diff options
| author | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-16 19:09:11 +0000 |
|---|---|---|
| committer | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-16 19:09:11 +0000 |
| commit | 1e652d0226fa331b2bd80ab7f94e6c4d043c729b (patch) | |
| tree | 77ad184cd6aa717fb109f4d30af6b0f7499792a6 /chrome/browser/utility.sb | |
| parent | 36fd3b15dc2bc7a02d0edec25524683f9c9976bd (diff) | |
| download | chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.zip chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.tar.gz chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.tar.bz2 | |
Mac: Refactor sandbox profiles to use a common base configuration file.
Eliminate rule duplication in our sandbox profiles by creating a new common.sb file which we include implicitly at the start of all other sandbox configuration files.
BUG=39987
TEST=Chrome on Mac should continue to render pages, all unit tests should pass.
Review URL: http://codereview.chromium.org/1656006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44804 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/utility.sb')
| -rw-r--r-- | chrome/browser/utility.sb | 27 |
1 files changed, 2 insertions, 25 deletions
diff --git a/chrome/browser/utility.sb b/chrome/browser/utility.sb index a4bd16b..1d3a12b 100644 --- a/chrome/browser/utility.sb +++ b/chrome/browser/utility.sb @@ -10,31 +10,8 @@ ; This configuration locks everything down, except access to one configurable ; directory. This is different from other sandbox configuration files where ; file system access is entireley restricted. -(version 1) -(deny default) -; Support for programmatically enabling verbose debugging. -;ENABLE_LOGGING (debug deny) -; Allow sending signals to self - http://crbug.com/20370 -(allow signal (target self)) - -; Needed for full-page-zoomed controls - http://crbug.com/11325 -(allow sysctl-read) - -; Each line is marked with the System version that needs it. -; This profile is tested with the following system versions: -; 10.5.6, 10.6 - -; Allow following symlinks -(allow file-read-metadata) ; 10.5.6 - -; Loading System Libraries. -(allow file-read-data (regex #"^/System/Library/Frameworks($|/)")) ; 10.5.6 -(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)")) ; 10.5.6 -(allow file-read-data (regex #"^/System/Library/CoreServices($|/)")) ; 10.5.6 - -; Needed for IPC on 10.6 -;10.6_ONLY (allow ipc-posix-shm) +; *** The contents of chrome/common/common.sb are implicitly included here. *** ; Enable full access to given directory if needed. -;ENABLE_DIRECTORY_ACCESS (allow file-read* file-write* (regex #"DIR_TO_ALLOW_ACCESS")) +;ENABLE_DIRECTORY_ACCESS (allow file-read* file-write* (regex #"DIR_TO_ALLOW_ACCESS"))
\ No newline at end of file |