Closed
Bug 1386161
Opened 7 years ago
Closed 7 years ago
[Mac] Remove IOAudioControl Rules
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fixed |
People
(Reporter: haik, Assigned: haik)
References
Details
(Whiteboard: sb+)
Attachments
(2 files)
With some minimal testing, sound playing and WebRTC continue to work with these rules removed. These seem to be for interacting directly with audio drivers and may not be needed. (allow iokit-set-properties (iokit-property "IOAudioControlValue")) (allow iokit-open (iokit-user-client-class "IOAudioControlUserClient"))
|
Assignee | |
Comment 1•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=5cdf7d0335642e3e30c2f67da884684e43f73f0f
|
|
Assignee | |
Updated•7 years ago
|
Whiteboard: sbmc3
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → haftandilian
Priority: -- → P1
|
|
Assignee | |
Updated•7 years ago
|
Version: 56 Branch → 57 Branch
|
|
Assignee | |
Comment 2•7 years ago
|
||
My local testing and try testing hasn't turned up any issues with these changes so I'm going to move forward with the changes. These lines were introduced in bug 1083344 when Steven first landed most of the rules.
| Comment hidden (mozreview-request) |
|
||
Comment 4•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8893589 [details] Bug 1386161 - [Mac] Remove IOAudioControl Rules. https://reviewboard.mozilla.org/r/164664/#review170286
Attachment #8893589 -
Flags: review?(agaynor) → review+
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/989cea1f3820 [Mac] Remove IOAudioControl Rules. r=Alex_Gaynor
|
||
Updated•7 years ago
|
Whiteboard: sbmc3 → sb+
|
|
||
Comment 6•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/989cea1f3820
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
|
|
Assignee | |
Comment 7•7 years ago
|
||
With the fix for this, when sandbox logging is enabled[1], we log a sandbox violation: "plugin-container(1666) deny iokit-open IOAudioControlUserClient" when watching a video on YouTube (and probably in other cases too). Attachment is the Console report collected on 10.11 and the stack shows cubeb_init() is triggering it. See attachment for the full stack. 1. security.sandbox.logging.enabled=true or env var MOZ_SANDBOX_LOGGING is set
|
|
Assignee | |
Comment 8•7 years ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #7) > ... > Attachment is the Console report collected on 10.11 and the stack shows > cubeb_init() is triggering it. See attachment for the full stack. > ... We have bug 1362220 to move audio out of the content process.
See Also: → 1362220
You need to log in
before you can comment on or make changes to this bug.
Description
•