macOS V2 Sandbox: Allow lsd.mapdb service in the GPU.

This attempts to address crashes where the GPU process is hanging trying to contact launchservicesd. It attempts to address these crashes by allowing access to the lsdb.mapdb launchservices endpoint, which exposes less attack surface than the full launchservicesd. Bug: 812228 Change-Id: I1f44bad960d1d07fda622a4d5ad957b281c96792 Reviewed-on: https://chromium-review.googlesource.com/923126Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#537356}

macOS V2 Sandbox: Allow lsd.mapdb service in the GPU.
This attempts to address crashes where the GPU process is hanging trying to contact launchservicesd. It attempts to address these crashes by allowing access to the lsdb.mapdb launchservices endpoint, which exposes less attack surface than the full launchservicesd. Bug: 812228 Change-Id: I1f44bad960d1d07fda622a4d5ad957b281c96792 Reviewed-on: https://chromium-review.googlesource.com/923126Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#537356}
1aa6c877 · Greg Kerr · Commit Bot · 6b23a879 · 1aa6c877
Commit 1aa6c877 authored Feb 16, 2018 by Greg Kerr Committed by Commit Bot Feb 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

services/service_manager/sandbox/mac/gpu_v2.sb services/service_manager/sandbox/mac/gpu_v2.sb +1 -0

No files found.
--- a/services/service_manager/sandbox/mac/gpu_v2.sb
+++ b/services/service_manager/sandbox/mac/gpu_v2.sb
@@ -8,6 +8,7 @@
 (allow mach-lookup
  (global-name "com.apple.CoreServices.coreservicesd")
  (global-name "com.apple.cvmsServ")
+  (global-name "com.apple.lsd.mapdb")
  (global-name "com.apple.system.notification_center")
  (global-name "com.apple.tsm.uiserver")
  (global-name "com.apple.windowserver.active"))