Mercurial > mozreview > gecko / changeset / 6efa21004051a356ef988541bedd1518c14e6012
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r?haik draft
authorAlex Gaynor <agaynor@mozilla.com>
Mon, 24 Jul 2017 09:50:32 -0400
changeset 614512 6efa21004051a356ef988541bedd1518c14e6012
parent 614262 60a5308fa987676fa5ed9fd5b3ad6c9938af0539
child 638882 0958ead9dd5ac9fbc505d9ff3e5579270b6a26d9
push id70030
push userbmo:agaynor@mozilla.com
push dateMon, 24 Jul 2017 17:21:14 +0000
reviewershaik
bugs1383818
milestone56.0a1
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r?haik It is not used, so this is an attack surface reduction. MozReview-Commit-ID: mrW9hi0SAh
security/sandbox/mac/SandboxPolicies.h file | annotate | diff | comparison | revisions 
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -196,17 +196,16 @@ static const char contentSandboxRules[] 
       (global-name "com.apple.PowerManagement.control")
       (global-name "com.apple.cmio.VDCAssistant")
       (global-name "com.apple.SystemConfiguration.configd")
       (global-name "com.apple.iconservices")
       (global-name "com.apple.cookied")
       (global-name "com.apple.cache_delete")
       (global-name "com.apple.pluginkit.pkd")
       (global-name "com.apple.bird")
-      (global-name "com.apple.ocspd")
       (global-name "com.apple.cmio.AppleCameraAssistant")
       (global-name "com.apple.DesktopServicesHelper"))
 
 ; bug 1376163
   (if (string=? macosMinorVersion-min13 "TRUE")
     (allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
 
 ; bug 1312273
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.