mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 14:52:16 +00:00
Bug 1916286: Add rule for MountPointManager in AddDeveloperRepoDirToPolicy. r=yjuglaret
Differential Revision: https://phabricator.services.mozilla.com/D220873
This commit is contained in:
parent
026210612c
commit
5a64e37692
@ -263,9 +263,25 @@ static void AddDeveloperRepoDirToPolicy(sandbox::TargetPolicy* aPolicy) {
|
||||
std::replace(repoPath.begin(), repoPath.end(), '/', '\\');
|
||||
repoPath.append(WSTRING("\\*"));
|
||||
|
||||
aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
|
||||
auto result = aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
|
||||
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
|
||||
repoPath.c_str());
|
||||
if (result != sandbox::SBOX_ALL_OK) {
|
||||
NS_ERROR("Failed to add rule for developer repo dir.");
|
||||
LOG_E("Failed (ResultCode %d) to add read access to developer repo dir",
|
||||
result);
|
||||
}
|
||||
|
||||
// The following is required if the process is using a USER_RESTRICTED or
|
||||
// lower access token level.
|
||||
result = aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
|
||||
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
|
||||
L"\\??\\MountPointManager");
|
||||
if (result != sandbox::SBOX_ALL_OK) {
|
||||
NS_ERROR("Failed to add rule for MountPointManager.");
|
||||
LOG_E("Failed (ResultCode %d) to add read access to MountPointManager",
|
||||
result);
|
||||
}
|
||||
}
|
||||
|
||||
#undef WSTRING
|
||||
|
Loading…
Reference in New Issue
Block a user