diff options
| author | Alexandru Croitor <alexandru.croitor@qt.io> | 2019-01-17 17:46:08 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-11-11 13:13:38 +0100 |
| commit | b416bdc320340ebff795b985efe72b3659ef4631 (patch) | |
| tree | 222c5fd8eb1e98ee6b2c3a22d60411060300283f /chromium/sandbox | |
| parent | a18110d8a972652f43404bcdfb36a2485cc6d370 (diff) | |
| download | qtwebengine-chromium-b416bdc320340ebff795b985efe72b3659ef4631.tar.gz | |
Pass Qt Prefix path to the macOS V2 Seatbelt Sandbox
The render process requires access to the Qt resources directory
(for ICU data files for example).
Pass the Qt prefix path to the sandbox rules, to allow file read
access.
Change-Id: I2364ef4711d225aae2d14da78e33c609f4f8b5bd
Fixes: QTBUG-73089
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/sandbox')
| -rw-r--r-- | chromium/sandbox/policy/mac/common.sb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/sandbox/policy/mac/common.sb b/chromium/sandbox/policy/mac/common.sb index 84c7e99b329..d91108341bf 100644 --- a/chromium/sandbox/policy/mac/common.sb +++ b/chromium/sandbox/policy/mac/common.sb @@ -14,6 +14,7 @@ (define bundle-id "BUNDLE_ID") (define bundle-path "BUNDLE_PATH") (define component-path "COMPONENT_PATH") +(define qt-prefix-path "QT_PREFIX_PATH") (define current-pid "CURRENT_PID") (define disable-sandbox-denial-logging "DISABLE_SANDBOX_DENIAL_LOGGING") (define enable-logging "ENABLE_LOGGING") @@ -91,6 +92,9 @@ (if (param-defined? component-path) (allow file-read* (subpath (param component-path)))) +(if (param-defined? qt-prefix-path) + (allow file-read* (subpath (param qt-prefix-path)))) + (allow process-exec (path (param executable-path))) (allow file-read* (path (param executable-path))) |