macOS: Add support for and enable the V2 sandbox (issue #2459)

The CEF_USE_SANDBOX define is now used on all platforms.

libcef/common/main_delegate.cc

@@ -98,6 +98,20 @@ void OverrideFrameworkBundlePath() {
   base::mac::SetOverrideFrameworkBundlePath(framework_path);
 }
 
+void OverrideOuterBundlePath() {
+  base::FilePath bundle_path = util_mac::GetMainBundlePath();
+  DCHECK(!bundle_path.empty());
+
+  base::mac::SetOverrideOuterBundlePath(bundle_path);
+}
+
+void OverrideBaseBundleID() {
+  std::string bundle_id = util_mac::GetMainBundleID();
+  DCHECK(!bundle_id.empty());
+
+  base::mac::SetBaseBundleID(bundle_id.c_str());
+}
+
 void OverrideChildProcessPath() {
   base::FilePath child_process_path =
       base::CommandLine::ForCurrentProcess()->GetSwitchValuePath(
@@ -436,29 +450,6 @@ bool CefMainDelegate::BasicStartupComplete(int* exit_code) {
           switches::kUncaughtExceptionStackSize,
           base::IntToString(settings.uncaught_exception_stack_size));
     }
-
-#if defined(OS_MACOSX)
-    std::vector<std::string> disable_features;
-
-    // TODO: Remove once MacV2Sandbox is supported. See issue #2459.
-    if (features::kMacV2Sandbox.default_state ==
-        base::FEATURE_ENABLED_BY_DEFAULT) {
-      disable_features.push_back(features::kMacV2Sandbox.name);
-    }
-
-    if (!disable_features.empty()) {
-      DCHECK(!base::FeatureList::GetInstance());
-      std::string disable_features_str =
-          command_line->GetSwitchValueASCII(switches::kDisableFeatures);
-      for (auto feature_str : disable_features) {
-        if (!disable_features_str.empty())
-          disable_features_str += ",";
-        disable_features_str += feature_str;
-      }
-      command_line->AppendSwitchASCII(switches::kDisableFeatures,
-                                      disable_features_str);
-    }
-#endif  // defined(OS_MACOSX)
   }
 
   if (content_client_.application().get()) {
@@ -517,6 +508,8 @@ bool CefMainDelegate::BasicStartupComplete(int* exit_code) {
 
 #if defined(OS_MACOSX)
   OverrideFrameworkBundlePath();
+  OverrideOuterBundlePath();
+  OverrideBaseBundleID();
 #endif
 
   return false;

libcef/common/util_mac.h

@@ -6,6 +6,8 @@
 #define CEF_LIBCEF_COMMON_UTIL_MAC_H_
 #pragma once
 
+#include <string>
+
 namespace base {
 class FilePath;
 }
@@ -31,6 +33,13 @@ base::FilePath GetFrameworkResourcesDirectory();
 // "myapp.app/Contents/MacOS/myapp").
 base::FilePath GetMainProcessPath();
 
+// Returns the path to the top-level app bundle that contains the main process
+// executable (e.g. "myapp.app").
+base::FilePath GetMainBundlePath();
+
+// Returns the identifier for the top-level app bundle.
+std::string GetMainBundleID();
+
 // Returns the path to the Resources directory inside the top-level app bundle
 // (e.g. "myapp.app/Contents/Resources"). May return an empty value if not
 // running in an app bundle.

libcef/common/util_mac.mm

@@ -9,19 +9,15 @@
 #include "base/base_paths.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
+#include "base/mac/bundle_locations.h"
 #include "base/mac/foundation_util.h"
 #include "base/path_service.h"
+#include "base/strings/sys_string_conversions.h"
 
 namespace util_mac {
 
 namespace {
 
-// Returns the path to the top-level app bundle that contains the main process
-// executable.
-base::FilePath GetMainBundlePath() {
-  return base::mac::GetAppBundlePath(GetMainProcessPath());
-}
-
 // Returns the path to the Frameworks directory inside the top-level app bundle.
 base::FilePath GetFrameworksPath() {
   base::FilePath bundle_path = GetMainBundlePath();
@@ -68,6 +64,15 @@ base::FilePath GetMainProcessPath() {
   return path;
 }
 
+base::FilePath GetMainBundlePath() {
+  return base::mac::GetAppBundlePath(GetMainProcessPath());
+}
+
+std::string GetMainBundleID() {
+  NSBundle* bundle = base::mac::OuterBundle();
+  return base::SysNSStringToUTF8([bundle bundleIdentifier]);
+}
+
 base::FilePath GetMainResourcesDirectory() {
   base::FilePath bundle_path = GetMainBundlePath();
   if (bundle_path.empty())