thakis added a comment. Looks like the email reply didn't make it to phab, so here it is again:
It's in this program, which is pretty stand-alone: https://cs.chromium.org/chromium/src/chrome/utility/safe_browsing/mac/crdmg.cc?q=crdmg&sq=package:chromium&l=95 EnableSandbox() is on line 134. clang, compiler-rt are trunk from 2 weeks ago, SDK is 10.12, os 10.12.5. I don't think the particular version numbers matter too much though. Here's a standalone demo: thakis-macpro:src thakis$ cat foo.cc #include <sandbox.h> int main() { const char sbox[] = "(version 1) (deny default)"; char* err; ::sandbox_init(sbox, 0, &err); if (__builtin_available(macos 10.10, *)) return 32; else return 14; } thakis-macpro:src thakis$ third_party/llvm-build/Release+Asserts/bin/clang -o foo foo.cc -isysroot $(xcrun -show-sdk-path) -mmacosx-version-min=10.9 -w && ./foo thakis-macpro:src thakis$ echo $? 14 thakis-macpro:src thakis$ sw_vers -productVersion 10.12.5 After running that, look for "sandbox" in console.app to find the "deny file-read-data". Repository: rL LLVM https://reviews.llvm.org/D27827 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
