blob: a5014f76413f4e85f808827399f14d679c337acd [file] [log] [blame]
;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
;; Use of this source code is governed by a BSD-style license that can be
;; found in the LICENSE file.
; This is the Sandbox configuration file used for safeguarding the user's
; untrusted code within Native Client.
; *** The contents of are implicitly included here. ***
; Allow a Native Client application to use semaphores, specifically
; sem_init(),
(allow ipc-posix-sem)
(allow user-preference-read)
(allow iokit-get-properties
(iokit-registry-entry-class "IORegisterForSystemPower"))
(allow iokit-open
(iokit-user-client-class "IOSurfaceSendRight")
(iokit-user-client-class "RootDomainUserClient")
(allow file-read-data
(subpath "/usr/share/locale")
; e.g. ~/Library/Preferences/
(path (string-append
(user-homedir-path "/Library/Preferences/")
(param bundle-id)
(allow mach-lookup
(global-name "")
(global-name "")
(if (>= os-version 1014)
(allow sysctl-read (sysctl-name "kern.tcsm_enable"))
(allow sysctl-write (sysctl-name "kern.tcsm_enable"))
(allow sysctl-read (sysctl-name "kern.tcsm_available"))