Bug 1412090 - Add font whitelist preference.
MozReview-Commit-ID: GGHI2RV0VCU
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -417,16 +417,21 @@ SandboxBrokerPolicyFactory::GetContentPo
"security.sandbox.content.write_path_whitelist",
rdwr);
// Whitelisted for reading by the user/distro
AddDynamicPathList(policy.get(),
"security.sandbox.content.read_path_whitelist",
rdonly);
+ // Whitelisted for reading by the user/distro
+ AddDynamicPathList(policy.get(),
+ "security.sandbox.content.font_whitelist",
+ rdonly);
+
// No read blocking at level 2 and below.
// file:// processes also get global read permissions
// This requires accessing user preferences so we can only do it now.
// Our constructor is initialized before user preferences are read in.
if (GetEffectiveContentSandboxLevel() <= 2 || aFileProcess) {
policy->AddDir(rdonly, "/");
// Any other read-only rules will be removed as redundant by
// Policy::FixRecursivePermissions, so there's no need to