macOS V2 Sandbox: Remove unused InitializeSandbox calls.

This deletes calls to InitializeSandbox that are no longer called. These
are processes which only use the V2 sandbox.

Bug: 917445
Change-Id: I87b96a4f4071438eeaf68e6d07ddc2c9813b3e58
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1582967Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Auto-Submit: Greg Kerr <kerrnel@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#654485}

components/nacl/loader/nacl_main_platform_delegate_mac.mm

@@ -16,12 +16,6 @@
 
 void NaClMainPlatformDelegate::EnableSandbox(
     const content::MainFunctionParams& parameters) {
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          sandbox::switches::kSeatbeltClientName)) {
-    // Make sure the sandbox is actually enabled if the V2 flag is present.
-    CHECK(sandbox::Seatbelt::IsSandboxed());
-  } else {
-    CHECK(content::InitializeSandbox(service_manager::SANDBOX_TYPE_NACL_LOADER))
-        << "Error initializing sandbox for " << switches::kNaClLoaderProcess;
-  }
+  // The sandbox on macOS is enabled as soon as main() executes, so there is
+  // nothing to do here.
 }

content/app/content_main_runner_impl.cc

@@ -86,6 +86,7 @@
 #elif defined(OS_MACOSX)
 #include "base/mac/mach_port_broker.h"
 #include "base/power_monitor/power_monitor_device_source.h"
+#include "sandbox/mac/seatbelt.h"
 #include "sandbox/mac/seatbelt_exec.h"
 #endif  // OS_WIN
 
@@ -812,19 +813,16 @@ int ContentMainRunnerImpl::Initialize(const ContentMainParams& params) {
             params.sandbox_info))
       return TerminateForFatalInitializationError();
 #elif defined(OS_MACOSX)
-    // Do not initialize the sandbox at this point if the V2
-    // sandbox is enabled for the process type.
+    // Only the GPU process still runs the V1 sandbox.
     bool v2_enabled = base::CommandLine::ForCurrentProcess()->HasSwitch(
         sandbox::switches::kSeatbeltClientName);
 
-    if (process_type == switches::kRendererProcess ||
-        process_type == switches::kPpapiPluginProcess || v2_enabled ||
-        delegate_->DelaySandboxInitialization(process_type)) {
-      // On OS X the renderer sandbox needs to be initialized later in the
-      // startup sequence in RendererMainPlatformDelegate::EnableSandbox().
-    } else {
-      if (!InitializeSandbox())
+    if (!v2_enabled && process_type == switches::kGpuProcess) {
+      if (!InitializeSandbox()) {
         return TerminateForFatalInitializationError();
+      }
+    } else if (v2_enabled) {
+      CHECK(sandbox::Seatbelt::IsSandboxed());
     }
 #endif
 

content/ppapi_plugin/ppapi_thread.cc

@@ -430,17 +430,6 @@ void PpapiThread::OnLoadPlugin(const base::FilePath& path,
       return;
     }
   } else {
-#if defined(OS_MACOSX)
-    // TODO(kerrnel): Delete this once the V2 sandbox is default.
-    const base::CommandLine* cmdline = base::CommandLine::ForCurrentProcess();
-    if (!cmdline->HasSwitch(sandbox::switches::kSeatbeltClientName)) {
-      // We need to do this after getting |PPP_GetInterface()| (or presumably
-      // doing something nontrivial with the library), else the sandbox
-      // intercedes.
-      CHECK(InitializeSandbox());
-    }
-#endif
-
     int32_t init_error = plugin_entry_points_.initialize_module(
         local_pp_module_, &ppapi::proxy::PluginDispatcher::GetBrowserInterface);
     if (init_error != PP_OK) {