Mercurial > mozreview > gecko / changeset / 2d1f4346bcac66b79ed4261218a007d6b2d3efc5
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r?Alex_Gaynor draft
authorHaik Aftandilian <haftandilian@mozilla.com>
Wed, 20 Sep 2017 14:05:27 -0700
changeset 670561 2d1f4346bcac66b79ed4261218a007d6b2d3efc5
parent 670161 36f0294c68bf55584d12952ede8d26a1e540d682
child 733276 909bde1c87036efbf61008ab19f4dc2d0f540785
push id81675
push userhaftandilian@mozilla.com
push dateTue, 26 Sep 2017 17:25:23 +0000
reviewersAlex_Gaynor
bugs1401756
milestone58.0a1
Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r?Alex_Gaynor MozReview-Commit-ID: JsgBzNJC4zF
security/sandbox/mac/SandboxPolicies.h file | annotate | diff | comparison | revisions 
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -18,22 +18,16 @@ static const char pluginSandboxRules[] =
 
   (if (string=? should-log "TRUE")
       (deny default)
       (deny default (with no-log)))
 
   (allow signal (target self))
   (allow sysctl-read)
   (allow iokit-open (iokit-user-client-class "IOHIDParamUserClient"))
-  (allow mach-lookup
-      (global-name "com.apple.cfprefsd.agent")
-      (global-name "com.apple.cfprefsd.daemon")
-      (global-name "com.apple.system.opendirectoryd.libinfo")
-      (global-name "com.apple.system.logger")
-      (global-name "com.apple.ls.boxd"))
   (allow file-read*
       (literal "/etc")
       (literal "/dev/random")
       (literal "/dev/urandom")
       (literal "/usr/share/icu/icudt51l.dat")
       (subpath "/System/Library/Displays/Overrides")
       (subpath "/System/Library/CoreServices/CoreTypes.bundle")
       (subpath "/System/Library/PrivateFrameworks")
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.