chore: enable v2 sandbox on mac (#15647)

atom/app/atom_main.cc

@@ -5,6 +5,7 @@
 #include "atom/app/atom_main.h"
 
 #include <cstdlib>
+#include <memory>
 #include <vector>
 
 #if defined(OS_WIN)
@@ -30,6 +31,7 @@
 #include "atom/app/atom_main_delegate.h"  // NOLINT
 #include "content/public/app/content_main.h"
 #else  // defined(OS_LINUX)
+#include <mach-o/dyld.h>
 #include <unistd.h>
 #include <cstdio>
 #include "atom/app/atom_library_main.h"
@@ -41,6 +43,10 @@
 #include "base/i18n/icu_util.h"
 #include "electron/buildflags/buildflags.h"
 
+#if defined(HELPER_EXECUTABLE)
+#include "sandbox/mac/seatbelt_exec.h"  // nogncheck
+#endif                                  // defined(HELPER_EXECUTABLE)
+
 namespace {
 
 #if BUILDFLAG(ENABLE_RUN_AS_NODE)
@@ -207,6 +213,35 @@ int main(int argc, char* argv[]) {
   }
 #endif
 
+#if defined(HELPER_EXECUTABLE)
+  uint32_t exec_path_size = 0;
+  int rv = _NSGetExecutablePath(NULL, &exec_path_size);
+  if (rv != -1) {
+    fprintf(stderr, "_NSGetExecutablePath: get length failed\n");
+    abort();
+  }
+
+  std::unique_ptr<char[]> exec_path(new char[exec_path_size]);
+  rv = _NSGetExecutablePath(exec_path.get(), &exec_path_size);
+  if (rv != 0) {
+    fprintf(stderr, "_NSGetExecutablePath: get path failed\n");
+    abort();
+  }
+  sandbox::SeatbeltExecServer::CreateFromArgumentsResult seatbelt =
+      sandbox::SeatbeltExecServer::CreateFromArguments(exec_path.get(), argc,
+                                                       argv);
+  if (seatbelt.sandbox_required) {
+    if (!seatbelt.server) {
+      fprintf(stderr, "Failed to create seatbelt sandbox server.\n");
+      abort();
+    }
+    if (!seatbelt.server->InitializeSandbox()) {
+      fprintf(stderr, "Failed to initialize sandbox.\n");
+      abort();
+    }
+  }
+#endif
+
   return AtomMain(argc, argv);
 }