content/renderer/renderer.sb

   1 ;;
   2 ;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
   3 ;; Use of this source code is governed by a BSD-style license that can be
   4 ;; found in the LICENSE file.
   5 ;;
   6
   7 ; *** The contents of content/common/common.sb are implicitly included here. ***
   8
   9 ; Needed for Fonts.
  10 (allow file-read* (regex #"^/System/Library/Fonts($|/)"))
  11 (allow file-read* (regex #"^/Library/Fonts($|/)"))
  12 (allow mach-lookup (global-name "com.apple.FontObjectsServer"))
  13 (allow mach-lookup (global-name "com.apple.FontServer"))
  14
  15 (allow file-read*
  16   (regex #"^/System/Library/ColorSync($|/)")  ; http://crbug.com/46648
  17   (regex #"^/System/Library/Keyboard Layouts($|/)")  ; http://crbug.com/152566
  18   (literal "/Library/Preferences/.GlobalPreferences.plist") ; http://crbug.com/60917
  19   (literal (user-homedir-path "/Library/Preferences/.GlobalPreferences.plist"))
  20 )
  21
  22 ; http://crbug.com/11269
  23 (allow file-read* (subpath (user-homedir-path "/Library/Fonts")))
  24
  25 ; http://crbug.com/60917
  26 (allow file-read-metadata
  27   (literal "/")
  28   (literal "/var")
  29 )
  30
  31 ; http://crbug.com/288697
  32 (allow file-read*
  33   (regex #"^/(private/)?etc/localtime$")
  34   (regex #"^/usr/share/zoneinfo/")
  35 )
  36 (allow file-read-metadata
  37   (regex #"^/(private/)?etc$")
  38 )
  39
  40 ; http://crbug.com/508935
  41 (if (param-true? elcap-or-later)
  42   (allow file-read*
  43     (literal "/usr/lib/libcsfde.dylib")
  44     (literal "/usr/lib/libcurl.4.dylib")
  45     (literal "/usr/lib/libCoreStorage.dylib")
  46     (literal "/usr/lib/libutil.dylib")
  47 ))