Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1912)

Unified Diff: content/renderer/renderer.sb

Issue 1186233004: Refactor OS X sandbox processing and audit sandbox files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Changes per code review Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/renderer/renderer.sb
diff --git a/content/renderer/renderer.sb b/content/renderer/renderer.sb
index 184f5936571c578ec929ba623170b80c62a6b5c9..f43e309f265dc64f74c7f2979f4172df203db6d0 100644
--- a/content/renderer/renderer.sb
+++ b/content/renderer/renderer.sb
@@ -7,22 +7,19 @@
; *** The contents of content/common/common.sb are implicitly included here. ***
; Needed for Fonts.
-(allow file-read* (regex #"^/System/Library/Fonts($|/)")) ; 10.5.6
-; 10.6 for loading fonts in the renderer.
-; on 10.5 this is needed for the PDF plugin.
+(allow file-read* (regex #"^/System/Library/Fonts($|/)"))
(allow file-read* (regex #"^/Library/Fonts($|/)"))
-(allow mach-lookup (global-name "com.apple.FontObjectsServer")) ; 10.5.6
-(allow mach-lookup (global-name "com.apple.FontServer")) ; 10.6
+(allow mach-lookup (global-name "com.apple.FontServer"))
(allow file-read*
- (regex #"^/System/Library/ColorSync($|/)") ; 10.5.6 - http://crbug.com/46648
+ (regex #"^/System/Library/ColorSync($|/)") ; http://crbug.com/46648
(regex #"^/System/Library/Keyboard Layouts($|/)") ; http://crbug.com/152566
(literal "/Library/Preferences/.GlobalPreferences.plist") ; http://crbug.com/60917
- (literal "@USER_HOMEDIR_AS_LITERAL@/Library/Preferences/.GlobalPreferences.plist")
+ (literal (string-append (param homedir-as-literal) "/Library/Preferences/.GlobalPreferences.plist"))
)
; http://crbug.com/11269
-(allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts")) ; 10.6
+(allow file-read* (subpath (string-append (param homedir-as-literal) "/Library/Fonts")))
; http://crbug.com/60917
(allow file-read-metadata

Powered by Google App Engine
This is Rietveld 408576698