blob: 49a72ccfac371123173bfbf103ad8d8324b12e98 [file] [log] [blame]
; Copyright 2017 The Chromium Authors. All rights reserved.
; Use of this source code is governed by a BSD-style license that can be
; found in the LICENSE file.
; --- The contents of implicitly included here. ---
; Allow communication between the GPU process and the UI server.
(allow mach-lookup
(global-name "")
(global-name "")
(global-name "")
(global-name "")
(global-name "")
(global-name ""))
; Needed for WebGL -
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "AGPMClient")
(iokit-user-client-class "AppleGraphicsControlClient")
(iokit-user-client-class "AppleMGPUPowerControlClient")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOFramebufferSharedUserClient")
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight"))
(iokit-user-client-class "RootDomainUserClient")
(allow ipc-posix-shm-read-data
(ipc-posix-name "apple.shm.notification_center"))
(if (>= os-version 1011)
(allow file-read* (subpath "/System/Library/Extensions")))
; Needed for VideoToolbox usage -
(if (>= os-version 1013)
(allow mach-lookup (global-name "")))
(if (> os-version 1009)
(allow sysctl-read (sysctl-name "hw.model")))