Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r?gcp
MozReview-Commit-ID: 2eTx1eM1fCM
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -254,28 +254,40 @@ SandboxBrokerPolicyFactory::SandboxBroke
}
}
}
}
// Firefox binary dir.
// Note that unlike the previous cases, we use NS_GetSpecialDirectory
// instead of GetSpecialSystemDirectory. The former requires a working XPCOM
- // system, which may not be the case for some tests. For quering for the
+ // system, which may not be the case for some tests. For querying for the
// location of XPCOM things, we can use it anyway.
nsCOMPtr<nsIFile> ffDir;
rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(ffDir));
if (NS_SUCCEEDED(rv)) {
nsAutoCString tmpPath;
rv = ffDir->GetNativePath(tmpPath);
if (NS_SUCCEEDED(rv)) {
policy->AddDir(rdonly, tmpPath.get());
}
}
+ // ~/.mozilla/systemextensionsdev (bug 1393805)
+ nsCOMPtr<nsIFile> sysExtDevDir;
+ rv = NS_GetSpecialDirectory(XRE_USER_SYS_EXTENSION_DEV_DIR,
+ getter_AddRefs(sysExtDevDir));
+ if (NS_SUCCEEDED(rv)) {
+ nsAutoCString tmpPath;
+ rv = sysExtDevDir->GetNativePath(tmpPath);
+ if (NS_SUCCEEDED(rv)) {
+ policy->AddDir(rdonly, tmpPath.get());
+ }
+ }
+
if (mozilla::IsDevelopmentBuild()) {
// If this is a developer build the resources are symlinks to outside the binary dir.
// Therefore in non-release builds we allow reads from the whole repository.
// MOZ_DEVELOPER_REPO_DIR is set by mach run.
const char *developer_repo_dir = PR_GetEnv("MOZ_DEVELOPER_REPO_DIR");
if (developer_repo_dir) {
policy->AddDir(rdonly, developer_repo_dir);
}