Mercurial > mozreview > gecko / changeset / 0c9197eddfecc48556773102a6018eeb590435a4
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r?bobowen draft
authorHaik Aftandilian <haftandilian@mozilla.com>
Mon, 02 Oct 2017 15:17:15 -0700
changeset 675831 0c9197eddfecc48556773102a6018eeb590435a4
parent 675830 e6e54f14db5c7c5d87183b88baca23eb89048fae
child 675832 50f8a9b914982c4328552a7db57d4988cb17ea68
push id83258
push userhaftandilian@mozilla.com
push dateThu, 05 Oct 2017 23:13:20 +0000
reviewersbobowen
bugs1393805
milestone58.0a1
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r?bobowen MozReview-Commit-ID: 8K5c3mUlqna
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -45,16 +45,17 @@ sandbox::BrokerServices *SandboxBroker::
 bool SandboxBroker::sRunningFromNetworkDrive = false;
 
 // Cached special directories used for adding policy rules.
 static UniquePtr<nsString> sBinDir;
 static UniquePtr<nsString> sProfileDir;
 static UniquePtr<nsString> sContentTempDir;
 static UniquePtr<nsString> sRoamingAppDataDir;
 static UniquePtr<nsString> sLocalAppDataDir;
+static UniquePtr<nsString> sUserExtensionsDevDir;
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
 static UniquePtr<nsString> sUserExtensionsDir;
 #endif
 
 static LazyLogModule sSandboxBrokerLog("SandboxBroker");
 
 #define LOG_E(...) MOZ_LOG(sSandboxBrokerLog, LogLevel::Error, (__VA_ARGS__))
 #define LOG_W(...) MOZ_LOG(sSandboxBrokerLog, LogLevel::Warning, (__VA_ARGS__))
@@ -125,16 +126,17 @@ SandboxBroker::CacheRulesDirectories()
     return;
   }
 
   CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_CONTENT_PROCESS_TEMP_DIR, &sContentTempDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_APPDATA_DIR, &sRoamingAppDataDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
+  CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DEV_DIR, &sUserExtensionsDevDir);
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
 #endif
 }
 
 SandboxBroker::SandboxBroker()
 {
   if (sBrokerService) {
@@ -494,16 +496,20 @@ SandboxBroker::SetSecurityLevelForConten
     // Add rule to allow read access to the chrome directory within profile.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
                      sProfileDir, NS_LITERAL_STRING("\\chrome\\*"));
 
     // Add rule to allow read access to the extensions directory within profile.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
                      sProfileDir, NS_LITERAL_STRING("\\extensions\\*"));
 
+    // Read access to a directory for system extension dev (see bug 1393805)
+    AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
+                     sUserExtensionsDevDir, NS_LITERAL_STRING("\\*"));
+
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
     // Add rule to allow read access to the per-user extensions directory.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
                      sUserExtensionsDir, NS_LITERAL_STRING("\\*"));
 #endif
   }
 
   // Add the policy for the client side of a pipe. It is just a file
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.