It's widely documented on the web that Apple enforces quarantine attributes
'for us' using the list in
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Exceptions.plist
Unfortunately, this is based on the bundle ID. Which means it won't apply to custom
builds, to Nightly, and potentially to other cases. It would also be much nicer
if we could just make these determinations ourselves. Step 1: opt-in from Info.plist
Without this, for e.g. local Nightly builds, asking for quarantine attributes
simply gets you a nil dictionary and our code bails out.
MozReview-Commit-ID: 4aLyz2901BS
--HG--
extra : rebase_source : 7aab5177276c20007036abd19efb56741d790ec2
Changes the semantics of the security.sandbox.content.level pref on OS X with
respect to file access to the user's home directory. With the fix, Nightly
defaults to 2 while other releases will default to 1. The level values now
have the following meaning.
*) security.sandbox.content.level=0 disables content process sandboxing.
No change here.
*) security.sandbox.content.level=1 blocks write access to the majority of the
home directory.
*) security.sandbox.content.level=2 includes the write access blocking in
level 1, but also blocks both read and write access to ~/Library and $PROFILE
excluding the extensions and weave subdirectories.
Prior to this fix, Nightly defaulted to a value of 1 while all other releases
used 0. The value of 1 meant that read/write access to ~/Library and the
$PROFILE dir (excluding $PROFILE/{extensions,weave}) was prevented.
The strength of a level=1 sandbox is reduced by this with fix,
but level=1 becomes the first ride-the-trains content sandbox candidate,
Nightly changes to level=2, and higher levels still indicate a more
restrictive sandbox.
MozReview-Commit-ID: 7NJAe24T4pU
--HG--
extra : rebase_source : 8cb5ea82004ad631fe688bafffa9dc9979568679
Disabling the Adobe CDM but leaving it visible means that we won't download it
and if a site tries to use it we will prompt the user to enable DRM and only
then download it.
MozReview-Commit-ID: LtEr0NJMiQM
--HG--
extra : rebase_source : b7c6f005fb6173c41af6a583c22473066a47a5eb
Changes the semantics of the security.sandbox.content.level pref on OS X with
respect to file access to the user's home directory. With the fix, Nightly
defaults to 2 while other releases will default to 1. The level values now
have the following meaning.
*) security.sandbox.content.level=0 disables content process sandboxing.
No change here.
*) security.sandbox.content.level=1 blocks write access to the majority of the
home directory.
*) security.sandbox.content.level=2 includes the write access blocking in
level 1, but also blocks both read and write access to ~/Library and $PROFILE
excluding the extensions and weave subdirectories.
Prior to this fix, Nightly defaulted to a value of 1 while all other releases
used 0. The value of 1 meant that read/write access to ~/Library and the
$PROFILE dir (excluding $PROFILE/{extensions,weave}) was prevented.
The strength of a level=1 sandbox is reduced by this with fix,
but level=1 becomes the first ride-the-trains content sandbox candidate,
Nightly changes to level=2, and higher levels still indicate a more
restrictive sandbox.
MozReview-Commit-ID: 7NJAe24T4pU
--HG--
extra : rebase_source : 6e678cc6d23c604d8ed0888d6ceeeb4bf797cb1f
The "Enable Crash Reporter" pref is erroneous because what it actually controls is
whether or not the "Submit crash report" checkbox is checked by default when the
crash report dialog comes up.
MozReview-Commit-ID: Ud6SLKXvxw
--HG--
extra : rebase_source : 45d3bc0e5ea727983e8c6e6c0d2c13b020dc0a11
The current UI for EME on Linux is confusing. We have the 'Play DRM Content'
checkbox ticked, but the CDM disabled. It would be clearer if we just had
the 'Play DRM Checkbox' unticked, and instead left the Widevine CDM enabled.
Then we won't download and install the CDM until the 'Play DRM Content'
checkbox is checked (which toggles media.eme.enabled).
This also means that the Widevine CDM won't appear in the plugins list
by default unless the 'Play DRM Checkbox' is checked.
MozReview-Commit-ID: 7CeCe1DOWgM
--HG--
extra : rebase_source : 39fa0bf479f3632616ef6e79178348605404c575
We don't want the Widevine CDM to be downloaded by default on Linux, as
the CDM is proprietary software and the user hasn't opted in to having such
software on their system. By leaving the CDM visible but disabled, we'll
prompt the user the first time EME is used, and they can approve the
download.
This means the Widevine CDM won't be downloaded by default. The user will
need to opt-in to enablding DRM playback before we'll download proprietary
CDMs.
MozReview-Commit-ID: GLBoK2Czjcc
--HG--
extra : rebase_source : 35aac5a84a1b779149d08fe5a2c85179bd00756d