Fix sandbox profile for MacOS 10.9 Mavericks.

content/renderer/renderer_v2.sb

Index: content/renderer/renderer_v2.sb
diff --git a/content/renderer/renderer_v2.sb b/content/renderer/renderer_v2.sb
index cb871b023fea888e03bfe8615c2066867357a808..4e1de19b3b485dc10f20598c6d4dfce5a0848723 100644
--- a/content/renderer/renderer_v2.sb
+++ b/content/renderer/renderer_v2.sb
@@ -16,6 +16,7 @@
 (define enable-logging "ENABLE_LOGGING")
 (define homedir-as-literal "USER_HOMEDIR_AS_LITERAL")
 (define elcap-or-later "ELCAP_OR_LATER")
+(define is-mavericks "IS_MAVERICKS")

[Robert Sesek, 2017/07/06 20:02:23]

Something cute I saw in the Firefox profiles was defining the macOS version as
numeric (e.g. 1009, 1013) and then using inequalities agains that. Maybe
consider that in a follow-up if you like it?

[Greg K, 2017/07/06 20:59:06]

Yeah, that isn't a bad idea. If I start making 10.13 specific changes I'll
follow up with a numeric version that's always present.

 (define bundle-path "BUNDLE_PATH")
 (define executable-path "EXECUTABLE_PATH")
 (define chromium-pid "CHROMIUM_PID")
@@ -25,6 +26,7 @@
 
 ; Backwards compatibility for 10.9
 (define (path x) (literal x))
+(define (iokit-registry-entry-class x) (iokit-user-client-class x))
 
 ; --enable-sandbox-logging causes the sandbox to log failures to the syslog.
 (if (param-true? disable-sandbox-denial-logging)
@@ -47,7 +49,7 @@
 (if (param-defined? component-path)
   (allow file-read* (subpath (param component-path))))
 
-(allow process-exec* (path (param executable-path)))

[Robert Sesek, 2017/07/06 20:02:23]

I'm not quite sure what this change means...

[Greg K, 2017/07/06 20:59:07]

It means nothing actually. 10.9 only had "process-exec" and then if we look at
the strings in libsandbox.dylib on 10.12:
(define process-exec process-exec*)

So it's just a name change, that still resolves to process-exec*.

+(allow process-exec (path (param executable-path)))
 (allow file-read* (path (param executable-path)))
 
 (allow mach-lookup (global-name (string-append (param bundle-id)
@@ -122,23 +124,29 @@
   (global-name "com.apple.system.opendirectoryd.libinfo")
   (global-name "com.apple.windowserver.active"))
 
+(if (param-true? is-mavericks)

[Robert Sesek, 2017/07/06 20:02:23]

Comment. Why is this different from "com.apple.fonts" ?

[Greg K, 2017/07/06 20:59:07]

Done.

+  (allow mach-lookup (global-name "com.apple.FontServer")))
+
 ; sysctl
-(allow sysctl-read
-  (sysctl-name "hw.activecpu")
-  (sysctl-name "hw.busfrequency_compat")
-  (sysctl-name "hw.byteorder")
-  (sysctl-name "hw.cachelinesize_compat")
-  (sysctl-name "hw.cpufrequency_compat")
-  (sysctl-name "hw.cputype")
-  (sysctl-name "hw.machine")
-  (sysctl-name "hw.ncpu")
-  (sysctl-name "hw.pagesize_compat")
-  (sysctl-name "hw.physicalcpu_max")
-  (sysctl-name "hw.tbfrequency_compat")
-  (sysctl-name "hw.vectorunit")
-  (sysctl-name "kern.hostname")
-  (sysctl-name "kern.maxfilesperproc")
-  (sysctl-name "kern.osrelease")
-  (sysctl-name "kern.ostype")
-  (sysctl-name "kern.osversion")
-  (sysctl-name "kern.version"))
+(if (param-true? is-mavericks)
+  (allow sysctl-read)
+  ; else
+  (allow sysctl-read
+    (sysctl-name "hw.activecpu")
+    (sysctl-name "hw.busfrequency_compat")
+    (sysctl-name "hw.byteorder")
+    (sysctl-name "hw.cachelinesize_compat")
+    (sysctl-name "hw.cpufrequency_compat")
+    (sysctl-name "hw.cputype")
+    (sysctl-name "hw.machine")
+    (sysctl-name "hw.ncpu")
+    (sysctl-name "hw.pagesize_compat")
+    (sysctl-name "hw.physicalcpu_max")
+    (sysctl-name "hw.tbfrequency_compat")
+    (sysctl-name "hw.vectorunit")
+    (sysctl-name "kern.hostname")
+    (sysctl-name "kern.maxfilesperproc")
+    (sysctl-name "kern.osrelease")
+    (sysctl-name "kern.ostype")
+    (sysctl-name "kern.osversion")
+    (sysctl-name "kern.version")))