Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor
MozReview-Commit-ID: L9vNruzMEez
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -257,18 +257,18 @@ static const char contentSandboxRules[]
(allow-shared-list "org.mozilla.plugincontainer")
; the following rule should be removed when microphone access
; is brokered through the content process
(allow device-microphone)
; Per-user and system-wide Extensions dir
(allow file-read*
- (home-regex "/Library/Application Support/[^/]+/Extensions/[^/]/")
- (regex #"^/Library/Application Support/[^/]+/Extensions/[^/]/"))
+ (home-regex "/Library/Application Support/[^/]+/Extensions/")
+ (regex "^/Library/Application Support/[^/]+/Extensions/"))
; bug 1393805
(allow file-read*
(home-subpath "/Library/Application Support/Mozilla/SystemExtensionsDev/"))
; The following rules impose file access restrictions which get
; more restrictive in higher levels. When file-origin-specific
; content processes are used for file:// origin browsing, the