1932976 - Investigate using App Group Containers for profile data

Status: ASSIGNED

(Core :: Widget: Cocoa, task, P3)

Description

[Haik Aftandilian [:haik]]

Investigate use of App Group Containers to store Firefox profile data. This would improve the local security of Firefox profile data by requiring the user to approve any read or write of profile data by other applications.

See the macOS 15 release notes:
https://developer.apple.com/documentation/macos-release-notes/macos-15-release-notes#System-Integrity-Protection

WWDC 24 description:
https://developer.apple.com/videos/play/wwdc2024/10123/?time=743

containerURLForSecurityApplicationGroupIdentifier API:
https://developer.apple.com/documentation/foundation/nsfilemanager/1412643-containerurlforsecurityapplicati?language=objc

Comment 1

[Haik Aftandilian [:haik]]

This needs some more investigation, but since the location of profiles.ini would not have to change and we already support profiles at arbitrary locations in the filesystem, it could be that tools or other applications that read the profiles would not need to be updated for the new location.

The change could be done in multiple phases. At first, only new profiles are placed in the new location. Migrating existing profiles would be an optional second step.

There would be some risk to using the literal container path in profiles.ini if the path returned from containerURLForSecurityApplicationGroupIdentifier ever were to change. In that case, an OS upgrade would likely end up moving the data resulting in the path in profiles.ini no longer referring to the profile. That could be accounted for in code.

Per the docs,

Note
Always use the URL returned by this method to locate the group
directory rather than manually constructing a URL with an explicit path.
The exact location of the directory in the file system might change in
future releases of macOS, but this method will always return the correct URL.

Comment 3

[Nishu Sheth [:nishu]]

Attachment: WIP: Bug 1932976 - Add support for storing profiles in macOS App Group container

Comment 4

[Nishu Sheth [:nishu]]

Attachment: Bug 1932976 - Add support for storing profiles in macOS App Group container

Comment 5

[Pulsebot]

Pushed by nsheth@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/9aab08a4fa6e
https://hg.mozilla.org/integration/autoland/rev/524a7cb7683b
Add support for storing profiles in macOS App Group container r=profiles-reviewers,mossop

Comment 6

[Pulsebot]

Pushed by smolnar@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/0b0d16fe5f45
https://hg.mozilla.org/integration/autoland/rev/4e6fbaf1d1fd
Revert "Bug 1932976 - Add support for storing profiles in macOS App Group container r=profiles-reviewers,mossop" for causing lint failures

Comment 7

[Sandor Molnar[:smolnar]]

Backed out for causing lint failures

Backout link: https://hg.mozilla.org/integration/autoland/rev/4e6fbaf1d1fdd68719418a1cdd15716934a4ba85

Push with failures

Failure log -> TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/toolkit/profile/AppGroupPath.h:0 | invalid header guard AppGroupPath_h__, using '__' in a macro name is reserved (header-guards)