From d2f299b489e64ff9dd3cea1cec7a32adf92f6475 Mon Sep 17 00:00:00 2001
From: Bob Owen <bobowencode@gmail.com>
Date: Tue, 29 Jan 2019 08:49:13 +0000
Subject: [PATCH] Bug 1512731: Add sandbox read rule for user's AppData\Local
 Fonts dir. r=handyman

---
 security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index abe7e16f3051..5154989ce0da 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -495,6 +495,11 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                        "With these static arguments AddRule should never fail, "
                        "what happened?");
   } else {
+    // Add rule to allow access to user specific fonts.
+    AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
+                     sLocalAppDataDir,
+                     NS_LITERAL_STRING("\\Microsoft\\Windows\\Fonts\\*"));
+
     // Add rule to allow read access to installation directory.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
                      sBinDir, NS_LITERAL_STRING("\\*"));