content/renderer/renderer.sb

   1 ;;
   2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
   3 ;; Use of this source code is governed by a BSD-style license that can be
   4 ;; found in the LICENSE file.
   5 ;;
   6
   7 ; *** The contents of content/common/common.sb are implicitly included here. ***
   8
   9 ; Needed for Fonts.
  10 (allow file-read* (regex #"^/System/Library/Fonts($|/)"))
  11 (allow file-read* (regex #"^/Library/Fonts($|/)"))
  12 (allow mach-lookup (global-name "com.apple.FontObjectsServer"))
  13 (allow mach-lookup (global-name "com.apple.FontServer"))
  14
  15 (allow file-read*
  16   (regex #"^/System/Library/ColorSync($|/)")  ; https://crbug.com/46648
  17   (regex #"^/System/Library/Keyboard Layouts($|/)")  ; https://crbug.com/152566
  18   (literal "/Library/Preferences/.GlobalPreferences.plist") ; https://crbug.com/60917
  19   (literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist")))
  20
  21 ; https://crbug.com/11269
  22 (allow file-read* (subpath (user-homedir-path "/Library/Fonts")))
  23
  24 ; https://crbug.com/60917
  25 (allow file-read-metadata
  26   (literal "/")
  27   (literal "/var"))
  28
  29 ; https://crbug.com/288697
  30 (allow file-read*
  31   (regex #"^/(private/)?etc/localtime$")
  32   (regex #"^/usr/share/zoneinfo/"))
  33
  34 (allow file-read-metadata (regex #"^/(private/)?etc$"))
  35
  36 ; https://crbug.com/508935
  37 (if (param-true? elcap-or-later)
  38   (allow file-read*
  39     (literal "/usr/lib/libcsfde.dylib")
  40     (literal "/usr/lib/libcurl.4.dylib")
  41     (literal "/usr/lib/libCoreStorage.dylib")
  42     (literal "/usr/lib/libutil.dylib")))