Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r?jld
Also clean up the order of paths a bit.
MozReview-Commit-ID: GM62r4N9wL7
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -94,30 +94,33 @@ SandboxBrokerPolicyFactory::SandboxBroke
#endif // MOZ_PULSEAUDIO
}
#endif // MOZ_WIDGET_GTK
// Read permissions
policy->AddPath(rdonly, "/dev/urandom");
policy->AddPath(rdonly, "/proc/cpuinfo");
policy->AddPath(rdonly, "/proc/meminfo");
+ policy->AddDir(rdonly, "/sys/devices/cpu");
+ policy->AddDir(rdonly, "/sys/devices/system/cpu");
policy->AddDir(rdonly, "/lib");
policy->AddDir(rdonly, "/lib64");
+ policy->AddDir(rdonly, "/usr/lib");
+ policy->AddDir(rdonly, "/usr/lib32");
+ policy->AddDir(rdonly, "/usr/lib64");
policy->AddDir(rdonly, "/etc");
policy->AddDir(rdonly, "/usr/share");
policy->AddDir(rdonly, "/usr/local/share");
- policy->AddDir(rdonly, "/usr/lib");
- policy->AddDir(rdonly, "/usr/lib32");
- policy->AddDir(rdonly, "/usr/lib64");
- policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
policy->AddDir(rdonly, "/usr/tmp");
policy->AddDir(rdonly, "/var/tmp");
- policy->AddDir(rdonly, "/sys/devices/cpu");
- policy->AddDir(rdonly, "/sys/devices/system/cpu");
+ // Various places where fonts reside
+ policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
policy->AddDir(rdonly, "/nix/store");
+ policy->AddDir(rdonly, "/run/host/fonts");
+ policy->AddDir(rdonly, "/run/host/user-fonts");
// Bug 1384178: Mesa driver loader
policy->AddPrefix(rdonly, "/sys/dev/char/226:");
// Bug 1385715: NVIDIA PRIME support
policy->AddPath(rdonly, "/proc/modules");
#ifdef MOZ_PULSEAUDIO
