зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1822308 - Re-tighten GPU sandbox's filesystem access
Differential Revision: https://phabricator.services.mozilla.com/D172565
This commit is contained in:
Родитель
23eb98ba93
Коммит
9730f3f5d5
|
@ -1211,14 +1211,14 @@ void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
|
|||
sandbox::SBOX_ALL_OK == result,
|
||||
"With these static arguments AddRule should never fail, what happened?");
|
||||
|
||||
// TEMPORARY WORKAROUND - Blocking access to the filesystem breaks Raptor
|
||||
// tests and any other piece of software that uses screen recording, which
|
||||
// may hinder developers that are developing/testing on Firefox
|
||||
result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
|
||||
sandbox::TargetPolicy::FILES_ALLOW_ANY, L"*");
|
||||
MOZ_RELEASE_ASSERT(
|
||||
sandbox::SBOX_ALL_OK == result,
|
||||
"With these static arguments AddRule should never fail, what happened?");
|
||||
// The GPU process needs to write to a shader cache for performance reasons
|
||||
if (sProfileDir) {
|
||||
AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_DIR_ANY,
|
||||
sProfileDir, u"\\shader-cache"_ns);
|
||||
|
||||
AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
|
||||
sProfileDir, u"\\shader-cache\\*"_ns);
|
||||
}
|
||||
|
||||
// The process needs to be able to duplicate shared memory handles,
|
||||
// which are Section handles, to the broker process and other child processes.
|
||||
|
|
Загрузка…
Ссылка в новой задаче