Commit 798919bf authored by ap@apple.com's avatar ap@apple.com

<rdar://problem/13681842> [Mac] Tweak WebProcess sandbox profile to use

        system-graphics function when available.

        Reviewed by Sam Weinig.

        * WebProcess/com.apple.WebProcess.sb.in:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 25d930a1
2013-04-22 Alexey Proskuryakov <ap@apple.com>
<rdar://problem/13681842> [Mac] Tweak WebProcess sandbox profile to use
system-graphics function when available.
Reviewed by Sam Weinig.
* WebProcess/com.apple.WebProcess.sb.in:
2013-04-22 Zan Dobersek <zdobersek@igalia.com>
[GTK] Set up libPlatform.la
......@@ -36,6 +36,19 @@
(require-all (socket-domain AF_SYSTEM)
(socket-protocol 2)) ; SYSPROTO_CONTROL
(socket-domain AF_ROUTE)))
;; Low level graphics. Defined in system.sb on newer OS versions.
(define (system-graphics)
(allow mach-lookup (global-name "com.apple.cvmsServ"))
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight")
(iokit-user-client-class "IOFramebufferSharedUserClient")
(iokit-user-client-class "AppleSNBFBUserClient")
(iokit-user-client-class "AGPMClient")
(iokit-user-client-class "AppleGraphicsControlClient")))
#endif
;; Read-only preferences and data
......@@ -117,17 +130,9 @@
;; IOKit user clients
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOFramebufferSharedUserClient")
(iokit-user-client-class "AppleGraphicsControlClient")
(iokit-user-client-class "AppleSNBFBUserClient")
(iokit-user-client-class "AppleUpstreamUserClient")
(iokit-user-client-class "AGPMClient")
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "RootDomainUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight")
(iokit-user-client-class "IOAudioControlUserClient")
(iokit-user-client-class "IOAudioEngineUserClient"))
......@@ -143,7 +148,6 @@
(global-name "com.apple.audio.audiohald")
(global-name "com.apple.audio.coreaudiod")
(global-name "com.apple.cookied")
(global-name "com.apple.cvmsServ")
(global-name "com.apple.dock.server")
(global-name "com.apple.system.opendirectoryd.api")
(global-name "com.apple.tccd")
......@@ -183,6 +187,9 @@
(allow file-read-data
(literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
;; Graphics
(system-graphics)
;; Networking
(system-network)
(allow network-outbound
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment