Bug 1388580 - [Mac] Remove miscellaneous iokit open permissions
MozReview-Commit-ID: 3StDmeSwZUG
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -191,27 +191,18 @@ static const char contentSandboxRules[]
(if (>= macosMinorVersion 13)
(allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
; bug 1312273
(if (= macosMinorVersion 9)
(allow mach-lookup (global-name "com.apple.xpcd")))
(allow iokit-open
- (iokit-user-client-class "IOHIDParamUserClient")
- (iokit-user-client-class "IOAudioEngineUserClient")
- (iokit-user-client-class "IGAccelDevice")
- (iokit-user-client-class "nvDevice")
- (iokit-user-client-class "nvSharedUserClient")
- (iokit-user-client-class "nvFermiGLContext")
- (iokit-user-client-class "IGAccelGLContext")
- (iokit-user-client-class "IGAccelSharedUserClient")
- (iokit-user-client-class "IGAccelVideoContextMain")
- (iokit-user-client-class "IGAccelVideoContextMedia")
- (iokit-user-client-class "IGAccelVideoContextVEBox"))
+ (iokit-user-client-class "IOHIDParamUserClient")
+ (iokit-user-client-class "IOAudioEngineUserClient"))
; depending on systems, the 1st, 2nd or both rules are necessary
(allow-shared-preferences-read "com.apple.HIToolbox")
(allow file-read-data (literal "/Library/Preferences/com.apple.HIToolbox.plist"))
(allow-shared-preferences-read "com.apple.ATS")
(allow file-read-data (literal "/Library/Preferences/.GlobalPreferences.plist"))
