Bug 1384986 - Fix DConf breakage caused by read restrictions. r=gcp

MozReview-Commit-ID: GKTBPtAea5J

--HG--
extra : rebase_source : 9f0a85bddfcfe9a31364ee2e63f768eaddc52ce0

security/sandbox/linux/broker/SandboxBroker.cpp

@@ -281,6 +281,26 @@ SandboxBroker::Policy::AddDynamic(int aPerms, const char* aPath)
   }
 }
 
+void
+SandboxBroker::Policy::AddAncestors(const char* aPath)
+{
+  AddAncestors(nsAutoCString(aPath));
+}
+
+void
+SandboxBroker::Policy::AddAncestors(nsCString&& aPath)
+{
+  while (true) {
+    const auto lastSlash = aPath.RFindCharInSet("/");
+    if (lastSlash <= 0) {
+      MOZ_ASSERT(lastSlash == 0);
+      break;
+    }
+    aPath.Truncate(lastSlash);
+    AddPath(MAY_ACCESS, aPath.get());
+  }
+}
+
 int
 SandboxBroker::Policy::Lookup(const nsACString& aPath) const
 {

security/sandbox/linux/broker/SandboxBroker.h

@@ -92,6 +92,13 @@ class SandboxBroker final
       AddPath(aPerms, aPath,
               (aPerms & MAY_CREATE) ? AddAlways : AddIfExistsNow);
     }
+    // Adds MAY_ACCESS for all ancestors of a given path.  Useful for
+    // libraries that try to do the equivalent of `mkdir -p`.  This
+    // does not include the root directory, and it includes the path
+    // itself only if it has a trailing slash.
+    void AddAncestors(const char* aPath);
+    void AddAncestors(nsCString&& aPath);
+
     int Lookup(const nsACString& aPath) const;
     int Lookup(const char* aPath) const {
       return Lookup(nsDependentCString(aPath));

security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

@@ -84,6 +84,7 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
     // The leaf filename is "user" by default, but is configurable.
     nsPrintfCString shmPath("%s/dconf/", userDir);
     policy->AddPrefix(rdwrcr, shmPath.get());
+    policy->AddAncestors(Move(shmPath));
   }
 #endif