Closed Bug 1322370 Opened 5 years ago Closed 5 years ago

Disable camera access in the Mac content sandbox


(Core :: Security: Process Sandboxing, defect)

53 Branch
Not set



Tracking Status
firefox52 --- fixed
firefox53 --- fixed


(Reporter: haik, Assigned: haik)


(Whiteboard: sbmc2)


(1 file)

With the fix for bug 1104616 the content process should not need web camera access. This fix is to remove the camera allowance in the Mac sandbox rules. With the "(allow device-camera)" rule removed, try unit tests passed and appeared to work as before. I'm working on a method to validate that this change does indeed prevent content from accessing the camera.
Assignee: nobody → haftandilian
Whiteboard: sbmc2
For validation, I added a test to the work I'm doing (not integrated yet) on bug 1309394 that loads a Mac .dylib file and executes an exported function that returns the number of available cameras. (See the AVFoundation Programming Guide on

     1 int GetNumberOfCameras(void) {
     2     int numCameras = 0;
     4     NSArray *devices = [AVCaptureDevice devices];
     5     for (AVCaptureDevice *device in devices) {
     6         if ([device hasMediaType:AVMediaTypeVideo]) {
     7             numCameras++;
     8         }   
     9     }   
    11     return (numCameras);
    12 }

Without the change to the sandbox policy, the function returns 1 on my MacBook equipped with a front facing camera. With the change to remove camera permission from the sandbox, the function returns 0--no cameras found.

I haven't done the plumbing yet to build the dylib for the test execution, but I'm planning to move forward with this fix first.
Comment on attachment 8820892 [details]
Bug 1322370 - Disable camera access in the Mac content sandbox;
Attachment #8820892 - Flags: review+
Keywords: checkin-needed
Pushed by
Disable camera access in the Mac content sandbox; r=jimm
Keywords: checkin-needed
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Comment on attachment 8820892 [details]
Bug 1322370 - Disable camera access in the Mac content sandbox;

Approval Request Comment
[Feature/Bug causing the regression]:

[User impact if declined]:
A compromised content process can access 

[Is this code covered by automated tests?]:
No, but that is being worked on.

[Has the fix been verified in Nightly?]:

[Needs manual test from QE? If yes, steps to reproduce]: 

[List of other uplifts needed for the feature/fix]:

[Is the change risky?]:
Low risk.

[Why is the change risky/not risky?]:
There are no changes to executable code, just the Mac content sandbox ruleset to remove access to the camera. This leverages work already done to proxy camera access through the parent process.

[String changes made/needed]:
Attachment #8820892 - Flags: approval-mozilla-aurora?
For testing on Aurora 52, I used the same approach described in comment 2.

Try results for Aurora 52:
Comment on attachment 8820892 [details]
Bug 1322370 - Disable camera access in the Mac content sandbox;

tighten mac content sandbox, aurora52+
Attachment #8820892 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.