| OLD | NEW |
|---|
| 1 ;; | 1 ;; |
| 2 ;; Copyright (c) 2009 The Chromium Authors. All rights reserved. | 2 ;; Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 3 ;; Use of this source code is governed by a BSD-style license that can be | 3 ;; Use of this source code is governed by a BSD-style license that can be |
| 4 ;; found in the LICENSE file. | 4 ;; found in the LICENSE file. |
| 5 ;; | 5 ;; |
| 6 ; This is the Sandbox configuration file used for safeguarding the user's | 6 ; This is the Sandbox configuration file used for safeguarding the user's |
| 7 ; untrusted code within Native Client. | 7 ; untrusted code within Native Client. |
| 8 ; | 8 ; |
| 9 | 9 |
| 10 ; *** The contents of chrome/common/common.sb are implicitly included here. *** | 10 ; *** The contents of chrome/common/common.sb are implicitly included here. *** |
| 11 | 11 |
| 12 ; Allow a Native Client application to use semaphores, specifically | 12 ; Allow a Native Client application to use semaphores, specifically |
| 13 ; sem_init(), et.al. | 13 ; sem_init(), et.al. |
| 14 (allow ipc-posix-sem) | 14 (allow ipc-posix-sem) |
| 15 | |
| 16 ; Needed for the Native Client plugin and loader. | |
| 17 ; TODO(msneck): Refactor Native Client to use something other than Unix | |
| 18 ; sockets. | |
| 19 ; See http://code.google.com/p/nativeclient/issues/detail?id=344 | |
| 20 ;BEFORE_10.6 (allow network-inbound (from unix-socket)) | |
| 21 ;BEFORE_10.6 (allow network-outbound (to unix-socket)) | |
| 22 ;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-")) | |
| 23 ;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-")) | |
| 24 ;10.6_ONLY (allow network-bind (local ip4)) | |
| 25 ;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-")) | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3077003:
Fully remove the hole in the Mac Sandbox that was used to support... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/