diff --git a/security/sandbox/test/browser_content_sandbox_fs_tests.js b/security/sandbox/test/browser_content_sandbox_fs_tests.js index fe4cd4f220d4..12678ddbe028 100644 --- a/security/sandbox/test/browser_content_sandbox_fs_tests.js +++ b/security/sandbox/test/browser_content_sandbox_fs_tests.js @@ -17,37 +17,41 @@ async function createFileInHome() { } // Test if the content process can create a temp file, this is disallowed on -// macOS but allowed everywhere else. Also test that the content process cannot -// create symlinks or delete files. +// macOS and Windows but allowed everywhere else. Also test that the content +// process cannot create symlinks on macOS or delete files. async function createTempFile() { + // On Windows we allow access to the temp dir for DEBUG builds, because of + // logging that uses that dir. + let isOptWin = isWin() && !SpecialPowers.isDebugBuild; + let browser = gBrowser.selectedBrowser; let path = fileInTempDir().path; let fileCreated = await SpecialPowers.spawn(browser, [path], createFile); - if (isMac()) { - ok(!fileCreated.ok, "creating a file in content temp is not permitted"); + if (isMac() || isOptWin) { + ok(!fileCreated.ok, "creating a file in temp is not permitted"); } else { - ok(!!fileCreated.ok, "creating a file in content temp is permitted"); + ok(!!fileCreated.ok, "creating a file in temp is permitted"); } // now delete the file let fileDeleted = await SpecialPowers.spawn(browser, [path], deleteFile); - if (isMac()) { + if (isMac() || isOptWin) { // On macOS we do not allow file deletion - it is not needed by the content // process itself, and macOS uses a different permission to control access // so revoking it is easy. - ok(!fileDeleted.ok, "deleting a file in content temp is not permitted"); + ok(!fileDeleted.ok, "deleting a file in temp is not permitted"); + } else { + ok(!!fileDeleted.ok, "deleting a file in temp is permitted"); + } + // Test that symlink creation is not allowed on macOS. + if (isMac()) { let path = fileInTempDir().path; let symlinkCreated = await SpecialPowers.spawn( browser, [path], createSymlink ); - ok( - !symlinkCreated.ok, - "created a symlink in content temp is not permitted" - ); - } else { - ok(!!fileDeleted.ok, "deleting a file in content temp is permitted"); + ok(!symlinkCreated.ok, "created a symlink in temp is not permitted"); } } diff --git a/security/sandbox/test/browser_content_sandbox_utils.js b/security/sandbox/test/browser_content_sandbox_utils.js index 3891c5d6df31..63b599bf1c17 100644 --- a/security/sandbox/test/browser_content_sandbox_utils.js +++ b/security/sandbox/test/browser_content_sandbox_utils.js @@ -297,12 +297,12 @@ function fileInHomeDir() { // Returns a file object for a new file in the content temp dir (.../). function fileInTempDir() { - let contentTempKey = "ContentTmpD"; + let contentTempKey = "TmpD"; // get the content temp dir, make sure it exists let ctmp = Services.dirsvc.get(contentTempKey, Ci.nsIFile); - Assert.ok(ctmp.exists(), "Content temp dir exists"); - Assert.ok(ctmp.isDirectory(), "Content temp dir is a directory"); + Assert.ok(ctmp.exists(), "Temp dir exists"); + Assert.ok(ctmp.isDirectory(), "Temp dir is a directory"); // build a file object for a new file in content temp let tempFile = ctmp.clone();