blob: 10b6b75419be82d1a52e9940697857a865480ce7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
;;
;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
;; Use of this source code is governed by a BSD-style license that can be
;; found in the LICENSE file.
;;
; *** The contents of content/common/common.sb are implicitly included here. ***
; Needed for Fonts.
(allow file-read* (regex #"^/System/Library/Fonts($|/)"))
(allow file-read* (regex #"^/Library/Fonts($|/)"))
(allow mach-lookup (global-name "com.apple.FontObjectsServer"))
(allow mach-lookup (global-name "com.apple.FontServer"))
(allow file-read*
(regex #"^/System/Library/ColorSync($|/)") ; https://crbug.com/46648
(regex #"^/System/Library/Keyboard Layouts($|/)") ; https://crbug.com/152566
(literal "/Library/Preferences/.GlobalPreferences.plist") ; https://crbug.com/60917
(literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist")))
; https://crbug.com/11269
(allow file-read* (subpath (user-homedir-path "/Library/Fonts")))
; https://crbug.com/60917
(allow file-read-metadata
(literal "/")
(literal "/var"))
; https://crbug.com/288697
(allow file-read*
(regex #"^/(private/)?etc/localtime$")
(regex #"^/usr/share/zoneinfo/"))
(allow file-read-metadata (regex #"^/(private/)?etc$"))
; https://crbug.com/508935
; TODO(tkent): Remove this section when we drop 'results' attribute support.
; https://crbug.com/590117
(if (param-true? elcap-or-later)
(allow file-read*
(literal "/usr/lib/libcrypto.0.9.8.dylib")
(literal "/usr/lib/libcsfde.dylib")
(literal "/usr/lib/libcurl.4.dylib")
(literal "/usr/lib/libCoreStorage.dylib")
(literal "/usr/lib/libsasl2.2.dylib")
(literal "/usr/lib/libutil.dylib")))
|
