Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r?haik
It is not used, so this is an attack surface reduction.
MozReview-Commit-ID: mrW9hi0SAh
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -196,17 +196,16 @@ static const char contentSandboxRules[]
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.cmio.VDCAssistant")
(global-name "com.apple.SystemConfiguration.configd")
(global-name "com.apple.iconservices")
(global-name "com.apple.cookied")
(global-name "com.apple.cache_delete")
(global-name "com.apple.pluginkit.pkd")
(global-name "com.apple.bird")
- (global-name "com.apple.ocspd")
(global-name "com.apple.cmio.AppleCameraAssistant")
(global-name "com.apple.DesktopServicesHelper"))
; bug 1376163
(if (string=? macosMinorVersion-min13 "TRUE")
(allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
; bug 1312273