Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r?jld
MozReview-Commit-ID: 30j9VbHUjFn
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -125,30 +125,40 @@ SandboxBrokerPolicyFactory::SandboxBroke
#ifdef MOZ_PULSEAUDIO
// See bug 1384986 comment #1.
if (const auto xauth = PR_GetEnv("XAUTHORITY")) {
policy->AddPath(rdonly, xauth);
}
#endif
- // Configuration dirs in the homedir that we want to allow read
+ // Allow access to XDG_CONFIG_PATH and XDG_CONFIG_DIRS
+ if (const auto xdgConfigPath = PR_GetEnv("XDG_CONFIG_PATH")) {
+ policy->AddDir(rdonly, xdgConfigPath);
+ }
+
+ nsAutoCString xdgConfigDirs(PR_GetEnv("XDG_CONFIG_DIRS"));
+ for (const auto& path : xdgConfigDirs.Split(':')) {
+ policy->AddDir(rdonly, PromiseFlatCString(path).get());
+ }
+
+ // Extra configuration dirs in the homedir that we want to allow read
// access to.
- mozilla::Array<const char*, 3> confDirs = {
- ".config",
+ mozilla::Array<const char*, 3> extraConfDirs = {
+ ".config", // Fallback if XDG_CONFIG_PATH isn't set
".themes",
".fonts",
};
nsCOMPtr<nsIFile> homeDir;
rv = GetSpecialSystemDirectory(Unix_HomeDirectory, getter_AddRefs(homeDir));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIFile> confDir;
- for (auto dir : confDirs) {
+ for (const auto& dir : extraConfDirs) {
rv = homeDir->Clone(getter_AddRefs(confDir));
if (NS_SUCCEEDED(rv)) {
rv = confDir->AppendNative(nsDependentCString(dir));
if (NS_SUCCEEDED(rv)) {
nsAutoCString tmpPath;
rv = confDir->GetNativePath(tmpPath);
if (NS_SUCCEEDED(rv)) {
policy->AddDir(rdonly, tmpPath.get());