diff options
| author | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-16 19:09:11 +0000 |
|---|---|---|
| committer | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-16 19:09:11 +0000 |
| commit | 1e652d0226fa331b2bd80ab7f94e6c4d043c729b (patch) | |
| tree | 77ad184cd6aa717fb109f4d30af6b0f7499792a6 /chrome/renderer | |
| parent | 36fd3b15dc2bc7a02d0edec25524683f9c9976bd (diff) | |
| download | chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.zip chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.tar.gz chromium_src-1e652d0226fa331b2bd80ab7f94e6c4d043c729b.tar.bz2 | |
Mac: Refactor sandbox profiles to use a common base configuration file.
Eliminate rule duplication in our sandbox profiles by creating a new common.sb file which we include implicitly at the start of all other sandbox configuration files.
BUG=39987
TEST=Chrome on Mac should continue to render pages, all unit tests should pass.
Review URL: http://codereview.chromium.org/1656006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44804 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/renderer.sb | 27 |
1 files changed, 2 insertions, 25 deletions
diff --git a/chrome/renderer/renderer.sb b/chrome/renderer/renderer.sb index bbdf1c2..341652f 100644 --- a/chrome/renderer/renderer.sb +++ b/chrome/renderer/renderer.sb @@ -3,28 +3,8 @@ ;; Use of this source code is governed by a BSD-style license that can be ;; found in the LICENSE file. ;; -(version 1) -(deny default) -; Support for programmatically enabling verbose debugging. -;ENABLE_LOGGING (debug deny) -; Allow sending signals to self - http://crbug.com/20370 -(allow signal (target self)) - -; Needed for full-page-zoomed controls - http://crbug.com/11325 -(allow sysctl-read) - -; Each line is marked with the System version that needs it. -; This profile is tested with the following system versions: -; 10.5.6, 10.6 - -; Allow following symlinks -(allow file-read-metadata) ; 10.5.6 - -; Loading System Libraries. -(allow file-read-data (regex #"^/System/Library/Frameworks($|/)")) ; 10.5.6 -(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)")) ; 10.5.6 -(allow file-read-data (regex #"^/System/Library/CoreServices($|/)")) ; 10.5.6 +; *** The contents of chrome/common/common.sb are implicitly included here. *** ; Needed for Fonts. (allow file-read-data (regex #"^/System/Library/Fonts($|/)")) ; 10.5.6 @@ -35,9 +15,6 @@ ; USER_HOMEDIR is substitued at runtime - http://crbug.com/11269 ;10.6_ONLY (allow file-read-data (subpath "USER_HOMEDIR/Library/Fonts")) ; 10.6 -; Needed for IPC on 10.6 -;10.6_ONLY (allow ipc-posix-shm) - ; Needed for the Native Client plugin and loader. These lines are enabled ; if and only if --internal-nacl (or --enable-nacl) are used (and they ; are off by default). @@ -50,4 +27,4 @@ ;NACL;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-")) ;NACL;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-")) ;NACL;10.6_ONLY (allow network-bind (local ip4)) -;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-")) +;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
\ No newline at end of file |