From 38ecd4cad0798d5c9eb4bcb5cb86ee18940406fd Mon Sep 17 00:00:00 2001
From: Gian-Carlo Pascutto <gcp@mozilla.com>
Date: Wed, 13 Sep 2017 15:55:07 +0200
Subject: [PATCH] Bug 1399392 - Don't hardcode .config, use XDG_* environment
 vars. r=jld

MozReview-Commit-ID: 30j9VbHUjFn

--HG--
extra : rebase_source : f36d5ff8d54215899862621908d48b57ffa78af3
---
 .../broker/SandboxBrokerPolicyFactory.cpp      | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index 65fa88655297..af597fe85b8c 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -130,10 +130,20 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
   }
 #endif
 
-  // Configuration dirs in the homedir that we want to allow read
+  // Allow access to XDG_CONFIG_PATH and XDG_CONFIG_DIRS
+  if (const auto xdgConfigPath = PR_GetEnv("XDG_CONFIG_PATH")) {
+    policy->AddDir(rdonly, xdgConfigPath);
+  }
+
+  nsAutoCString xdgConfigDirs(PR_GetEnv("XDG_CONFIG_DIRS"));
+  for (const auto& path : xdgConfigDirs.Split(':')) {
+    policy->AddDir(rdonly, PromiseFlatCString(path).get());
+  }
+
+  // Extra configuration dirs in the homedir that we want to allow read
   // access to.
-  mozilla::Array<const char*, 3> confDirs = {
-    ".config",
+  mozilla::Array<const char*, 3> extraConfDirs = {
+    ".config",   // Fallback if XDG_CONFIG_PATH isn't set
     ".themes",
     ".fonts",
   };
@@ -143,7 +153,7 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
   if (NS_SUCCEEDED(rv)) {
     nsCOMPtr<nsIFile> confDir;
 
-    for (auto dir : confDirs) {
+    for (const auto& dir : extraConfDirs) {
       rv = homeDir->Clone(getter_AddRefs(confDir));
       if (NS_SUCCEEDED(rv)) {
         rv = confDir->AppendNative(nsDependentCString(dir));