mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 03:45:46 +00:00
Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud
This commit is contained in:
parent
2756b8c420
commit
fc8fe2bd7c
@ -72,7 +72,7 @@ static const char contentSandboxRules[] =
|
||||
" (define container-path appPath)\n"
|
||||
" (define appdir-path appDir)\n"
|
||||
" (define var-folders-re \"^/private/var/folders/[^/][^/]\")\n"
|
||||
" (define var-folders2-re (string-append var-folders-re \"/[^/]*/[^/]\"))\n"
|
||||
" (define var-folders2-re (string-append var-folders-re \"/[^/]+/[^/]\"))\n"
|
||||
"\n"
|
||||
" (define (home-regex home-relative-regex)\n"
|
||||
" (resolving-regex (string-append \"^\" (regex-quote home-path) home-relative-regex)))\n"
|
||||
@ -126,9 +126,10 @@ static const char contentSandboxRules[] =
|
||||
" (regex \"^/private/tmp/KSInstallAction\\.\")\n"
|
||||
" (var-folders-regex \"/\")\n"
|
||||
" (home-subpath \"/Library\"))\n"
|
||||
" \n"
|
||||
"\n"
|
||||
" (allow signal (target self))\n"
|
||||
" (allow job-creation (literal \"/Library/CoreMediaIO/Plug-Ins/DAL\"))\n"
|
||||
" (allow iokit-set-properties (iokit-property \"IOAudioControlValue\"))\n"
|
||||
"\n"
|
||||
" (allow mach-lookup\n"
|
||||
" (global-name \"com.apple.coreservices.launchservicesd\")\n"
|
||||
@ -149,9 +150,11 @@ static const char contentSandboxRules[] =
|
||||
" (global-name \"com.apple.cache_delete\")\n"
|
||||
" (global-name \"com.apple.pluginkit.pkd\")\n"
|
||||
" (global-name \"com.apple.bird\")\n"
|
||||
" (global-name \"com.apple.ocspd\")\n"
|
||||
" (global-name \"com.apple.cmio.AppleCameraAssistant\")\n"
|
||||
" (global-name \"com.apple.DesktopServicesHelper\")\n"
|
||||
" (global-name \"com.apple.printtool.daemon\"))\n"
|
||||
" \n"
|
||||
"\n"
|
||||
" (allow iokit-open\n"
|
||||
" (iokit-user-client-class \"AppleGraphicsControlClient\")\n"
|
||||
" (iokit-user-client-class \"IOHIDParamUserClient\")\n"
|
||||
@ -175,7 +178,10 @@ static const char contentSandboxRules[] =
|
||||
"; depending on systems, the 1st, 2nd or both rules are necessary\n"
|
||||
" (allow-shared-preferences-read \"com.apple.HIToolbox\")\n"
|
||||
" (allow file-read-data (literal \"/Library/Preferences/com.apple.HIToolbox.plist\"))\n"
|
||||
" \n"
|
||||
"\n"
|
||||
" (allow-shared-preferences-read \"com.apple.ATS\")\n"
|
||||
" (allow file-read-data (literal \"/Library/Preferences/.GlobalPreferences.plist\"))\n"
|
||||
"\n"
|
||||
" (allow file-read*\n"
|
||||
" (subpath \"/Library/Fonts\")\n"
|
||||
" (subpath \"/Library/Audio/Plug-Ins\")\n"
|
||||
@ -210,10 +216,16 @@ static const char contentSandboxRules[] =
|
||||
" (allow device-camera)\n"
|
||||
"\n"
|
||||
" (allow file* (var-folders2-regex \"/com\\.apple\\.IntlDataCache\\.le$\"))\n"
|
||||
" (allow file-read* (var-folders2-regex \"/com\\.apple\\.IconServices/\"))\n"
|
||||
" (allow file-read*\n"
|
||||
" (var-folders2-regex \"/com\\.apple\\.IconServices/\")\n"
|
||||
" (var-folders2-regex \"/[^/]+\\.mozrunner/extensions/[^/]+/chrome/[^/]+/content/[^/]+\\.j(s|ar)$\"))\n"
|
||||
"\n"
|
||||
" (allow file-write* (var-folders2-regex \"/org\\.chromium\\.[a-zA-Z0-9]*$\"))\n"
|
||||
" \n"
|
||||
" (allow file-read*\n"
|
||||
" (home-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
|
||||
" (resolving-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
|
||||
" (home-regex \"/Library/Application Support/Firefox/Profiles/[^/]+/extensions/\"))\n"
|
||||
"\n"
|
||||
"; the following rules should be removed when printing and \n"
|
||||
"; opening a file from disk are brokered through the main process\n"
|
||||
" (allow file*\n"
|
||||
@ -221,7 +233,7 @@ static const char contentSandboxRules[] =
|
||||
" (subpath home-path)\n"
|
||||
" (require-not\n"
|
||||
" (home-subpath \"/Library\"))))\n"
|
||||
" \n"
|
||||
"\n"
|
||||
"; printing\n"
|
||||
" (allow authorization-right-obtain\n"
|
||||
" (right-name \"system.print.operator\")\n"
|
||||
|
Loading…
Reference in New Issue
Block a user