Bug 1525086 - Part 2 - Remove unneeded params and permissions from the utility sandbox r=Alex_Gaynor

Remove the unused plugin binary path and app binary path parameters and cleanup file path permissions.

Explicitly allow access to launchservicesd to allow SetProcessName() to work when the sandbox is started during startup.

Differential Revision: https://phabricator.services.mozilla.com/D22408

--HG--
extra : moz-landing-system : lando

dom/media/ipc/RDDParent.cpp

@@ -114,11 +114,7 @@ static void StartRDDMacSandbox() {
   info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
                    PR_GetEnv("MOZ_SANDBOX_LOGGING");
   info.appPath.assign(appPath.get());
-  // Per Haik, set appBinaryPath and pluginBinaryPath to '/dev/null' to
+
-  // make sure OSX sandbox policy isn't confused by empty strings for
-  // the paths.
-  info.appBinaryPath.assign("/dev/null");
-  info.pluginInfo.pluginBinaryPath.assign("/dev/null");
   std::string err;
   bool rv = mozilla::StartMacSandbox(info, err);
   if (!rv) {

security/sandbox/mac/Sandbox.mm

@@ -188,10 +188,6 @@ bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage) {
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
-    params.push_back("PLUGIN_BINARY_PATH");
-    params.push_back(aInfo.pluginInfo.pluginBinaryPath.c_str());
-    params.push_back("APP_BINARY_PATH");
-    params.push_back(aInfo.appBinaryPath.c_str());
   } else if (aInfo.type == MacSandboxType_Plugin) {
     profile = const_cast<char *>(SandboxPolicyGMP);
     params.push_back("SHOULD_LOG");

security/sandbox/mac/SandboxPolicyUtility.h

@@ -12,9 +12,7 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(
   (version 1)
 
   (define should-log (param "SHOULD_LOG"))
-  (define plugin-binary-path (param "PLUGIN_BINARY_PATH"))
   (define app-path (param "APP_PATH"))
-  (define app-binary-path (param "APP_BINARY_PATH"))
 
   (define (moz-deny feature)
     (if (string=? should-log "TRUE")
@@ -34,27 +32,25 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(
   (if (defined? 'file-map-executable)
     (allow file-map-executable file-read*
       (subpath "/System/Library/PrivateFrameworks")
-      (regex #"^/usr/lib/libstdc\+\+\.[^/]*dylib$")
+      (subpath "/System/Library/Frameworks")
-      (literal plugin-binary-path)
+      (subpath "/usr/lib")
-      (literal app-binary-path)
       (subpath app-path))
     (allow file-read*
       (subpath "/System/Library/PrivateFrameworks")
-      (regex #"^/usr/lib/libstdc\+\+\.[^/]*dylib$")
+      (subpath "/System/Library/Frameworks")
-      (literal plugin-binary-path)
+      (subpath "/usr/lib")
-      (literal app-binary-path)
       (subpath app-path)))
 
   (allow signal (target self))
   (allow sysctl-read)
-  (allow iokit-open (iokit-user-client-class "IOHIDParamUserClient"))
   (allow file-read*
-      (literal "/etc")
     (literal "/dev/random")
     (literal "/dev/urandom")
-      (literal "/usr/share/icu/icudt51l.dat")
+    (literal "/System/Library/CoreServices/SystemVersion.plist")
-      (subpath "/System/Library/Displays/Overrides")
+    (subpath "/usr/share/icu"))
-      (subpath "/System/Library/CoreServices/CoreTypes.bundle"))
+
+  (allow mach-lookup
+    (global-name "com.apple.coreservices.launchservicesd"))
 )SANDBOX_LITERAL";
 
 }  // namespace mozilla