1288774 - Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Jim Mathies [:jimm]]

This rule is obsolete, it is superseded by the rule that allows access to the newer NS_APP_CONTENT_PROCESS_TEMP_DIR.

  "\n"
  "; bug 1190032\n"
  "    (allow file*\n"
  "        (home-regex \"/Library/Caches/TemporaryItems/plugtmp.*\"))\n"

Comment 1

[Haik Aftandilian [:haik]]

Attachment: Removes content read/write access to ~/Library/Caches/TemporaryItems/plugtmp.*

Removes the OS X content sandbox rule allowing read and write access to ~/Library/Caches/TemporaryItems/plugtmp.*. This is the plugin temp dir that used to be returned from nsPluginHost::GetPluginTempDir(nsIFile **aDir). Now, GetPluginTempDir returns a directory within the content sandboxed temp dir (NS_APP_CONTENT_PROCESS_TEMP_DIR) which is a directory the content process is given read and write access to. As a result, the rule specifically for plugtmp is no longer needed.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=083c218b9329
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7b5f9f6a37ff

Comment 2

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a5fc40f291f5
Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir. r=jimm

Comment 3

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/a5fc40f291f5