From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Tue, 18 Feb 2014 18:58:40 +0000 (+0000)
Subject: Add more exceptions to the sandbox profile.
X-Git-Tag: v2.2b1~755
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bcc4b6559678a8c6bff285df49f1f41fc9831d8c;p=thirdparty%2Fcups.git

Add more exceptions to the sandbox profile.


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11599 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/scheduler/process.c b/scheduler/process.c
index 469e77a682..6e28dc7ad8 100644
--- a/scheduler/process.c
+++ b/scheduler/process.c
@@ -170,6 +170,7 @@ cupsdCreateProfile(int job_id,		/* I - Job ID or 0 for none */
 		 " #\"^%s/\""		/* TempDir/... */
 		 " #\"^%s$\""		/* CacheDir */
 		 " #\"^%s/\""		/* CacheDir/... */
+		 " #\"^/private/var/db/\""
 		 " #\"^/private/var/folders/\""
 		 " #\"^/Library/Application Support/\""
 		 " #\"^/Library/Caches/\""
@@ -182,6 +183,8 @@ cupsdCreateProfile(int job_id,		/* I - Job ID or 0 for none */
                  "(allow file-read-data file-read-metadata\n"
                  "  (literal \"/private/etc/services\")\n"
                  "  (regex"
+                 " #\"^/AppleInternal$\""
+                 " #\"^/AppleInternal/\""
                  " #\"^/bin$\""		/* /bin */
                  " #\"^/bin/\""		/* /bin/... */
                  " #\"^/usr/bin$\""	/* /usr/bin */
@@ -290,6 +293,10 @@ cupsdCreateProfile(int job_id,		/* I - Job ID or 0 for none */
     cupsFilePuts(fp, "(allow network*\n"
 		     "       (local udp \"*:*\")\n"
 		     "       (remote udp \"*:*\"))\n");
+
+    /* Also allow access to Bluetooth, USB, and SMB */
+    cupsFilePuts(fp, "(allow iokit-open)\n");
+    cupsFilePuts(fp, "(allow file-read-* file-write (literal \"/dev/nsmb0\"))\n");
   }
   else
   {