[Mac] Remove com.apple.coreservices.appleevents from the content process sandbox

RESOLVED FIXED in Firefox 57

Status

()

defect
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: haik, Assigned: haik)

Tracking

56 Branch
mozilla57
Unspecified
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox57 fixed)

Details

(Whiteboard: sbmc3)

Attachments

(1 attachment)

Assignee

Description

2 years ago
Testing with the removal of com.apple.coreservices.appleevents from the Mac content sandbox is clean on try and doesn't cause any problems I've noticed in browsing. I'd like to investigate the impacts of removing this from content a bit more and land this after the 56 merge to Beta.

As a side effect, this prevents the browser from triggering appleeventsd sandbox violations on startup when run from the home directory. For example,

  sandboxd - SandboxViolation: appleeventsd(64) deny file-read-data /Users/me/r/mozilla-central/obj-opt.noindex/dist/Nightly.app/Contents/MacOS/plugin-container.app

The daemon, documented as "appleeventsd(8) -- System-wide daemon which coordinates AppleEvents activity on the system", tries to read files from the .app bundle which results in sandbox violations because the daemon runs under a sandbox profile that does not allow access to the home directory. See /System/Library/Sandbox/Profiles/com.apple.coreservices.appleevents.appleeventsd.sb.

Removing access to the service generates a Console.app log entry that is visible if logging is enabled with security.sandbox.logging.enabled=true or env variable MOZ_SANDBOX_LOGGING:

  SandboxViolation: plugin-container(75246) deny(1) mach-lookup com.apple.coreservices.appleevents

Try run:

  https://treeherder.mozilla.org/#/jobs?repo=try&revision=091cc5a7a99027a6de6d2627a2784a3416eefec8
Assignee

Updated

2 years ago
Assignee: nobody → haftandilian
Whiteboard: sbmc3
Assignee

Updated

2 years ago
Target Milestone: --- → mozilla57
Assignee

Comment 2

2 years ago
AppleEvents are for scripting applications with AppleScript. We shouldn't need to (and wouldn't want to) let AppleScript apply to content processes.
Assignee

Updated

2 years ago
Attachment #8889977 - Flags: review?(agaynor)

Comment 3

2 years ago
mozreview-review
Comment on attachment 8889977 [details]
Bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox.

https://reviewboard.mozilla.org/r/161026/#review169338

::: security/sandbox/mac/SandboxPolicies.h:190
(Diff revision 1)
>    (allow job-creation (literal "/Library/CoreMediaIO/Plug-Ins/DAL"))
>    (allow iokit-set-properties (iokit-property "IOAudioControlValue"))
>  
>    (allow mach-lookup
>        (global-name "com.apple.coreservices.launchservicesd")
> -      (global-name "com.apple.coreservices.appleevents")
> +;     (global-name "com.apple.coreservices.appleevents")

Please delete the line, rather than just commenting it out.
Attachment #8889977 - Flags: review?(agaynor) → review-
Comment hidden (mozreview-request)

Comment 5

2 years ago
mozreview-review
Comment on attachment 8889977 [details]
Bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox.

https://reviewboard.mozilla.org/r/161026/#review169340
Attachment #8889977 - Flags: review?(agaynor) → review+
Assignee

Comment 6

2 years ago
mozreview-review-reply
Comment on attachment 8889977 [details]
Bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox.

https://reviewboard.mozilla.org/r/161026/#review169338

> Please delete the line, rather than just commenting it out.

Fixed!

Comment 7

2 years ago
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1d77aa067204
[Mac] Remove com.apple.coreservices.appleevents from the content process sandbox. r=Alex_Gaynor
https://hg.mozilla.org/mozilla-central/rev/1d77aa067204
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.