1;;
2;; Copyright (c) 2011 The Chromium Authors. All rights reserved.
3;; Use of this source code is governed by a BSD-style license that can be
4;; found in the LICENSE file.
5;;
6; This is the Sandbox configuration file used for safeguarding the user's
7; untrusted code within Native Client.
8;
9
10; *** The contents of common.sb are implicitly included here. ***
11
12; Allow a Native Client application to use semaphores, specifically
13; sem_init(), et.al.
14(allow ipc-posix-sem)
15
16(allow user-preference-read)
17
18(allow iokit-get-properties
19  (iokit-registry-entry-class "IORegisterForSystemPower"))
20
21(allow iokit-open
22  (iokit-user-client-class "IOSurfaceSendRight")
23  (iokit-user-client-class "RootDomainUserClient")
24)
25
26(allow file-read-data
27  (subpath "/usr/share/locale")
28  ; e.g. ~/Library/Preferences/com.google.Chrome.plist
29  (path (string-append
30          (user-homedir-path "/Library/Preferences/")
31          (param bundle-id)
32          ".plist"))
33)
34
35(allow mach-lookup
36  (global-name "com.apple.PowerManagement.control")
37  (global-name "com.apple.system.notification_center")
38)
39
40(if (>= os-version 1014)
41  (begin
42    (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
43    (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
44    (allow sysctl-read (sysctl-name "kern.tcsm_available"))
45))
46