Closed Bug 1386300 Opened 7 years ago Closed 7 years ago

[meta] [Mac] Remove iokit permissions from the content sandbox

Categories

(Core :: Security: Process Sandboxing, enhancement)

56 Branch
Unspecified
macOS
enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: haik, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: meta)

On OS X, the IOKit framework is used to allow user code to interface with device drivers. Device drivers are a kernel attack vector. We have some rules in our content sandbox allowing instances of this and we should those rules where possible.
Keywords: meta
Depends on: 1386075, 1386161
See Also: → 678330
Blocks: 1359559
See Also: → 1359573
Depends on: 1388580
Depends on: 1403210
Depends on: 1403567
Going to declare this work completed - we still have two categories of iokit-opens left in content, which have dedicated bugs: - graphics - bug 1405092 - audio - bug 1405091 We removed all the other iokit rules we could, and these two categories can be tracked there.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.