Bug 1225023: Allow Flash Player to create Adobe\Flash Player and Macromedia\Flash Player directories. r=bbondy

This commit is contained in:
Bob Owen 2015-11-17 07:24:34 +00:00
parent 57c0314350
commit 53c9d7290d
3 changed files with 20 additions and 3 deletions

View File

@ -74,7 +74,8 @@ AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSv
static void
AddSandboxAllowedFiles(int32_t aSandboxLevel,
vector<std::wstring>& aAllowedFilesRead,
vector<std::wstring>& aAllowedFilesReadWrite)
vector<std::wstring>& aAllowedFilesReadWrite,
vector<std::wstring>& aAllowedDirectories)
{
if (aSandboxLevel < 2) {
return;
@ -95,12 +96,21 @@ AddSandboxAllowedFiles(int32_t aSandboxLevel,
}
// Level 2 and above is now using low integrity, so we need to give write
// access to the Flash directories.
// access to the Flash directories. Access also has to be given to create
// the parent directories as they may not exist.
// This should be made Flash specific (Bug 1171396).
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia"));
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe"));
// Write access to the Temp directory is needed in some mochitest crash
// tests.
@ -117,7 +127,7 @@ PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchComple
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
mSandboxLevel = aSandboxLevel;
AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead,
mAllowedFilesReadWrite);
mAllowedFilesReadWrite, mAllowedDirectories);
#else
if (aSandboxLevel != 0) {
MOZ_ASSERT(false,

View File

@ -949,6 +949,12 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
++it) {
mSandboxBroker.AllowReadWriteFile(it->c_str());
}
for (auto it = mAllowedDirectories.begin();
it != mAllowedDirectories.end();
++it) {
mSandboxBroker.AllowDirectory(it->c_str());
}
}
#endif // XP_WIN && MOZ_SANDBOX

View File

@ -160,6 +160,7 @@ protected:
SandboxBroker mSandboxBroker;
std::vector<std::wstring> mAllowedFilesRead;
std::vector<std::wstring> mAllowedFilesReadWrite;
std::vector<std::wstring> mAllowedDirectories;
bool mEnableSandboxLogging;
int32_t mSandboxLevel;
#endif