Bug 1046166 - Add sandbox white list for userContent.css on MacOSX. r=haik,pbro

MozReview-Commit-ID: BVnGjaSSkEh --HG-- extra : rebase_source : 6ba3386be877f72bbbde8e5fb61b31a88d9d63a2
2016-11-17 11:56:10 +08:00 · 2016-11-17 11:56:10 +08:00 · 8c8c3ceae9
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@ -353,7 +353,7 @@ static const char contentSandboxRules[] =
  "; level 2: global read access permitted, no global write access,\n"
  ";          no read/write access to ~/Library,\n"
  ";          no read/write access to $PROFILE,\n"
-  ";          read access permitted to $PROFILE/{extensions,weave}\n"
+  ";          read access permitted to $PROFILE/{extensions,weave,chrome}\n"
  "  (if (= sandbox-level 2)\n"
  "    (if (not (zero? hasProfileDir))\n"
  "      ; we have a profile dir\n"
@ -363,7 +363,8 @@ static const char contentSandboxRules[] =
  "              (require-not (subpath profileDir))))\n"
  "        (allow file-read*\n"
  "              (profile-subpath \"/extensions\")\n"
-  "              (profile-subpath \"/weave\")))\n"
+  "              (profile-subpath \"/weave\")\n"
+  "              (profile-subpath \"/chrome\")))\n"
  "      ; we don't have a profile dir\n"
  "      (allow file-read* (require-not (home-subpath \"/Library\")))))\n"
  "\n"