mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 1431441 - Part 5 - Parameterize access to the windowserver in the Mac content sandbox policy r=Alex_Gaynor
Only allow access to "com.apple.windowserver.active" when the pref "security.sandbox.content.mac.disconnect-windowserver" is set to true. Depends on D6721 Differential Revision: https://phabricator.services.mozilla.com/D7357 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
e5a942f82a
commit
fd43db7f44
@ -1584,6 +1584,8 @@ StartMacOSContentSandbox()
|
||||
PR_GetEnv("MOZ_SANDBOX_LOGGING");
|
||||
info.appPath.assign(appPath.get());
|
||||
info.hasAudio = !Preferences::GetBool("media.cubeb.sandbox");
|
||||
info.hasWindowServer = !Preferences::GetBool(
|
||||
"security.sandbox.content.mac.disconnect-windowserver");
|
||||
|
||||
// These paths are used to whitelist certain directories used by the testing
|
||||
// system. They should not be considered a public API, and are only intended
|
||||
|
@ -2178,6 +2178,11 @@ ContentParent::AppendSandboxParams(std::vector<std::string> &aArgs)
|
||||
aArgs.push_back("-sbAllowAudio");
|
||||
}
|
||||
|
||||
// Windowserver access
|
||||
if (!Preferences::GetBool("security.sandbox.content.mac.disconnect-windowserver")) {
|
||||
aArgs.push_back("-sbAllowWindowServer");
|
||||
}
|
||||
|
||||
// .app path (normalized)
|
||||
nsAutoCString appPath;
|
||||
if (!nsMacUtilsImpl::GetAppPath(appPath)) {
|
||||
|
@ -45,6 +45,7 @@ typedef struct _MacSandboxInfo {
|
||||
, hasFilePrivileges(false)
|
||||
, hasSandboxedProfile(false)
|
||||
, hasAudio(false)
|
||||
, hasWindowServer(false)
|
||||
, shouldLog(true)
|
||||
{
|
||||
}
|
||||
@ -55,6 +56,7 @@ typedef struct _MacSandboxInfo {
|
||||
bool hasFilePrivileges;
|
||||
bool hasSandboxedProfile;
|
||||
bool hasAudio;
|
||||
bool hasWindowServer;
|
||||
MacSandboxPluginInfo pluginInfo;
|
||||
std::string appPath;
|
||||
std::string appBinaryPath;
|
||||
|
@ -232,6 +232,8 @@ bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage)
|
||||
params.push_back(getenv("HOME"));
|
||||
params.push_back("HAS_SANDBOXED_PROFILE");
|
||||
params.push_back(aInfo.hasSandboxedProfile ? "TRUE" : "FALSE");
|
||||
params.push_back("HAS_WINDOW_SERVER");
|
||||
params.push_back(aInfo.hasWindowServer ? "TRUE" : "FALSE");
|
||||
if (!aInfo.parentPort.empty()) {
|
||||
params.push_back("PARENT_PORT");
|
||||
params.push_back(aInfo.parentPort.c_str());
|
||||
@ -379,6 +381,11 @@ GetContentSandboxParamsFromArgs(int aArgc, char** aArgv, MacSandboxInfo& aInfo)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strcmp(aArgv[i], "-sbAllowWindowServer") == 0) {
|
||||
aInfo.hasWindowServer = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((strcmp(aArgv[i], "-sbAppPath") == 0) && (i + 1 < aArgc)) {
|
||||
foundAppPath = true;
|
||||
aInfo.appPath.assign(aArgv[i+1]);
|
||||
|
@ -54,6 +54,7 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
||||
(define appPath (param "APP_PATH"))
|
||||
(define hasProfileDir (param "HAS_SANDBOXED_PROFILE"))
|
||||
(define profileDir (param "PROFILE_DIR"))
|
||||
(define hasWindowServer (param "HAS_WINDOW_SERVER"))
|
||||
(define home-path (param "HOME_PATH"))
|
||||
(define debugWriteDir (param "DEBUG_WRITE_DIR"))
|
||||
(define testingReadPath1 (param "TESTING_READ_PATH1"))
|
||||
@ -191,8 +192,9 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
||||
(allow mach-lookup (global-name parentPort)))
|
||||
(if (string? crashPort)
|
||||
(allow mach-lookup (global-name crashPort)))
|
||||
(if (string=? hasWindowServer "TRUE")
|
||||
(allow mach-lookup (global-name "com.apple.windowserver.active")))
|
||||
(allow mach-lookup (global-name "com.apple.coreservices.launchservicesd"))
|
||||
(allow mach-lookup (global-name "com.apple.windowserver.active"))
|
||||
(allow mach-lookup (global-name "com.apple.lsd.mapdb"))
|
||||
|
||||
(if (>= macosMinorVersion 13)
|
||||
|
Loading…
Reference in New Issue
Block a user