Sandbox/OS X Rule Set: Difference between revisions

Sandbox/OS X Rule Set (view source)

Revision as of 22:13, 4 May 2016

609 bytes added , 4 May 2016

Updates

Haftandilian

202

edits

@@ Line 207: / Line 207: @@
    "             (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
    "\n"
+</pre>
+</small>
+|| Macros (needs more explanation)
+|-
+|
+<pre  style="border:none;">
    "    (allow file-read-metadata)\n"
+</pre>
+|| Does this allow file-read-metadata for all files?
+|-
+|
+<pre  style="border:none;">
    "\n"
    "    (allow ipc-posix-shm\n"
@@ Line 213: / Line 225: @@
    "        (ipc-posix-name-regex \"^CFPBS:\")\n"
    "        (ipc-posix-name-regex \"^AudioIO\"))\n"
+</pre>
+|| IPC shared memory?
+|-
+|
+<pre style="border:none;">
    "\n"
    "    (allow file-read-metadata\n"
@@ Line 220: / Line 237: @@
    "        (var-folders-regex \"/\")\n"
    "        (home-subpath \"/Library\"))\n"
+</pre>
+|| Allow reading of file metadata for this directories and files. Is this redundant give the above "(allow file-read-metadata)" rule.
+|-
+|<small><pre style="border:none;">
    "\n"
    "    (allow signal (target self))\n"
@@ Line 410: / Line 431: @@
    "        (home-subpath \"/Library/Caches/TemporaryItems\"))\n"
    "\n"
+</pre>
+</small>
+|| TODO
+|-
+| <pre style="border:none;">
    "; bug 1237847\n"
    "    (allow file-read*\n"
@@ Line 418: / Line 444: @@
    ")\n";
 </pre>
-</small>
+||
-|| Example
+Allow full reads and writes to appTempDir which (in this example) is "/Users/<USERNAME>/Library/Caches/TemporaryItems/Temp-{62ac76fa-73fd-8f46-bd2b-12c4d53aa1cc}". The directory is reset each time Firefox starts.
-|-
-| The final row left column || The final row right column
 |}