blob: c02bbd5c18faaa073bbc95ecb60bcda475a2a311 [file] [log] [blame]
;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
;; Use of this source code is governed by a BSD-style license that can be
;; found in the LICENSE file.
; *** The contents of the V1 sandbox are below. ***
(version 1)
; Helper function to check if a param is set to true.
(define (param-true? str) (string=? (param str) "TRUE"))
; Helper function to determine if a parameter is defined or not.
(define (param-defined? str) (string? (param str)))
; Define constants for all of the parameter strings passed in.
(define bundle-version-path "BUNDLE_VERSION_PATH")
(define disable-sandbox-denial-logging "DISABLE_SANDBOX_DENIAL_LOGGING")
(define enable-logging "ENABLE_LOGGING")
(define homedir-as-literal "USER_HOMEDIR_AS_LITERAL")
(define elcap-or-later "ELCAP_OR_LATER")
(define macos-1013 "MACOS_1013")
(define field-trial-server-name "FIELD_TRIAL_SERVER_NAME")
; Backwards compatibility for 10.9
(if (not (defined? 'path))
(define path literal))
(if (not (defined? 'iokit-registry-entry-class))
(define iokit-registry-entry-class iokit-user-client-class))
; Consumes a subpath and appends it to the user's homedir path.
(define (user-homedir-path subpath)
(string-append (param homedir-as-literal) subpath))
; (path) is not supported until 10.10.
; TODO(kerrnel): remove this when 10.9 is no longer supported.
(define (path x) (literal x))
; DISABLE_SANDBOX_DENIAL_LOGGING turns off log messages in the system log.
(if (param-true? disable-sandbox-denial-logging)
(deny default (with no-log))
(deny default))
; Support for programmatically enabling verbose debugging.
(if (param-true? enable-logging) (debug deny))
(allow mach-lookup (global-name (param field-trial-server-name)))
; Allow sending signals to self -
(allow signal (target self))
; Needed for full-page-zoomed controls -
(allow sysctl-read)
; Loading System Libraries.
(allow file-read*
(subpath "/System/Library/Frameworks")
(subpath "/System/Library/PrivateFrameworks")
(subpath "/System/Library/CoreServices"))
(allow ipc-posix-shm)
; Allow direct access to /dev/urandom, similar to Linux/POSIX, to allow
; third party code (eg: bits of Adobe Flash and NSS) to function properly.
(allow file-read-data file-read-metadata (literal "/dev/urandom"))
; *** The contents of the V1 sandbox are below. ***
; Allow communication between the GPU process and the UI server.
(allow mach-lookup (global-name ""))
(allow file-read-metadata (literal "/"))
; Needed for WebGL -
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOFramebufferSharedUserClient")
(iokit-user-client-class "AppleGraphicsControlClient")
(iokit-user-client-class "AGPMClient")
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "RootDomainUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight"))
(if (param-true? elcap-or-later)
(allow file-read* (subpath "/System/Library/Extensions")))
; Needed for VideoToolbox usage -
(allow mach-lookup (global-name ""))
; Needed for 10.14.5+ -
(if (defined? 'xpc-service-name)
(allow mach-lookup (xpc-service-name "")))
; Needed for GPU process to fallback to SwiftShader -
(allow file-read-data file-read-metadata (subpath (param bundle-version-path)))