From 910eafbdc49c978aa2e68ecc64f8d12cabab8f56 Mon Sep 17 00:00:00 2001
From: Patrick Walton <pcwalton@mimiga.net>
Date: Tue, 21 Aug 2012 17:16:16 -0700
Subject: [PATCH] servo: Don't allow processes to be executed inside
 /private/var or Autosave Info

Source-Repo: https://github.com/servo/servo
Source-Revision: b10b669575cde74baea08010f50fb0521f4b8db7
---
 servo/src/etc/servo.sb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/servo/src/etc/servo.sb b/servo/src/etc/servo.sb
index 9247ec780548..6983fb863482 100644
--- a/servo/src/etc/servo.sb
+++ b/servo/src/etc/servo.sb
@@ -18,6 +18,10 @@
 (allow process-exec
     (regex #"/servo$"))
 
+(deny process-exec
+    (regex #"^/Users/[^/]+/Library/Autosave Information")
+    (subpath "/private/var"))
+
 (allow sysctl-read)
 (allow sysctl-write)
 (allow ipc-posix-shm)