Closed Bug 1386300 Opened 7 years ago Closed 7 years ago

[meta] [Mac] Remove iokit permissions from the content sandbox

Categories

(Core :: Security: Process Sandboxing, enhancement)

Product:
Core
Component:
Security: Process Sandboxing
Version:
56 Branch
Platform:
Unspecified
macOS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: haik, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: meta)

On OS X, the IOKit framework is used to allow user code to interface with device drivers. Device drivers are a kernel attack vector. We have some rules in our content sandbox allowing instances of this and we should those rules where possible.
Keywords: meta
Depends on: 1386075, 1386161
See Also: → 678330
Blocks: 1359559
See Also: → 1359573
Depends on: 1388580
Depends on: 1403210
Depends on: 1403567
Going to declare this work completed - we still have two categories of iokit-opens left in content, which have dedicated bugs: - graphics - bug 1405092 - audio - bug 1405091 We removed all the other iokit rules we could, and these two categories can be tracked there.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.