Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(574)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/renderer.sb

Issue 1186233004: Refactor OS X sandbox processing and audit sandbox files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Cleaned up the component build workaround. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/gpu.sb ('K') | « content/ppapi_plugin/ppapi.sb ('k') | content/utility/utility.sb » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ;; 1 ;;
2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
3 ;; Use of this source code is governed by a BSD-style license that can be 3 ;; Use of this source code is governed by a BSD-style license that can be
4 ;; found in the LICENSE file. 4 ;; found in the LICENSE file.
5 ;; 5 ;;
6 6
7 ; *** The contents of content/common/common.sb are implicitly included here. *** 7 ; *** The contents of content/common/common.sb are implicitly included here. ***
8 8
9 ; Needed for Fonts. 9 ; Needed for Fonts.
10 (allow file-read* (regex #"^/System/Library/Fonts($|/)")) ; 10.5.6 10 (allow file-read* (regex #"^/System/Library/Fonts($|/)"))
11 ; 10.6 for loading fonts in the renderer.
12 ; on 10.5 this is needed for the PDF plugin.
13 (allow file-read* (regex #"^/Library/Fonts($|/)")) 11 (allow file-read* (regex #"^/Library/Fonts($|/)"))
14 (allow mach-lookup (global-name "com.apple.FontObjectsServer")) ; 10.5.6 12 (allow mach-lookup (global-name "com.apple.FontServer"))
Robert Sesek 2015/06/25 20:49:27 Don't we still need this?
Greg K 2015/06/25 23:17:47 Yes, yes we do.
15 (allow mach-lookup (global-name "com.apple.FontServer")) ; 10.6
16 13
17 (allow file-read* 14 (allow file-read*
18 (regex #"^/System/Library/ColorSync($|/)") ; 10.5.6 - http://crbug.com/46648 15 (regex #"^/System/Library/ColorSync($|/)") ; http://crbug.com/46648
19 (regex #"^/System/Library/Keyboard Layouts($|/)") ; http://crbug.com/152566 16 (regex #"^/System/Library/Keyboard Layouts($|/)") ; http://crbug.com/152566
20 (literal "/Library/Preferences/.GlobalPreferences.plist") ; http://crbug.com/6 0917 17 (literal "/Library/Preferences/.GlobalPreferences.plist") ; http://crbug.com/6 0917
21 (literal "@USER_HOMEDIR_AS_LITERAL@/Library/Preferences/.GlobalPreferences.pli st") 18 (literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist"))
22 ) 19 )
23 20
24 ; http://crbug.com/11269 21 ; http://crbug.com/11269
25 (allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts")) ; 10.6 22 (allow file-read* (subpath (user-homedir-path "/Library/Fonts")))
26 23
27 ; http://crbug.com/60917 24 ; http://crbug.com/60917
28 (allow file-read-metadata 25 (allow file-read-metadata
29 (literal "/") 26 (literal "/")
30 (literal "/var") 27 (literal "/var")
31 ) 28 )
32 29
33 ; http://crbug.com/288697 30 ; http://crbug.com/288697
34 (allow file-read* 31 (allow file-read*
35 (regex #"^/(private/)?etc/localtime$") 32 (regex #"^/(private/)?etc/localtime$")
36 (regex #"^/usr/share/zoneinfo/") 33 (regex #"^/usr/share/zoneinfo/")
37 ) 34 )
38 (allow file-read-metadata 35 (allow file-read-metadata
39 (regex #"^/(private/)?etc$") 36 (regex #"^/(private/)?etc$")
40 ) 37 )
OLDNEW
« content/browser/gpu.sb ('K') | « content/ppapi_plugin/ppapi.sb ('k') | content/utility/utility.sb » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698