Introduce a (not-yet-enabled) level 3 Mac content sandbox with home directory read access disabled

RESOLVED FIXED in Firefox 55

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: haik, Assigned: haik)

Tracking

55 Branch
mozilla55
Unspecified
Mac OS X
Points:
---

Firefox Tracking Flags

(firefox55 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

a year ago
As a precursor to Bug 1332190, the intent with this bug is to add support for setting security.sandbox.content.level=3 on Mac, while leaving the Nightly default level at 2. This will make it a bit easier to start testing read access restrictions before we're ready to enable it.
(Assignee)

Updated

a year ago
Assignee: nobody → haftandilian
Comment hidden (mozreview-request)

Comment 2

a year ago
mozreview-review
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130896

::: security/sandbox/test/browser_content_sandbox_utils.js:68
(Diff revision 1)
>  }
>  
> +function GetHomeDir() {
> +  // get home directory
> +  let homeDir = Services.dirsvc.get("Home", Ci.nsILocalFile);
> +  return (homeDir);

Question: are the parens around the return value a local convention I should know about?
Attachment #8856064 - Flags: review?(agaynor)
(Assignee)

Updated

a year ago
Attachment #8856064 - Flags: review?(jmathies)
(Assignee)

Comment 3

a year ago
mozreview-review
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130922

::: security/sandbox/test/browser_content_sandbox_utils.js:68
(Diff revision 1)
>  }
>  
> +function GetHomeDir() {
> +  // get home directory
> +  let homeDir = Services.dirsvc.get("Home", Ci.nsILocalFile);
> +  return (homeDir);

No, it's just that I used parens when I first wrote this file out of habit from previous years using another convention.

Comment 4

a year ago
mozreview-review
Comment on attachment 8856064 [details]
Bug 1354674 - Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled

https://reviewboard.mozilla.org/r/128010/#review130924
Attachment #8856064 - Flags: review?(agaynor) → review+
(Assignee)

Updated

a year ago
Attachment #8856064 - Flags: review?(jmathies)

Comment 5

a year ago
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/34006a1fee90
Introduce, but don't enable, a level 3 Mac content sandbox with home directory read access disabled r=Alex_Gaynor

Comment 6

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/34006a1fee90
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox55: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.