Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-18 15:55:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1384941 - removed access to mach services which are used for cameras in the content process; r=haik

Browse Source 
MozReview-Commit-ID: Ir6KgLM34bu

--HG--
extra : rebase_source : badd0b62f20b870f7da82fcbefb09f7545e02801
This commit is contained in:
Alex Gaynor 2017-07-25 11:51:03 -04:00
parent 22e9f773cb
commit 567f1c90d0
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/sandbox/mac/SandboxPolicies.h
View File

@ -181,7 +181,6 @@ static const char contentSandboxRules[] = R"(
(ipc-posix-name-regex "^AudioIO"))
(allow signal (target self))
(allow job-creation (literal "/Library/CoreMediaIO/Plug-Ins/DAL"))
(allow iokit-set-properties (iokit-property "IOAudioControlValue"))
(allow mach-lookup
@ -192,13 +191,11 @@ static const char contentSandboxRules[] = R"(
(global-name "com.apple.audio.coreaudiod")
(global-name "com.apple.audio.audiohald")
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.cmio.VDCAssistant")
(global-name "com.apple.SystemConfiguration.configd")
(global-name "com.apple.iconservices")
(global-name "com.apple.cache_delete")
(global-name "com.apple.pluginkit.pkd")
(global-name "com.apple.bird")
(global-name "com.apple.cmio.AppleCameraAssistant")
(global-name "com.apple.DesktopServicesHelper"))
; bug 1376163
@ -222,9 +219,7 @@ static const char contentSandboxRules[] = R"(
(iokit-user-client-class "IGAccelVideoContextMain")
(iokit-user-client-class "IGAccelVideoContextMedia")
(iokit-user-client-class "IGAccelVideoContextVEBox")
(iokit-user-client-class "RootDomainUserClient")
(iokit-user-client-class "IOUSBDeviceUserClientV2")
(iokit-user-client-class "IOUSBInterfaceUserClientV2"))
(iokit-user-client-class "RootDomainUserClient"))
; depending on systems, the 1st, 2nd or both rules are necessary
(allow-shared-preferences-read "com.apple.HIToolbox")
@ -236,7 +231,6 @@ static const char contentSandboxRules[] = R"(
(allow file-read*
(subpath "/Library/Fonts")
(subpath "/Library/Audio/Plug-Ins")
(subpath "/Library/CoreMediaIO/Plug-Ins/DAL")
(subpath "/Library/Spelling")
(literal "/")
(literal "/private/tmp")