| [email protected] | 882f1d56 | 2009-11-05 14:04:48 | [diff] [blame] | 1 | ;; |
| [email protected] | 8a72f64c | 2011-04-07 18:04:57 | [diff] [blame] | 2 | ;; Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| [email protected] | 882f1d56 | 2009-11-05 14:04:48 | [diff] [blame] | 3 | ;; Use of this source code is governed by a BSD-style license that can be |
| 4 | ;; found in the LICENSE file. | ||||
| 5 | ;; | ||||
| 6 | ; This is the Sandbox configuration file used for safeguarding the utility | ||||
| 7 | ; process which is used for performing sandboxed operations that need to touch | ||||
| 8 | ; the filesystem like decoding theme images and unpacking extensions. | ||||
| 9 | ; | ||||
| 10 | ; This configuration locks everything down, except access to one configurable | ||||
| 11 | ; directory. This is different from other sandbox configuration files where | ||||
| 12 | ; file system access is entireley restricted. | ||||
| [email protected] | 882f1d56 | 2009-11-05 14:04:48 | [diff] [blame] | 13 | |
| [email protected] | 8a72f64c | 2011-04-07 18:04:57 | [diff] [blame] | 14 | ; *** The contents of content/common/common.sb are implicitly included here. *** |
| [email protected] | 882f1d56 | 2009-11-05 14:04:48 | [diff] [blame] | 15 | |
| [email protected] | 120be5d | 2009-12-03 15:36:08 | [diff] [blame] | 16 | ; Enable full access to given directory if needed. |
| kerrnel | e46995f | 2015-07-16 15:41:30 | [diff] [blame] | 17 | (if (param-defined? permitted-dir) |
| 18 | (begin | ||||
| 19 | (allow file-read-metadata ) | ||||
| 20 | (allow file-read* file-write* (regex (param permitted-dir))))) | ||||