;; ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. ;; Use of this source code is governed by a BSD-style license that can be ;; found in the LICENSE file. ;; ; *** The contents of the V1 sandbox common.sb are below. *** (version 1) ; Helper function to check if a param is set to true. (define (param-true? str) (string=? (param str) "TRUE")) ; Helper function to determine if a parameter is defined or not. (define (param-defined? str) (string? (param str))) ; Define constants for all of the parameter strings passed in. (define bundle-version-path "BUNDLE_VERSION_PATH") (define disable-sandbox-denial-logging "DISABLE_SANDBOX_DENIAL_LOGGING") (define enable-logging "ENABLE_LOGGING") (define homedir-as-literal "USER_HOMEDIR_AS_LITERAL") (define elcap-or-later "ELCAP_OR_LATER") (define macos-1013 "MACOS_1013") (define field-trial-server-name "FIELD_TRIAL_SERVER_NAME") ; Backwards compatibility for 10.9 (if (not (defined? 'path)) (define path literal)) (if (not (defined? 'iokit-registry-entry-class)) (define iokit-registry-entry-class iokit-user-client-class)) ; Consumes a subpath and appends it to the user's homedir path. (define (user-homedir-path subpath) (string-append (param homedir-as-literal) subpath)) ; (path) is not supported until 10.10. ; TODO(kerrnel): remove this when 10.9 is no longer supported. (define (path x) (literal x)) ; DISABLE_SANDBOX_DENIAL_LOGGING turns off log messages in the system log. (if (param-true? disable-sandbox-denial-logging) (deny default (with no-log)) (deny default)) ; Support for programmatically enabling verbose debugging. (if (param-true? enable-logging) (debug deny)) (allow mach-lookup (global-name (param field-trial-server-name))) ; Allow sending signals to self - https://crbug.com/20370 (allow signal (target self)) ; Needed for full-page-zoomed controls - https://crbug.com/11325 (allow sysctl-read) ; Loading System Libraries. (allow file-read* (subpath "/System/Library/Frameworks") (subpath "/System/Library/PrivateFrameworks") (subpath "/System/Library/CoreServices")) (allow ipc-posix-shm) ; Allow direct access to /dev/urandom, similar to Linux/POSIX, to allow ; third party code (eg: bits of Adobe Flash and NSS) to function properly. (allow file-read-data file-read-metadata (literal "/dev/urandom")) ; *** The contents of the V1 sandbox gpu.sb are below. *** ; Allow communication between the GPU process and the UI server. (allow mach-lookup (global-name "com.apple.tsm.uiserver")) (allow file-read-metadata (literal "/")) ; Needed for WebGL - crbug.com/75343 (allow iokit-open (iokit-connection "IOAccelerator") (iokit-user-client-class "IOAccelerationUserClient") (iokit-user-client-class "IOFramebufferSharedUserClient") (iokit-user-client-class "AppleGraphicsControlClient") (iokit-user-client-class "AGPMClient") (iokit-user-client-class "IOHIDParamUserClient") (iokit-user-client-class "RootDomainUserClient") (iokit-user-client-class "IOSurfaceRootUserClient") (iokit-user-client-class "IOSurfaceSendRight")) ; https://crbug.com/515280 (if (param-true? elcap-or-later) (allow file-read* (subpath "/System/Library/Extensions"))) ; Needed for VideoToolbox usage - https://crbug.com/767037 (allow mach-lookup (global-name "com.apple.coremedia.videodecoder")) ; Needed for 10.14.5+ - https://crbug.com/957217 (if (defined? 'xpc-service-name) (allow mach-lookup (xpc-service-name "com.apple.MTLCompilerService"))) ; Needed for GPU process to fallback to SwiftShader - https://crbug.com/897914 (allow file-read-data file-read-metadata (subpath (param bundle-version-path)))