Haik Aftandilian
c0bfbc91e0
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 02db543e05109e764228862ef5c760a0132eb4c2
2017-10-05 16:06:36 -07:00
Sebastian Hengst
6c211079d0
Backed out changeset 8198bc4c7e3c (bug 1393805)
2017-10-05 00:20:11 +02:00
Haik Aftandilian
165980edfa
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 492194ea7914d6f09b349f95b3eeea0bd003256a
2017-09-27 13:27:39 -07:00
Alex Gaynor
535c9e8dc3
Bug 1380674 - remove the ability to create directories in the content temp directory on macOS; r=haik
...
MozReview-Commit-ID: 8SDcDTqp2F5
--HG--
extra : rebase_source : e8094606e5a302db41f7d7fd22656b7e8697d549
2017-10-03 09:49:44 -04:00
Alex Gaynor
d755224ded
Bug 1403567 - Remove unused access to AppleGraphicsPolicyClient iokit from content process; r=haik
...
MozReview-Commit-ID: 9yTMgo2FNKm
--HG--
extra : rebase_source : 72cc3a295d8823460aae21ebe149ece2df69d087
2017-09-26 13:05:18 -04:00
Haik Aftandilian
414270b14a
Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor
...
MozReview-Commit-ID: L9vNruzMEez
--HG--
extra : rebase_source : 8530cbf1baef919a5a379564d190fb08674aa28d
2017-09-27 11:48:39 -07:00
Alex Gaynor
d1aef777b6
Bug 1404426 - Simplify the macOS content sandbox policy; r=haik
...
This does two things:
1) Move the level 3 rules to always be applicable, and simplifies level 2 accordingly
2) Consistently uses the raw string literal syntax for regexes
MozReview-Commit-ID: 6iwjOvRVMM7
--HG--
extra : rebase_source : 3ac59219ad0793a98bdb203fb3d247561216a560
2017-09-29 13:13:49 -04:00
Haik Aftandilian
f39cc5cc25
Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r=Alex_Gaynor
...
MozReview-Commit-ID: JsgBzNJC4zF
--HG--
extra : rebase_source : deffeff5e6d39318c55bf3d487071139abaf3c92
2017-09-20 14:05:27 -07:00
Alex Gaynor
79cf374320
Bug 1403210 - Remove unused access to AppleSNBFBUserClient iokit from content process; r=haik
...
MozReview-Commit-ID: K4Z48UFfq2w
--HG--
extra : rebase_source : 8664f3e04503ecc48813d45d26b5433afcc65251
2017-09-26 11:32:01 -04:00
Haik Aftandilian
2cce1be1b0
Bug 1392988 - Firefox 55.02 on macOS High Sierra cannot play AES encrypted video. r=Alex_Gaynor
...
Adds access to video encoding/decoding services when running on macOS 10.13 High Sierra.
MozReview-Commit-ID: 6h4dZ6gkFtp
--HG--
extra : rebase_source : 8c5078b336631e3254fcaaf6727dff281c840159
2017-08-28 19:06:07 -07:00
Haik Aftandilian
3fbdb1b349
Bug 1382260 - Patch 2 - [Mac] Allow reading of font files from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 9W5aqQweFmd
--HG--
extra : rebase_source : 9aa778bc08bee206e7f3340eac32ca2f46a4f81b
2017-08-18 16:12:07 -07:00
Haik Aftandilian
74e07cd141
Bug 1388580 - [Mac] Remove miscellaneous iokit open permissions r=Alex_Gaynor
...
MozReview-Commit-ID: 3StDmeSwZUG
--HG--
extra : rebase_source : 66d73d82f54a9bdd0ebbc35abf0badc2657e5750
2017-08-08 15:57:21 -07:00
Alex Gaynor
c6b10e5ba8
Bug 1389535 - remove access to com.apple.coreservices.launchservicesd from content processes; r=haik
...
MozReview-Commit-ID: 8uOZmYGxJDK
--HG--
extra : rebase_source : c51b8d314de39d3262706c2cf3c383e234a1342f
2017-08-09 11:29:53 -04:00
Alex Gaynor
2cc89c3380
Bug 1388454 - remove access to the com.apple.pasteboard.1 mach service from content processes; r=haik
...
MozReview-Commit-ID: EXb6UDYohZT
--HG--
extra : rebase_source : 321ebf0ce810b4fde9ce99acb56b15ca7acfbd8e
2017-08-08 13:51:48 -04:00
Alex Gaynor
b4ba668be6
Bug 1388360 - remove access to the com.apple.iconservices mach service from content processes; r=haik
...
MozReview-Commit-ID: D20alO2PKR0
--HG--
extra : rebase_source : 2bc809d161eb373220f1de174abc8032207b5dac
2017-08-08 10:15:16 -04:00
Alex Gaynor
0132ad567f
Bug 1386363 - remove access to the com.apple.SystemConfiguration.configd mach service from content processes; r=haik
...
MozReview-Commit-ID: 3hFEx67JkdO
--HG--
extra : rebase_source : f3671c7d7682aeb5ff4b89d2409670fcadc2341a
2017-08-07 10:09:32 -04:00
Haik Aftandilian
ef291aef27
Bug 1388172 - [Mac] Remove access to "com.apple.window_proxies" from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 2EtLWOvPtyK
--HG--
extra : rebase_source : 3be19fbee8c0989cdfd82283ec2fb8acc5795989
2017-08-07 14:44:33 -07:00
Alex Gaynor
d407d2ad13
Bug 1387570
- remove access to the com.apple.cache_delete mach service from content processes; r=haik
...
MozReview-Commit-ID: LoB1rx5DoV5
--HG--
extra : rebase_source : 7721399376e8ae7e6f41581681b61e92e20f2b21
2017-08-07 10:11:37 -04:00
Haik Aftandilian
9d03f37706
Bug 1322024 - [Mac] Remove com.apple.windowserver.active access from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: CY99fseWrQX
--HG--
extra : rebase_source : a7219e91ca415c6f058337251ebecc8e9e5006be
2017-07-24 15:22:58 -07:00
Alex Gaynor
90d2a77496
Bug 1387233 - restrict access to ipc-posix-shm APIs in the content process; r=haik
...
This removes /tmp/com.apple.csseed access entirely, ipc-posix-shm-read-metadata
from CFPBS:, and ipc-posix-shm-write-{create,unlink} from AudioIO and CFPBS:.
MozReview-Commit-ID: Eahx6guqGos
--HG--
extra : rebase_source : 621e81eb00411ae39882504db7d10a50eef30b27
2017-08-03 17:03:47 -04:00
Alex Gaynor
d1db7f92fc
Bug 1385332 - remove access to the com.apple.pluginkit.pkd mach service from the content process; r=haik
...
MozReview-Commit-ID: 2KYaScrgnll
--HG--
extra : rebase_source : 4c39abdba18490f2fb12f1691f6fd5a4722cd542
2017-08-03 10:20:07 -04:00
Haik Aftandilian
d3e4a052d9
Bug 1386075 - [Mac] Remove (iokit-user-client-class "RootDomainUserClient"). r=Alex_Gaynor
...
MozReview-Commit-ID: 2bM5KVIbdru
--HG--
extra : rebase_source : f406551fb0986aaa77dd814cba17d399602093fb
2017-08-03 13:29:55 -07:00
Alex Gaynor
250a8036f3
Bug 1385096 - remove access to the com.apple.bird mach service from the content process; r=haik
...
MozReview-Commit-ID: FqKZVL16zz9
--HG--
extra : rebase_source : 8abca2f5c3aa95268887789fc2ca1a24da97de54
2017-08-03 10:14:33 -04:00
Haik Aftandilian
e6f1d0e175
Bug 1386161 - [Mac] Remove IOAudioControl Rules. r=Alex_Gaynor
...
MozReview-Commit-ID: 3cLUCJDoWlh
--HG--
extra : rebase_source : a6e5e7fa3975407f05c92f9e33b98826b2784e68
2017-07-30 22:26:06 -07:00
Alex Gaynor
11a211f901
Bug 1386308 - stop trying to change the display sleep settings from the content process; r=haik
...
Before this change we were trying to change the settings from both the content
and parent processes, so this doesn't change any functionality. This allows to
remove access to the com.apple.PowerManagement.control mach service from the
content process.
MozReview-Commit-ID: 3DOhqG5U6oz
--HG--
extra : rebase_source : dee0b97c444ae95cfc8f80cb0fb99aa9e2658d51
2017-08-01 12:22:42 -04:00
Alex Gaynor
f09847af4d
Bug 1386291 - remove access to the com.apple.DesktopServicesHelper mach service in content processes; r=haik
...
MozReview-Commit-ID: Bk58lE5p6fi
--HG--
extra : rebase_source : a730b7bdf508a26cb039345f23d71c2558c1d7d1
2017-08-01 11:12:44 -04:00
Alex Gaynor
567f1c90d0
Bug 1384941 - removed access to mach services which are used for cameras in the content process; r=haik
...
MozReview-Commit-ID: Ir6KgLM34bu
--HG--
extra : rebase_source : badd0b62f20b870f7da82fcbefb09f7545e02801
2017-07-25 11:51:03 -04:00
Haik Aftandilian
34c815ff04
Bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 37zX5WZiF4P
--HG--
extra : rebase_source : 53bd0bb8cb8353a7ec513066581a6abfe2d99172
2017-07-24 15:53:18 -07:00
Alex Gaynor
724ff5d5bc
Bug 1264811 - Use a const reference and a default constructor to simplify the macOS sandbox code; r=haik
...
MozReview-Commit-ID: Dtspj7fL9t7
--HG--
extra : rebase_source : 4b85a1d7bd8ad393f032e67ebff0888bcfdd5447
2017-07-28 15:00:22 -04:00
Alex Gaynor
cbb91e347d
Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik
...
MozReview-Commit-ID: BDD7WzTqHC6
--HG--
extra : rebase_source : d3eb23c8217a4dad7877a663fb455a0db2660330
2017-07-27 13:58:28 -04:00
Ryan VanderMeulen
4237da641e
Backed out changeset 4d7f80401751 (bug 1385028) for bustage.
...
--HG--
extra : rebase_source : 74b74e1a87c5e524f15eb04917d5b2205f3f87f3
2017-07-27 20:10:23 -04:00
Alex Gaynor
7372dae53f
Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik
...
MozReview-Commit-ID: BDD7WzTqHC6
--HG--
extra : rebase_source : 1d4a4deedbf6351da61e9433738000dcf6bcd0df
2017-07-27 13:58:28 -04:00
Alex Gaynor
3229d39dba
Bug 1384677 - remove com.apple.cookied access from content processes; r=haik
...
MozReview-Commit-ID: 5mI4VXf7J8Q
--HG--
extra : rebase_source : 8514a3e7e73059964b29e240d7979b3a2758bb69
2017-07-25 11:03:43 -04:00
Alex Gaynor
2e4ea0b3cd
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r=haik
...
It is not used, so this is an attack surface reduction.
MozReview-Commit-ID: mrW9hi0SAh
--HG--
extra : rebase_source : 889b937cfd20680bbb62391fa7932b5cd2e1fd6a
2017-07-24 09:50:32 -04:00
Haik Aftandilian
88b1e4c7ca
Bug 1380132 - Part 3 - Use env variable MOZ_DEVELOPER_OBJ_DIR to whitelist object dir in content sandbox. r=Alex_Gaynor
...
On developer builds, use $MOZ_DEVELOPER_OBJ_DIR to whitelist the object dir in the content sandbox so that symlinks to the object dir from .app/ files can be loaded.
MozReview-Commit-ID: J4YdpxgbD8i
--HG--
extra : rebase_source : 19e369fe9ae29418d9d79e1fb83246474d858f34
2017-07-14 16:32:53 -07:00
Alex Gaynor
f76801e348
Bug 1379803 - on macOS, only allow the creation of regular files and directories in writable directories; r=haik
...
This specifically disallows the creation of ttys and symlinks. Writable
directories are needed for plugins, which lazily create the plugintmp directory.
If/when the plugin API surface is reduced we can restrict down to just regular
files.
MozReview-Commit-ID: Ec6qeaiHSsB
--HG--
extra : rebase_source : 252a3cbf7954b9c09092b896ef8af45310438a86
2017-07-11 09:51:04 -04:00
Alex Gaynor
f514ff97b3
Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik
...
On macOS, the file-write* permission type contains numerous sub-permissions (see
bug for full listing). Restrict the ones we allow to only the two we need:
file-write-create and file-write-data. This primarily reduces kernel attack
surface, I'm not aware of any bad things that could be done directly with the
removed permissions.
MozReview-Commit-ID: 3VvjFesy2qx
--HG--
extra : rebase_source : 934ec17c44c9ef3d7fab29919d66cf1a55d57697
2017-07-07 11:05:01 -04:00
Wes Kocher
5dd57ee395
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: IVwrN2VivZT
2017-07-07 17:30:32 -07:00
Alex Gaynor
d40ad40466
Bug 1376976 - Restrict sysctl access in the content process to a whitelist of sysctl names. r=jld, r=haik
...
MozReview-Commit-ID: 14yoiP1gskM
2017-06-29 13:55:15 -07:00
Haik Aftandilian
c610a4c66b
Bug 1376163 - [10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta). r=Alex_Gaynor
...
Allow access to the "com.apple.audio.AudioComponentRegistrar" API on 10.13+ systems.
MozReview-Commit-ID: 8gWXvuXTNKi
--HG--
extra : rebase_source : 8abf9a2548d915a89adfa82580d46c1bc00726d8
2017-07-06 14:09:11 -07:00
Alex Gaynor
53f0246cfd
Bug 1377164 - Improve the readability of the macOS plugin sandbox policy; r=haik
...
MozReview-Commit-ID: 9R8qT98ESQJ
--HG--
extra : rebase_source : 537f0dc3c46bee9b8e295689fbcbc8c63415c5d1
2017-06-29 10:53:04 -07:00
Alex Gaynor
bb1ea70f5f
Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik
...
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.
MozReview-Commit-ID: 6VqEoGsWSGH
--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
2017-04-18 15:57:54 -04:00
Alex Gaynor
b636380391
Bug 1374557
- Part 1 - Add the ability to specify a list of paths to whitelist read access to in the macOS content sandbox; r=haik
...
MozReview-Commit-ID: HXBkyR7Tts2
--HG--
extra : rebase_source : 6daf50a4d7a4ff2ff85dfac43891149353e813aa
2017-06-21 10:19:28 -04:00
Alex Gaynor
1141573ee9
Bug 1374660
- Removed redundant declarations from macOS content sandbox policy; r=haik
...
MozReview-Commit-ID: Gw6AnH8r9sL
--HG--
extra : rebase_source : 62bb4dc335ab3f38a42543a488d07129a8d92a33
2017-06-20 10:27:18 -04:00
Alex Gaynor
e43d5d424f
Bug 1370540 - Extend the level 3 content sandbox filesystem read blacklist to include /Network and /Users; r=haik
...
MozReview-Commit-ID: 6RfS5aYRghK
--HG--
extra : rebase_source : c8d084d42dc2b37e4a0642e1a72bdd514a68d465
2017-06-06 10:48:06 -04:00
Alex Gaynor
33b7e1fa87
Bug 1363179 - do not allow content processes to read from /Volumes on macOS r=haik
...
MozReview-Commit-ID: 8osJVQD3myh
--HG--
extra : rebase_source : 8cda32ca1bca80b796458d36099244a45af2f185
2017-05-12 16:18:57 -04:00
Alex Gaynor
445480436b
Bug 1361733 - In debug builds, do not allow content sandbox to write to all of /private/var r=haik
...
This permission was needed for the memory bloat logging, which is used for
leaktest, including logging intentionally crashing processes. Now we restrict
ourselves to only allowing writes to the location needed for this logging,
rather than all of /private/var.
MozReview-Commit-ID: 5AbJEZlDHNV
--HG--
extra : rebase_source : 26936b8d8bca53f2c37a195b5e7c69c151ec18d2
2017-05-02 11:07:10 -04:00
Haik Aftandilian
8c95154f41
Bug 1361304 - Remove /private/var read access from Mac level 3 content sandbox; r=Alex_Gaynor
...
Removes read access to /private/var and its subdirectories from
the content process under the level 3 Mac sandbox. Still permits
reading of file metadata within the majority of /private/var.
Adds tests to validate the level 3 Mac content sandbox prevents
reading from /private.
MozReview-Commit-ID: FO5dz0F7dl4
--HG--
extra : rebase_source : 226f8de6d4d88f188c272a3e119ed7b8bac292df
2017-05-05 10:48:52 -07:00
Haik Aftandilian
cbffb758e8
Bug 1360356 - [Mac] Remove "/Library/Caches/TemporaryItems" rule from level 3 Content Sandbox; r=Alex_Gaynor
...
Remove reading of "~/Library/Caches/TemporaryItems" from level 3 and update
sandboxing filesystem test to check ~/Library/Caches/TemporaryItems readability.
MozReview-Commit-ID: 6EMzH7brSnp
--HG--
extra : rebase_source : f97b5625da2abda73decc969fc581c2bf858183f
2017-04-28 11:48:43 -07:00
Alex Gaynor
82705afe91
Bug 1354678 - Switch our sandbox policies to use C++ raw strings and put them in a new header file r=haik
...
r=haik
MozReview-Commit-ID: Fr5liCjcJtg
--HG--
extra : rebase_source : 3e90f7075e4e5b410ba0b8a08b0c6e403eb925f6
2017-04-14 13:12:09 -04:00