Open Bug 1755777 Opened 2 years ago Updated 2 years ago

resource://gre wont show some icons on Mac OS due to sandbox

Categories

(Core :: Security: Process Sandboxing, defect, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Desktop
macOS
Type:
defect

Tracking

()

People

(Reporter: daleharvey, Unassigned)

References

Details

Attachments

(2 files)

Sandbox disabled
251.57 KB, image/png
Details
Sandbox enabled
247.24 KB, image/png
Details

If I set security.sandbox.content.level=0 then resource://gre will show more icons than if it was set to 3. If I open up the Mac console I can see calls to com.apple.iconservices being denied. The Windows and Linux moz-icon decoders have implementing remoting to fetch the image data from the parent process however that has not been implemented on Mac by the looks of it.

(https://bugzilla.mozilla.org/show_bug.cgi?id=1721850 + https://bugzilla.mozilla.org/show_bug.cgi?id=1695381#c0)

Attached image Sandbox disabled
Attached image Sandbox enabled

Bug 1388360 intentionally removed access to com.apple.iconservices from content processes allowing it only for file content processes so that icons can be displayed on local directory listings (fixed with bug 1419811). We can address this by using the moz-icon:// remoting already used by Linux and Windows on Mac.

Severity: -- → S3
Priority: -- → P2
See Also: → 1388360, 1419811, 1721850, 1695381
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: