Bug 1294641 - whitelist reads from the .app directory in the macOS sandbox r=froydnj,haik

This patch does a few things: a) Adds the resources location from the .app directory to the read whitelist b) When it's a non-packaged build, mach run (and various mach tests) set an environment variable for the repo location which we allow reads from. r=haik,froydnj MozReview-Commit-ID: KNvAoUs5Ati --HG-- extra : rebase_source : 81ba8bfee0ca96979cf8e30d75cdd47f06bc10ea
2017-04-07 14:53:19 -04:00 · 2017-04-07 14:53:19 -04:00 · fcd28c5b2a
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -59,6 +59,7 @@
 #include "mozilla/layout/RenderFrameChild.h"
 #include "mozilla/net/NeckoChild.h"
 #include "mozilla/net/CaptivePortalService.h"
+#include "mozilla/Omnijar.h"
 #include "mozilla/plugins/PluginInstanceParent.h"
 #include "mozilla/plugins/PluginModuleParent.h"
 #include "mozilla/widget/ScreenManager.h"
@ -1230,7 +1231,7 @@ GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
  if (!dirSvc) {
    return false;
  }
-  rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR,
+  rv = dirSvc->Get(NS_GRE_DIR,
                   NS_GET_IID(nsIFile), getter_AddRefs(appDir));
  if (NS_FAILED(rv)) {
    return false;
@ -1264,6 +1265,18 @@ GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
  return true;
 }

+// Returns whether or not the currently running build is a development build -
+// where development build means "the files in the .app are symlinks to the src
+// directory". This check is implemented by looking for omni.ja in
+// .app/Contents/Resources/.
+static bool
+IsDevelopmentBuild()
+{
+  nsCOMPtr<nsIFile> path = mozilla::Omnijar::GetPath(mozilla::Omnijar::GRE);
+  // If the path doesn't exist, we're a dev build.
+  return path == nullptr;
+}
+
 static bool
 StartMacOSContentSandbox()
 {
@ -1307,6 +1320,13 @@ StartMacOSContentSandbox()
  }

  bool isFileProcess = cc->GetRemoteType().EqualsLiteral(FILE_REMOTE_TYPE);
+  char *developer_repo_dir = nullptr;
+  if (IsDevelopmentBuild()) {
+    // If this is a developer build the resources in the .app are symlinks to
+    // outside of the .app. Therefore in non-release builds we allow reads from
+    // the whole repository. MOZ_DEVELOPER_REPO_DIR is set by mach run.
+    developer_repo_dir = PR_GetEnv("MOZ_DEVELOPER_REPO_DIR");
+  }

  MacSandboxInfo info;
  info.type = MacSandboxType_Content;
@ -1316,7 +1336,11 @@ StartMacOSContentSandbox()
                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
  info.appPath.assign(appPath.get());
  info.appBinaryPath.assign(appBinaryPath.get());
-  info.appDir.assign(appDir.get());
+  if (developer_repo_dir != nullptr) {
+    info.appDir.assign(developer_repo_dir);
+  } else {
+    info.appDir.assign(appDir.get());
+  }
  info.appTempDir.assign(tempDirPath.get());

  if (profileDir) {
--- a/layout/tools/reftest/mach_commands.py
+++ b/layout/tools/reftest/mach_commands.py
@ -222,6 +222,7 @@ class MachCommands(MachCommandBase):
        return self._run_reftest(**kwargs)

    def _run_reftest(self, **kwargs):
+        kwargs["topsrcdir"] = self.topsrcdir
        process_test_objects(kwargs)
        reftest = self._spawn(ReftestRunner)
        if conditions.is_android(self):
--- a/layout/tools/reftest/runreftest.py
+++ b/layout/tools/reftest/runreftest.py
@ -362,6 +362,8 @@ class RefTest(object):
        browserEnv = self.environment(
            xrePath=options.xrePath, debugger=options.debugger)
        browserEnv["XPCOM_DEBUG_BREAK"] = "stack"
+        if hasattr(options, "topsrcdir"):
+            browserEnv["MOZ_DEVELOPER_REPO_DIR"] = options.topsrcdir

        if mozinfo.info["asan"]:
            # Disable leak checking for reftests for now
--- a/python/mozbuild/mozbuild/mach_commands.py
+++ b/python/mozbuild/mozbuild/mach_commands.py
@ -1182,7 +1182,9 @@ class RunProgram(MachCommandBase):
                args.append('-profile')
                args.append(path)

-        extra_env = {}
+        extra_env = {
+            'MOZ_DEVELOPER_REPO_DIR': self.topsrcdir,
+        }

        if not enable_crash_reporter:
            extra_env['MOZ_CRASHREPORTER_DISABLE'] = '1'
--- a/testing/mochitest/mach_commands.py
+++ b/testing/mochitest/mach_commands.py
@ -139,6 +139,7 @@ class MochitestRunner(MozbuildObject):
            logging.getLogger().removeHandler(handler)

        options = Namespace(**kwargs)
+        options.topsrcdir = self.topsrcdir

        from manifestparser import TestManifest
        if tests and not options.manifestFile:
--- a/testing/mochitest/mochitest_options.py
+++ b/testing/mochitest/mochitest_options.py
@ -1002,6 +1002,9 @@ class AndroidArguments(ArgumentContainer):
        if options.xrePath is None:
            options.xrePath = options.utilityPath

+        if build_obj:
+            options.topsrcdir = build_obj.topsrcdir
+
        if options.pidFile != "":
            f = open(options.pidFile, 'w')
            f.write("%s" % os.getpid())
--- a/testing/mochitest/runtests.py
+++ b/testing/mochitest/runtests.py
@ -1577,6 +1577,9 @@ toolbar#nav-bar {
            dmdPath=options.dmdPath,
            lsanPath=lsanPath)

+        if hasattr(options, "topsrcdir"):
+            browserEnv["MOZ_DEVELOPER_REPO_DIR"] = options.topsrcdir
+
        # These variables are necessary for correct application startup; change
        # via the commandline at your own risk.
        browserEnv["XPCOM_DEBUG_BREAK"] = "stack"
--- a/testing/xpcshell/runxpcshelltests.py
+++ b/testing/xpcshell/runxpcshelltests.py
@ -921,6 +921,8 @@ class XPCShellTests(object):
        # enable non-local connections for the purposes of local testing.
        # Don't override the user's choice here.  See bug 1049688.
        self.env.setdefault('MOZ_DISABLE_NONLOCAL_CONNECTIONS', '1')
+        if self.mozInfo.get("topsrcdir") is not None:
+            self.env["MOZ_DEVELOPER_REPO_DIR"] = self.mozInfo["topsrcdir"].encode()

    def buildEnvironment(self):
        """