diff --git a/security/sandbox/mac/Sandbox.mm b/security/sandbox/mac/Sandbox.mm index a8700abc8571..1b88ed7fadab 100644 --- a/security/sandbox/mac/Sandbox.mm +++ b/security/sandbox/mac/Sandbox.mm @@ -25,24 +25,12 @@ #include "SandboxPolicyUtility.h" #include "SandboxPolicySocket.h" -// XXX There are currently problems with the /usr/include/sandbox.h file on -// some/all of the Macs in Mozilla's build system. Further, -// sandbox_init_with_parameters is not included in the header. For the time -// being (until this problem is resolved), we refer directly to what we need -// from it, rather than including it here. -extern "C" int sandbox_init(const char* profile, uint64_t flags, char** errorbuf); +// Undocumented sandbox setup routines. extern "C" int sandbox_init_with_parameters(const char* profile, uint64_t flags, const char* const parameters[], char** errorbuf); extern "C" void sandbox_free_error(char* errorbuf); extern "C" int sandbox_check(pid_t pid, const char* operation, int type, ...); -#define MAC_OS_X_VERSION_10_0_HEX 0x00001000 -#define MAC_OS_X_VERSION_10_6_HEX 0x00001060 -#define MAC_OS_X_VERSION_10_7_HEX 0x00001070 -#define MAC_OS_X_VERSION_10_8_HEX 0x00001080 -#define MAC_OS_X_VERSION_10_9_HEX 0x00001090 -#define MAC_OS_X_VERSION_10_10_HEX 0x000010A0 - // Note about "major", "minor" and "bugfix" in the following code: // // The code decomposes an OS X version number into these components, and in @@ -51,20 +39,32 @@ extern "C" int sandbox_check(pid_t pid, const char* operation, int type, ...); // an OS X version number to indicate a "major" release (for example the "9" // in OS X 10.9.5), and the "bugfix" component to indicate a "minor" release // (for example the "5" in OS X 10.9.5). - class OSXVersion { public: - static int32_t OSXVersionMinor(); + static void Get(int32_t& aMajor, int32_t& aMinor); private: static void GetSystemVersion(int32_t& aMajor, int32_t& aMinor, int32_t& aBugFix); - static int32_t GetVersionNumber(); - static int32_t mOSXVersion; + static bool mCached; + static int32_t mOSXVersionMajor; + static int32_t mOSXVersionMinor; }; -int32_t OSXVersion::mOSXVersion = -1; +bool OSXVersion::mCached = false; +int32_t OSXVersion::mOSXVersionMajor; +int32_t OSXVersion::mOSXVersionMinor; -int32_t OSXVersion::OSXVersionMinor() { return (GetVersionNumber() & 0xF0) >> 4; } +void OSXVersion::Get(int32_t& aMajor, int32_t& aMinor) { + if (!mCached) { + int32_t major, minor, bugfix; + GetSystemVersion(major, minor, bugfix); + mOSXVersionMajor = major; + mOSXVersionMinor = minor; + mCached = true; + } + aMajor = mOSXVersionMajor; + aMinor = mOSXVersionMinor; +} void OSXVersion::GetSystemVersion(int32_t& aMajor, int32_t& aMinor, int32_t& aBugFix) { SInt32 major = 0, minor = 0, bugfix = 0; @@ -112,15 +112,6 @@ void OSXVersion::GetSystemVersion(int32_t& aMajor, int32_t& aMinor, int32_t& aBu } } -int32_t OSXVersion::GetVersionNumber() { - if (mOSXVersion == -1) { - int32_t major, minor, bugfix; - GetSystemVersion(major, minor, bugfix); - mOSXVersion = MAC_OS_X_VERSION_10_0_HEX + (minor << 4) + bugfix; - } - return mOSXVersion; -} - bool GetRealPath(std::string& aOutputPath, const char* aInputPath) { char* resolvedPath = realpath(aInputPath, nullptr); if (resolvedPath == nullptr) { @@ -245,7 +236,13 @@ namespace mozilla { bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) { std::vector params; std::string profile; - std::string macOSMinor = std::to_string(OSXVersion::OSXVersionMinor()); + + // Use a combined version number to simplify version check logic + // in sandbox policies. For example, 10.14 becomes "1014". + int32_t major = 0, minor = 0; + OSXVersion::Get(major, minor); + MOZ_ASSERT(minor >= 0 && minor < 100); + std::string combinedVersion = std::to_string((major * 100) + minor); // Used for the Flash sandbox. Declared here so that they // stay in scope until sandbox_init_with_parameters is called. @@ -262,8 +259,8 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) { params.push_back("SANDBOX_LEVEL_2"); params.push_back(aInfo.level == 2 ? "TRUE" : "FALSE"); - params.push_back("MAC_OS_MINOR"); - params.push_back(macOSMinor.c_str()); + params.push_back("MAC_OS_VERSION"); + params.push_back(combinedVersion.c_str()); params.push_back("HOME_PATH"); params.push_back(getenv("HOME")); @@ -354,8 +351,8 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) { params.push_back(aInfo.level == 2 ? "TRUE" : "FALSE"); params.push_back("SANDBOX_LEVEL_3"); params.push_back(aInfo.level == 3 ? "TRUE" : "FALSE"); - params.push_back("MAC_OS_MINOR"); - params.push_back(macOSMinor.c_str()); + params.push_back("MAC_OS_VERSION"); + params.push_back(combinedVersion.c_str()); params.push_back("APP_PATH"); params.push_back(aInfo.appPath.c_str()); params.push_back("PROFILE_DIR"); diff --git a/security/sandbox/mac/SandboxPolicyContent.h b/security/sandbox/mac/SandboxPolicyContent.h index 5512e0d049df..c6a92bf8f448 100644 --- a/security/sandbox/mac/SandboxPolicyContent.h +++ b/security/sandbox/mac/SandboxPolicyContent.h @@ -17,7 +17,7 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (define sandbox-level-1 (param "SANDBOX_LEVEL_1")) (define sandbox-level-2 (param "SANDBOX_LEVEL_2")) (define sandbox-level-3 (param "SANDBOX_LEVEL_3")) - (define macosMinorVersion (string->number (param "MAC_OS_MINOR"))) + (define macosVersion (string->number (param "MAC_OS_VERSION"))) (define appPath (param "APP_PATH")) (define hasProfileDir (param "HAS_SANDBOXED_PROFILE")) (define profileDir (param "PROFILE_DIR")) @@ -100,7 +100,7 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( ; macOS 10.9 does not support the |sysctl-name| predicate, so unfortunately ; we need to allow all sysctl-reads there. - (if (= macosMinorVersion 9) + (if (= macosVersion 1009) (allow sysctl-read) (allow sysctl-read (sysctl-name-regex #"^sysctl\.") @@ -145,7 +145,7 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (sysctl-name "machdep.cpu.stepping") (sysctl-name "debug.intel.gstLevelGST") (sysctl-name "debug.intel.gstLoaderControl"))) - (if (> macosMinorVersion 9) + (if (> macosVersion 1009) (allow sysctl-write (sysctl-name "kern.tcsm_enable"))) @@ -177,14 +177,14 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (global-name "com.apple.coreservices.launchservicesd") (global-name "com.apple.lsd.mapdb")) - (if (>= macosMinorVersion 13) + (if (>= macosVersion 1013) (allow mach-lookup ; bug 1392988 (xpc-service-name "com.apple.coremedia.videodecoder") (xpc-service-name "com.apple.coremedia.videoencoder"))) ; bug 1312273 - (if (= macosMinorVersion 9) + (if (= macosVersion 1009) (allow mach-lookup (global-name "com.apple.xpcd"))) (allow iokit-open @@ -317,7 +317,7 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (allow user-preference-read (preference-domain "com.nvidia.OpenGL")) (allow mach-lookup (global-name "com.apple.cvmsServ")) - (if (>= macosMinorVersion 14) + (if (>= macosVersion 1014) (allow mach-lookup (global-name "com.apple.MTLCompilerService"))) (allow iokit-open @@ -351,13 +351,13 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (allow mach-lookup (global-name "com.apple.fonts") (global-name "com.apple.FontObjectsServer")) - (if (<= macosMinorVersion 11) + (if (<= macosVersion 1011) (allow mach-lookup (global-name "com.apple.FontServer"))) ; Fonts ; Workaround for sandbox extensions not being automatically ; issued for fonts on 10.11 and earlier versions (bug 1460917). - (if (<= macosMinorVersion 11) + (if (<= macosVersion 1011) (allow file-read* (regex #"\.[oO][tT][fF]$" ; otf #"\.[tT][tT][fF]$" ; ttf @@ -372,7 +372,7 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL( (regex #"\.fontvault/") (home-subpath "/FontExplorer X/Font Library"))) - (if (>= macosMinorVersion 13) + (if (>= macosVersion 1013) (allow mach-lookup ; bug 1565575 (global-name "com.apple.audio.AudioComponentRegistrar"))) diff --git a/security/sandbox/mac/SandboxPolicyFlash.h b/security/sandbox/mac/SandboxPolicyFlash.h index db3772040c6c..4bde8a5765f6 100644 --- a/security/sandbox/mac/SandboxPolicyFlash.h +++ b/security/sandbox/mac/SandboxPolicyFlash.h @@ -16,7 +16,7 @@ static const char SandboxPolicyFlash[] = R"SANDBOX_LITERAL( (define shouldLog (param "SHOULD_LOG")) (define sandbox-level-1 (param "SANDBOX_LEVEL_1")) (define sandbox-level-2 (param "SANDBOX_LEVEL_2")) - (define macosMinorVersion (string->number (param "MAC_OS_MINOR"))) + (define macosVersion (string->number (param "MAC_OS_VERSION"))) (define homeDir (param "HOME_PATH")) (define tempDir (param "DARWIN_USER_TEMP_DIR")) (define cacheDir (param "DARWIN_USER_CACHE_DIR")) @@ -120,7 +120,7 @@ static const char SandboxPolicyFlash[] = R"SANDBOX_LITERAL( (allow process-info-setcontrol (target self)) ; macOS 10.9 does not support the |sysctl-name| predicate - (if (= macosMinorVersion 9) + (if (= macosVersion 1009) (allow sysctl-read) (allow sysctl-read (sysctl-name @@ -271,9 +271,9 @@ static const char SandboxPolicyFlash[] = R"SANDBOX_LITERAL( (global-name "com.apple.cmio.AVCAssistant") (global-name "com.apple.cmio.VDCAssistant")) ; bug 1475707 - (if (= macosMinorVersion 9) + (if (= macosVersion 1009) (allow mach-lookup (global-name "com.apple.xpcd"))) - (if (>= macosMinorVersion 15) + (if (>= macosVersion 1015) (allow mach-lookup (global-name "com.apple.ViewBridgeAuxiliary") (global-name "com.apple.appkit.xpc.openAndSavePanelService") @@ -296,13 +296,13 @@ static const char SandboxPolicyFlash[] = R"SANDBOX_LITERAL( (allow mach-lookup (global-name "com.apple.fonts") (global-name "com.apple.FontObjectsServer")) - (if (<= macosMinorVersion 11) + (if (<= macosVersion 1011) (allow mach-lookup (global-name "com.apple.FontServer"))) ; Fonts ; Workaround for sandbox extensions not being automatically ; issued for fonts on 10.11 and earlier versions (bug 1460917). - (if (<= macosMinorVersion 11) + (if (<= macosVersion 1011) (allow file-read* (regex #"\.[oO][tT][fF]$" ; otf #"\.[tT][tT][fF]$" ; ttf