| OLD | NEW |
|---|
| 1 ;; | 1 ;; |
| 2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. | 2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 3 ;; Use of this source code is governed by a BSD-style license that can be | 3 ;; Use of this source code is governed by a BSD-style license that can be |
| 4 ;; found in the LICENSE file. | 4 ;; found in the LICENSE file. |
| 5 ;; | 5 ;; |
| 6 | 6 |
| 7 ; *** The contents of content/common/common.sb are implicitly included here. *** | 7 ; *** The contents of content/common/common.sb are implicitly included here. *** |
| 8 | 8 |
| 9 ; Needed for Fonts. | 9 ; Needed for Fonts. |
| 10 (allow file-read* (regex #"^/System/Library/Fonts($|/)")) | 10 (allow file-read* (regex #"^/System/Library/Fonts($|/)")) |
| 11 (allow file-read* (regex #"^/Library/Fonts($|/)")) | 11 (allow file-read* (regex #"^/Library/Fonts($|/)")) |
| 12 (allow mach-lookup (global-name "com.apple.FontObjectsServer")) | 12 (allow mach-lookup (global-name "com.apple.FontObjectsServer")) |
| 13 (allow mach-lookup (global-name "com.apple.FontServer")) | 13 (allow mach-lookup (global-name "com.apple.FontServer")) |
| 14 (allow mach-lookup (global-name "com.apple.fonts")) | 14 (allow mach-lookup (global-name "com.apple.fonts")) |
| 15 (allow file-read* (extension "com.apple.app-sandbox.read")) ; https://crbug.com/
662686 |
| 15 | 16 |
| 16 ; Allow read-only connection to launchservicesd. https://crbug.com/533537 | 17 ; Allow read-only connection to launchservicesd. https://crbug.com/533537 |
| 17 (allow mach-lookup (global-name "com.apple.lsd.mapdb")) | 18 (allow mach-lookup (global-name "com.apple.lsd.mapdb")) |
| 18 | 19 |
| 19 (allow file-read* | 20 (allow file-read* |
| 20 (regex #"^/System/Library/ColorSync($|/)") ; https://crbug.com/46648 | 21 (regex #"^/System/Library/ColorSync($|/)") ; https://crbug.com/46648 |
| 21 (regex #"^/System/Library/Keyboard Layouts($|/)") ; https://crbug.com/152566 | 22 (regex #"^/System/Library/Keyboard Layouts($|/)") ; https://crbug.com/152566 |
| 22 (literal "/Library/Preferences/.GlobalPreferences.plist") ; https://crbug.com/
60917 | 23 (literal "/Library/Preferences/.GlobalPreferences.plist") ; https://crbug.com/
60917 |
| 23 (literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist"))) | 24 (literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist"))) |
| 24 | 25 |
| 25 ; https://crbug.com/11269 | 26 ; https://crbug.com/11269 |
| 26 (allow file-read* (subpath (user-homedir-path "/Library/Fonts"))) | 27 (allow file-read* (subpath (user-homedir-path "/Library/Fonts"))) |
| 27 | 28 |
| 28 ; https://crbug.com/60917 | 29 ; https://crbug.com/60917 |
| 29 (allow file-read-metadata | 30 (allow file-read-metadata |
| 30 (literal "/") | 31 (literal "/") |
| 31 (literal "/var")) | 32 (literal "/var")) |
| 32 | 33 |
| 33 ; https://crbug.com/288697 | 34 ; https://crbug.com/288697 |
| 34 (allow file-read* | 35 (allow file-read* |
| 35 (regex #"^/(private/)?etc/localtime$") | 36 (regex #"^/(private/)?etc/localtime$") |
| 36 (regex #"^/usr/share/zoneinfo/")) | 37 (regex #"^/usr/share/zoneinfo/")) |
| 37 | 38 |
| 38 (allow file-read-metadata (regex #"^/(private/)?etc$")) | 39 (allow file-read-metadata (regex #"^/(private/)?etc$")) |
| 39 | 40 |
| 40 ; https://crbug.com/605840 | 41 ; https://crbug.com/605840 |
| 41 ; file-read-metadata /System/Library/LinguisticData/en/US/hyphenation.dat | 42 ; file-read-metadata /System/Library/LinguisticData/en/US/hyphenation.dat |
| 42 ; for CFStringIsHyphenationAvailableForLocale and CFStringGetHyphenationLocation
BeforeIndex | 43 ; for CFStringIsHyphenationAvailableForLocale and CFStringGetHyphenationLocation
BeforeIndex |
| 43 (allow file-read* (subpath "/System/Library/LinguisticData")) | 44 (allow file-read* (subpath "/System/Library/LinguisticData")) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2510923003:
Widen sandbox rules to allow access to downloaded Sierra fonts (Closed)
