tequilaOS/platform_build_soong
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build_soong/ui/build/sandbox/darwin/global.sb
Dan Willemsen 184901135c Revert "Revert "Revert "Revert "Add path interposer"""" 
This reverts commit 09f4540d66.

Fixes the raw call to net.Listen in the tests to go through the listen()
helper and use the long socket path fallbacks.

Removes the use of timeouts from the tests -- the behaviors being tested
did not rely on timeouts, so removing them will reduce the flakiness if
the build is heavily loading the machine at the same time the test is
running.

Also fixes some potential nil pointer dereferences.

Test: OUT_DIR=<really long> m blueprint_tools
Test: `while .../soong-ui-build-paths/test/test; do sleep 0.01; done` with a build running
Change-Id: I16d44be7517bc415f1c808284088f4ba40df3bfa
2018-05-31 14:59:33 -07:00

46 lines
1.4 KiB
Text
Raw Blame History

(version 1)
; TODO: (deny default)
(allow default (with report))
; Import apple-defined rules for bsd daemons
(import "bsd.sb")
; Allow reading of any file
(allow file-read*)
; Allow writing to $OUT_DIR and $DIST_DIR
(allow file-write*
(subpath (param "OUT_DIR"))
(subpath (param "DIST_DIR")))
; Java attempts to write usage data to ~/.oracle_jre_usage, just ignore
(deny file-write* (with no-log)
(subpath (string-append (param "HOME") "/.oracle_jre_usage")))
; Allow writes to user-specific temp folders (Java stores hsperfdata there)
(allow file-write*
(subpath "/private/var/folders"))
; Allow writing to the terminal
(allow file-write-data
(subpath "/dev/tty"))
; Java
(allow mach-lookup
(global-name "com.apple.SystemConfiguration.configd") ; Java
(global-name "com.apple.CoreServices.coreservicesd") ; xcodebuild in Soong
(global-name "com.apple.FSEvents") ; xcodebuild in Soong
(global-name "com.apple.lsd.mapdb") ; xcodebuild in Soong
(global-name-regex #"^com\.apple\.distributed_notifications") ; xcodebuild in Soong
)
; Allow suid /bin/ps to function
(allow process-exec (literal "/bin/ps") (with no-sandbox))
; Allow path_interposer unix domain socket without logging
(allow network-outbound (literal (string-append (param "OUT_DIR") "/.path_interposer_log")))
; Allow executing any file
(allow process-exec*)
(allow process-fork)
Reference in a new issue View git blame Copy permalink