blob: f00e92668ee68a72c7fb19f78ff8ec42a17b002a [file] [log] [blame]
; Copyright 2018 The Chromium Authors. All rights reserved.
; Use of this source code is governed by a BSD-style license that can be
; found in the LICENSE file.
; --- The contents of common.sb implicitly included here. ---
; File access.
(allow file-read*
(path (user-homedir-path "/Library/Caches/com.apple.coreaudio.components.plist"))
(regex (user-homedir-path #"/Library/Preferences/com.apple.coreaudio.*"))
(subpath (user-homedir-path "/Library/Audio/Plug-Ins"))
(subpath "/Library/Audio/Plug-Ins")
(subpath "/Library/QuickTime")
(subpath "/System/Library/Components")
(subpath "/System/Library/Extensions"))
(allow device-microphone)
(allow iokit-open
(iokit-user-client-class "IOAudioControlUserClient")
(iokit-user-client-class "IOAudioEngineUserClient"))
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name-regex #"^AudioIO"))
; Mach IPC.
(allow mach-lookup
(global-name "com.apple.audio.SystemSoundServer-OSX")
(global-name "com.apple.audio.VDCAssistant")
(global-name "com.apple.audio.coreaudiod")
(global-name "com.apple.audio.audiohald"))
(if (>= os-version 1013)
(allow mach-lookup
(global-name "com.apple.audio.AudioComponentRegistrar")
(xpc-service-name "com.apple.audio.SandboxHelper")))
; sysctls.
(allow sysctl-read
(sysctl-name "hw.optional.avx2_0")
(sysctl-name "hw.optional.avx1_0")
(sysctl-name "hw.optional.sse4_2")
(sysctl-name "hw.optional.sse4_1")
(sysctl-name "hw.optional.sse3")
(sysctl-name "hw.optional.sse2"))