| ;; |
| ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| ;; Use of this source code is governed by a BSD-style license that can be |
| ;; found in the LICENSE file. |
| ;; |
| ; This is the Sandbox configuration file used for safeguarding the utility |
| ; process which is used for performing sandboxed operations that need to touch |
| ; the filesystem like decoding theme images and unpacking extensions. |
| ; |
| ; This configuration locks everything down, except access to one configurable |
| ; directory. This is different from other sandbox configuration files where |
| ; file system access is entireley restricted. |
| |
| ; *** The contents of content/common/common.sb are implicitly included here. *** |
| |
| ; Enable full access to given directory if needed. |
| (if (param-defined? permitted-dir) |
| (begin |
| (allow file-read-metadata ) |
| (allow file-read* file-write* (regex (param permitted-dir))))) |