Bug 1384483 - Allow reading userContent.css in the sandbox. j?jld
MozReview-Commit-ID: A43RY1J95VF
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -245,16 +245,35 @@ SandboxBrokerPolicyFactory::GetContentPo
Preferences::GetCString("security.sandbox.content.write_path_whitelist");
AddDynamicPathList(policy.get(), extraWritePathString, rdwr);
// file:// processes get global read permissions
if (aFileProcess) {
policy->AddDir(rdonly, "/");
}
+ // userContent.css sits in the profile, which is normally blocked
+ // and we can't get the profile dir earlier
+ nsCOMPtr<nsIFile> profileDir;
+ nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+ getter_AddRefs(profileDir));
+ if (NS_SUCCEEDED(rv)) {
+ rv = profileDir->AppendNative(NS_LITERAL_CSTRING("chrome"));
+ if (NS_SUCCEEDED(rv)) {
+ rv = profileDir->AppendNative(NS_LITERAL_CSTRING("userContent.css"));
+ if (NS_SUCCEEDED(rv)) {
+ nsAutoCString tmpPath;
+ rv = profileDir->GetNativePath(tmpPath);
+ if (NS_SUCCEEDED(rv)) {
+ policy->AddPath(rdonly, tmpPath.get());
+ }
+ }
+ }
+ }
+
// Return the common policy.
return policy;
}
void
SandboxBrokerPolicyFactory::AddDynamicPathList(SandboxBroker::Policy *policy,
nsAdoptingCString& pathList,