macOS Sandbox: Add (begin) to sysctl rules for tcsm.
The sysctl rules are currently incorrectly enclosed in an if/else
statement, when it should be a single if clause.
Bug: 963490
Change-Id: I9b6cf6676dd3eb8597b7d4cb4f78518112552a54
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1620911
Auto-Submit: Greg Kerr <kerrnel@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#661466}
diff --git a/services/service_manager/sandbox/mac/nacl_loader.sb b/services/service_manager/sandbox/mac/nacl_loader.sb
index c8618da7..a5014f76 100644
--- a/services/service_manager/sandbox/mac/nacl_loader.sb
+++ b/services/service_manager/sandbox/mac/nacl_loader.sb
@@ -38,8 +38,8 @@
)
(if (>= os-version 1014)
- ; Ordering of these tcsm sysctls matters. See: https://crbug.com/964353
- (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
- (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
- (allow sysctl-read (sysctl-name "kern.tcsm_available"))
-)
+ (begin
+ (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
+ (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
+ (allow sysctl-read (sysctl-name "kern.tcsm_available"))
+))
diff --git a/services/service_manager/sandbox/mac/renderer.sb b/services/service_manager/sandbox/mac/renderer.sb
index 932c6ec3..b316c98f 100644
--- a/services/service_manager/sandbox/mac/renderer.sb
+++ b/services/service_manager/sandbox/mac/renderer.sb
@@ -95,9 +95,8 @@
; For V8 to use in thread calculations.
(if (>= os-version 1014)
- ; Ordering of these tcsm sysctls matters. See: https://crbug.com/964353
- (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
- (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
- (allow sysctl-read (sysctl-name "kern.tcsm_available"))
-
-)
+ (begin
+ (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
+ (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
+ (allow sysctl-read (sysctl-name "kern.tcsm_available"))
+))
