Those constants are pre-configured settings. The NAMED_EXTERNAL flag lets us pass in our own config, which is the renderer.sb. Apple hasn't really documented the file format, but if you do some searching on the web, you'll find some documentation folks have figured out and I believe there was a talk given at one point by some of the Apple folks that work on it. TVL
On Thu, Jul 30, 2009 at 2:32 AM, n179911 <n179...@gmail.com> wrote: > > Hi, > > I read this article: > > http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design > > It said Mac OSX supports five constants for sandbox access restrictions: > > * kSBXProfileNoInternet > * kSBXProfileNoNetwork > * kSBXProfileNoWrite > * kSBXProfileNoWriteExceptTemporary > * kSBXProfilePureComputation > > In the renderer, we would probably want to use a combination of > kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would > like to get by with kSBXProfilePureComputation, > > Can you please which access restrictions the renderer of chromium is > currently set to? > I have looked at renderer_main_platform_delegate_mac.mm, which I > believe is how/where chromium set the access restrictions to. But from > the code, i can't tell which access restrictions it assigns to > renderer. > > int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, > &error_buff); > > And I have looked at the file 'renderer.sb', it does not contains any > of the above 5 access restrictions string either. > > Thank you for your help. > > Regards, > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
