diff options
| author | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-21 22:30:47 +0000 |
|---|---|---|
| committer | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-21 22:30:47 +0000 |
| commit | 3a3e5b3c585d110766921a79997b4c6ab8a49440 (patch) | |
| tree | 2969b47e71db438b56b572cd8b5e37ab3d818fa4 /chrome/renderer/renderer.sb | |
| parent | fe474ed7f9eee2c666a3be32336c359c67d40fc4 (diff) | |
| download | chromium_src-3a3e5b3c585d110766921a79997b4c6ab8a49440.zip chromium_src-3a3e5b3c585d110766921a79997b4c6ab8a49440.tar.gz chromium_src-3a3e5b3c585d110766921a79997b4c6ab8a49440.tar.bz2 | |
Some tweaks to the OS X Sandbox:
* Fix 10.6 bug where garbled text was displayed due to insuccesful font loading.
* Tightened down the Sandbox a bit, instead of allowing access to /System/Library limit it to certain subdirectories.
* Remove unused warmup code now that we allow sysctl-read.
BUG=11269
BUG=b/1853366
TEST=On 10.6, copy Arial.ttf from /System/Library/Fonts to ~/Library/Fonts , Launch Chrome. Text on NTP should be displayed normally and not garbled.
Review URL: http://codereview.chromium.org/174254
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24030 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/renderer.sb')
| -rw-r--r-- | chrome/renderer/renderer.sb | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/chrome/renderer/renderer.sb b/chrome/renderer/renderer.sb index baa851c..2fa12fc70 100644 --- a/chrome/renderer/renderer.sb +++ b/chrome/renderer/renderer.sb @@ -6,23 +6,29 @@ (version 1) (deny default) -; Needed for full-page-zoomed checkboxes etc -- http://crbug.com/11325 +; Needed for full-page-zoomed controls - http://crbug.com/11325 (allow sysctl-read) - ; Each line is marked with the System version that needs it. ; This profile is tested with the following system versions: ; 10.5.6, 10.6 seed release ; Allow following symlinks (allow file-read-metadata) ; 10.5.6 -; Allow reading files out of /System/Library -(allow file-read-data (regex #"^/System/Library")) ; 10.5.6 -; Needed for Fonts +; Loading System Libraries. +(allow file-read-data (regex #"^/System/Library/Frameworks")) ; 10.5.6 +(allow file-read-data (regex #"^/System/Library/PrivateFrameworks")) ; 10.5.6 +(allow file-read-data (regex #"^/System/Library/CoreServices")) ; 10.5.6 + +; Needed for Fonts. +(allow file-read-data (regex #"^/System/Library/Fonts")) ; 10.5.6 +(allow file-read-data (regex #"^/Library/Fonts")) ; 10.6 seed release (allow mach-lookup (global-name "com.apple.FontObjectsServer")) ; 10.5.6 (allow mach-lookup (global-name "com.apple.FontServer")) ; 10.6 seed release -(allow file-read-data (regex #"^/Library/Fonts")) ; 10.6 seed release + +; USER_HOMEDIR is substitued at runtime - http://crbug.com/11269 +(allow file-read-data (regex #"^USER_HOMEDIR/Library/Fonts")) ; 10.6 seed release ; Needed for IPC on 10.6 (allow ipc-posix-shm) |