Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/common.sb

Issue 4044002: Mac: block ability to stat arbitrary files in the Sandbox (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix review comments Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/utility.sb ('k') | chrome/common/sandbox_mac.mm » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/common.sb
diff --git a/chrome/common/common.sb b/chrome/common/common.sb
index f8d4f1ceba6bb064f073a01bb02fbc087aa2957e..c6fd6d02881b7029128702034f3a08fa1a5a9a4c 100644
--- a/chrome/common/common.sb
+++ b/chrome/common/common.sb
@@ -26,13 +26,11 @@
; This profile is tested with the following system versions:
; 10.5.6, 10.6
-; Allow following symlinks
-(allow file-read-metadata) ; 10.5.6
-
; Loading System Libraries.
-(allow file-read-data (regex #"^/System/Library/Frameworks($|/)")) ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)")) ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/CoreServices($|/)")) ; 10.5.6
+(allow file-read*
+ (regex #"^/System/Library/Frameworks($|/)")
+ (regex #"^/System/Library/PrivateFrameworks($|/)")
+ (regex #"^/System/Library/CoreServices($|/)")) ; 10.5.6
; Needed for IPC on 10.6
;10.6_ONLY (allow ipc-posix-shm)
« no previous file with comments | « chrome/browser/utility.sb ('k') | chrome/common/sandbox_mac.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698