.

chrome/common/sandbox_mac.mm

@@ -255,7 +255,6 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
   // TODO(jeremy): Look at using include syntax to unify common parts of sandbox
   // definition files.
   NSString* sandbox_config_filename = nil;
-  bool allow_nacl_lines = false;
   switch (sandbox_type) {
     case SANDBOX_TYPE_RENDERER:
       sandbox_config_filename = @"renderer";
@@ -266,24 +265,9 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
     case SANDBOX_TYPE_UTILITY:
       sandbox_config_filename = @"utility";
       break;
-    case SANDBOX_TYPE_NACL_PLUGIN:
-      // The Native Client plugin is a standard renderer sandbox with some
-      // additional lines to support use of Unix sockets.
-      // TODO(msneck): Remove the use of Unix sockets from Native Client and
-      // then remove the associated rules from chrome/renderer/renderer.sb.
-      // See http://code.google.com/p/nativeclient/issues/detail?id=344
-      sandbox_config_filename = @"renderer";
-      allow_nacl_lines = true;
-      break;
     case SANDBOX_TYPE_NACL_LOADER:
       // The Native Client loader is used for safeguarding the user's
       // untrusted code within Native Client.
-      // TODO(msneck): Remove the use of Unix sockets from Native Client and
-      // then decide on an appropriate sandbox type for the untrusted code.
-      // This might simply mean removing the Unix socket rules from
-      // chrome/browser/nacl_loader.sb or it might mean sharing the
-      // sandbox configuration with SANDBOX_TYPE_WORKER.
-      // See http://code.google.com/p/nativeclient/issues/detail?id=344
       sandbox_config_filename = @"nacl_loader";
       break;
     default:
@@ -333,13 +317,6 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
                                   withString:@""];
   }
 
-  // Enable Native Client lines if they are allowed.
-  if (allow_nacl_lines) {
-    sandbox_data = [sandbox_data
-        stringByReplacingOccurrencesOfString:@";NACL"
-                                  withString:@""];
-  }
-
   if (!allowed_dir.empty()) {
     // The sandbox only understands "real" paths.  This resolving step is
     // needed so the caller doesn't need to worry about things like /var

chrome/renderer/renderer.sb

@@ -19,17 +19,3 @@
 
 ; USER_HOMEDIR is substitued at runtime - http://crbug.com/11269
 ;10.6_ONLY (allow file-read-data (subpath "USER_HOMEDIR/Library/Fonts"))  ; 10.6
-
-; Needed for the Native Client plugin and loader. These lines are enabled
-; if and only if --internal-nacl (or --enable-nacl) are used (and they
-; are off by default).
-; TODO(msneck): Refactor Native Client to use something other than Unix
-; sockets. Then change or remove the code in chrome/common/sandbox_mac.mm
-; which deals with the ";NACL" prefix.
-; See http://code.google.com/p/nativeclient/issues/detail?id=344
-;NACL;BEFORE_10.6 (allow network-inbound (from unix-socket))
-;NACL;BEFORE_10.6 (allow network-outbound (to unix-socket))
-;NACL;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-"))
-;NACL;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-"))
-;NACL;10.6_ONLY (allow network-bind (local ip4))
-;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
\ No newline at end of file