MozillaWiki

Sandbox/OS X Rule Set: Difference between revisions

Page Discussion

Sandbox/OS X Rule Set (view source)

Revision as of 17:22, 3 May 2016

25 bytes removed ,  3 May 2016
system.sb
(Comments on system.sb)
(system.sb)
Line 45: Line 45:
|
|
<pre style="border:none;">(import \"/System/Library/Sandbox/Profiles/system.sb\")</pre>
<pre style="border:none;">(import \"/System/Library/Sandbox/Profiles/system.sb\")</pre>
This excerpt it what is enabled for us.
This excerpt it what is enabled for us. The file also defines some macros, but they're not used in the file or by our rules. Namely "(define (system-network) ...)" and "(define (system-graphics) ...)".
 
<small>
<pre style="border:none;">
<pre style="border:none;">
...
...
Line 121: Line 123:
(allow sysctl-read)
(allow sysctl-read)
</pre>
</pre>
</small>
||
||
This imports all the sandbox policy directives in the file /System/Library/Sandbox/Profiles/system.sb which ships with OS X. It includes a lot: per-PID services, file-read access for some system directories, file-write to /cores/, access to graphics hardware, lots of com.apple API's, and network I/O (might just be outbound.)
This imports all the sandbox policy directives in the file /System/Library/Sandbox/Profiles/system.sb which ships with OS X.
 
 
 
|-
|-
|
|
Haftandilian
202

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1130828"