servo/etc/servo.sb
author Randell Jesup <rjesup@jesup.org>
Thu, 06 Apr 2017 23:23:44 -0400
changeset 351784 c858836be29efd3b0634ebc3532d220e32b342e8
parent 334878 011d6feca67a86ea040809de94e51c634766265f
permissions -rw-r--r--
Bug 1354068: fix uninitialized rv in some paths in nsWebShellWindow r=bdahl MozReview-Commit-ID: LyQUAvVXlr2

(version 1)

(deny default)

(allow file*
    (literal "/dev/dtracehelper")
    (literal "/dev/urandom")
    (literal "/dev/null"))

(allow file-read*
    (subpath ""))

(allow file-write*
    (regex #"^/Users/[^/]+/Library/Autosave Information")
    (subpath "/private/var"))

; This is unfortunate...
(allow process-exec
    (regex #"/servo$"))

(deny file-write*
    (regex #"/servo$"))

(allow sysctl-read)
(allow sysctl-write)
(allow ipc-posix-shm)
(allow process-fork)
(allow mach-lookup)
(allow network-outbound)

(debug deny)