202
edits
Sandbox/OS X Rule Set: Difference between revisions
Jump to navigation
Jump to search
Updated main home directory filesystem rule
Haftandilian (talk | contribs) (Updated section on profile subdirs -- extensions and weave) |
Haftandilian (talk | contribs) (Updated main home directory filesystem rule) |
||
| Line 540: | Line 540: | ||
[[#aar_home_lib|link]] | [[#aar_home_lib|link]] | ||
<pre style="border:none;"> | <pre style="border:none;"> | ||
"; the following rules should be removed when printing and \n" | "; the following rules should be removed when printing and\n" | ||
"; opening a file from disk are brokered through the main process\n" | "; opening a file from disk are brokered through the main process\n" | ||
" | " (if (< sandbox-level 2)\n" | ||
" | " (if (not (zero? hasProfileDir))\n" | ||
" (allow file*\n" | " (allow file*\n" | ||
" (require- | " (require-all\n" | ||
" (home-subpath \"/Library\")))\n" | " (require-not (home-subpath \"/Library\"))\n" | ||
" (require-not (subpath profileDir))))\n" | |||
" (allow file*\n" | " (allow file*\n" | ||
" (require-all\n" | " (require-not (home-subpath \"/Library\"))))\n" | ||
" | " (allow file*\n" | ||
" | " (require-all\n" | ||
" | " (subpath home-path)\n" | ||
" (require-not\n" | |||
" (home-subpath \"/Library\")))))\n" | |||
</pre> | </pre> | ||
|| File read and write access for $HOME | || File read and write access for $HOME excluding ~/Library and the current profile directory. We need write access for printing. We need read access to allow user to read files from $HOME. i.e., file:// resources. | ||
|- id=aar_printing1 | |- id=aar_printing1 | ||
| | | | ||