Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r?Alex_Gaynor
MozReview-Commit-ID: ADkcqFAsKaY
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -260,16 +260,20 @@ static const char contentSandboxRules[]
; is brokered through the content process
(allow device-microphone)
; Per-user and system-wide Extensions dir
(allow file-read*
(home-regex "/Library/Application Support/[^/]+/Extensions/")
(regex "^/Library/Application Support/[^/]+/Extensions/"))
+; bug 1393805
+ (allow file-read*
+ (home-subpath "/Library/Application Support/Mozilla/SystemExtensionsDev"))
+
; The following rules impose file access restrictions which get
; more restrictive in higher levels. When file-origin-specific
; content processes are used for file:// origin browsing, the
; global file-read* permission should be removed from each level.
; level 1: global read access permitted, no global write access
(if (string=? sandbox-level-1 "TRUE") (allow file-read*))