mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1541230 - Part 2 - Add /System/Library read access to the utility sandbox r=Alex_Gaynor 

Allow read access to /System/Library for accessing system libraries.

Depends on D26397

Differential Revision: https://phabricator.services.mozilla.com/D26626

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Haik Aftandilian 2019-04-09 12:51:18 +00:00
Родитель 703b41f0d1
Коммит 2abd1f81a6
1 изменённых файлов: 2 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
security/sandbox/mac/SandboxPolicyUtility.h
Просмотреть файл

@ -32,13 +32,11 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(
(if (defined? 'file-map-executable) (if (defined? 'file-map-executable)
(allow file-map-executable file-read* (allow file-map-executable file-read*
(subpath "/System/Library/PrivateFrameworks") (subpath "/System/Library")
(subpath "/System/Library/Frameworks")
(subpath "/usr/lib") (subpath "/usr/lib")
(subpath app-path)) (subpath app-path))
(allow file-read* (allow file-read*
(subpath "/System/Library/PrivateFrameworks") (subpath "/System/Library")
(subpath "/System/Library/Frameworks")
(subpath "/usr/lib") (subpath "/usr/lib")
(subpath app-path))) (subpath app-path)))
@ -50,7 +48,6 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(
(allow file-read* (allow file-read*
(literal "/dev/random") (literal "/dev/random")
(literal "/dev/urandom") (literal "/dev/urandom")
(literal "/System/Library/CoreServices/SystemVersion.plist")
(subpath "/usr/share/icu")) (subpath "/usr/share/icu"))
(allow mach-lookup (allow mach-lookup