Closed Bug 1354674 Opened 7 years ago Closed 7 years ago

Introduce a (not-yet-enabled) level 3 Mac content sandbox with home directory read access disabled

Categories

(Core :: Security: Process Sandboxing, enhancement)

Product:
Core
Component:
Security: Process Sandboxing
Version:
55 Branch
Platform:
Unspecified
macOS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: haik, Assigned: haik)

Details

Attachments

(1 file)

Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled
59 bytes, text/x-review-board-request
Alex_Gaynor
: review+
Details 
As a precursor to Bug 1332190, the intent with this bug is to add support for setting security.sandbox.content.level=3 on Mac, while leaving the Nightly default level at 2. This will make it a bit easier to start testing read access restrictions before we're ready to enable it.
Assignee: nobody → haftandilian
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130896

::: security/sandbox/test/browser_content_sandbox_utils.js:68
(Diff revision 1)
>  }
>  
> +function GetHomeDir() {
> +  // get home directory
> +  let homeDir = Services.dirsvc.get("Home", Ci.nsILocalFile);
> +  return (homeDir);

Question: are the parens around the return value a local convention I should know about?
Attachment #8856064 - Flags: review?(agaynor)
Attachment #8856064 - Flags: review?(jmathies)
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130922

::: security/sandbox/test/browser_content_sandbox_utils.js:68
(Diff revision 1)
>  }
>  
> +function GetHomeDir() {
> +  // get home directory
> +  let homeDir = Services.dirsvc.get("Home", Ci.nsILocalFile);
> +  return (homeDir);

No, it's just that I used parens when I first wrote this file out of habit from previous years using another convention.
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130924
Attachment #8856064 - Flags: review?(agaynor) → review+
Attachment #8856064 - Flags: review?(jmathies)
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/34006a1fee90
Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled r=Alex_Gaynor
https://hg.mozilla.org/mozilla-central/rev/34006a1fee90
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox55: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: