blob: 49a72ccfac371123173bfbf103ad8d8324b12e98 [file] [log] [blame]
; Copyright 2017 The Chromium Authors. All rights reserved.
; Use of this source code is governed by a BSD-style license that can be
; found in the LICENSE file.
; --- The contents of common.sb implicitly included here. ---
; Allow communication between the GPU process and the UI server.
(allow mach-lookup
(global-name "com.apple.CoreServices.coreservicesd")
(global-name "com.apple.coreservices.launchservicesd")
(global-name "com.apple.cvmsServ")
(global-name "com.apple.system.notification_center")
(global-name "com.apple.tsm.uiserver")
(global-name "com.apple.windowserver.active"))
; Needed for WebGL - crbug.com/75343
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "AGPMClient")
(iokit-user-client-class "AppleGraphicsControlClient")
(iokit-user-client-class "AppleMGPUPowerControlClient")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOFramebufferSharedUserClient")
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight"))
(iokit-user-client-class "RootDomainUserClient")
(allow ipc-posix-shm-read-data
(ipc-posix-name "apple.shm.notification_center"))
; https://crbug.com/515280
(if (>= os-version 1011)
(allow file-read* (subpath "/System/Library/Extensions")))
; Needed for VideoToolbox usage - https://crbug.com/767037
(if (>= os-version 1013)
(allow mach-lookup (global-name "com.apple.coremedia.videodecoder")))
(if (> os-version 1009)
(allow sysctl-read (sysctl-name "hw.model")))