From b10b669575cde74baea08010f50fb0521f4b8db7 Mon Sep 17 00:00:00 2001
From: Patrick Walton <pcwalton@mimiga.net>
Date: Tue, 21 Aug 2012 17:16:16 -0700
Subject: [PATCH] Don't allow processes to be executed inside /private/var or
 Autosave Info

---
 src/etc/servo.sb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/etc/servo.sb b/src/etc/servo.sb
index 9247ec78054..6983fb86348 100644
--- a/src/etc/servo.sb
+++ b/src/etc/servo.sb
@@ -18,6 +18,10 @@
 (allow process-exec
     (regex #"/servo$"))
 
+(deny process-exec
+    (regex #"^/Users/[^/]+/Library/Autosave Information")
+    (subpath "/private/var"))
+
 (allow sysctl-read)
 (allow sysctl-write)
 (allow ipc-posix-shm)