mirror of
https://github.com/servo/servo.git
synced 2025-08-03 12:40:06 +01:00
Move sandboxing into the constellation crate.
This commit is contained in:
parent
f1efeb00af
commit
38d96c9564
9 changed files with 10 additions and 16 deletions
|
@ -33,6 +33,3 @@ serde = "0.7"
|
|||
serde_macros = "0.7"
|
||||
time = "0.1.17"
|
||||
url = {version = "1.0.0", features = ["heap_size"]}
|
||||
|
||||
[target.'cfg(not(target_os = "windows"))'.dependencies]
|
||||
gaol = {git = "https://github.com/servo/gaol"}
|
||||
|
|
|
@ -15,8 +15,6 @@ extern crate app_units;
|
|||
|
||||
extern crate azure;
|
||||
extern crate euclid;
|
||||
#[cfg(not(target_os = "windows"))]
|
||||
extern crate gaol;
|
||||
extern crate gfx;
|
||||
extern crate gfx_traits;
|
||||
extern crate gleam;
|
||||
|
@ -59,8 +57,6 @@ mod compositor;
|
|||
mod compositor_layer;
|
||||
pub mod compositor_thread;
|
||||
mod delayed_composition;
|
||||
#[cfg(not(target_os = "windows"))]
|
||||
pub mod sandboxing;
|
||||
mod surface_map;
|
||||
mod touch;
|
||||
pub mod windowing;
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use gaol::profile::{Operation, PathPattern, Profile};
|
||||
use std::path::PathBuf;
|
||||
use util::resource_files;
|
||||
|
||||
/// Our content process sandbox profile on Mac. As restrictive as possible.
|
||||
#[cfg(target_os = "macos")]
|
||||
pub fn content_process_sandbox_profile() -> Profile {
|
||||
use gaol::platform;
|
||||
Profile::new(vec![
|
||||
Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
|
||||
Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
|
||||
Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/Library/Fonts"))),
|
||||
Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/System/Library/Fonts"))),
|
||||
Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
|
||||
"/System/Library/Frameworks/ApplicationServices.framework"))),
|
||||
Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
|
||||
"/System/Library/Frameworks/CoreGraphics.framework"))),
|
||||
Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/"))),
|
||||
Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/Library"))),
|
||||
Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/System"))),
|
||||
Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/etc"))),
|
||||
Operation::SystemInfoRead,
|
||||
Operation::PlatformSpecific(platform::macos::Operation::MachLookup(
|
||||
b"com.apple.FontServer".to_vec())),
|
||||
]).expect("Failed to create sandbox profile!")
|
||||
}
|
||||
|
||||
/// Our content process sandbox profile on Linux. As restrictive as possible.
|
||||
#[cfg(not(target_os = "macos"))]
|
||||
pub fn content_process_sandbox_profile() -> Profile {
|
||||
Profile::new(vec![
|
||||
Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
|
||||
Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
|
||||
]).expect("Failed to create sandbox profile!")
|
||||
}
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue