Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r?haik
MozReview-Commit-ID: LCU4TWNMs8T
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -150,25 +150,16 @@ static const char contentSandboxRules[]
(define (home-subpath home-relative-subpath)
(subpath (string-append home-path home-relative-subpath)))
(define (home-literal home-relative-literal)
(literal (string-append home-path home-relative-literal)))
(define (profile-subpath profile-relative-subpath)
(subpath (string-append profileDir profile-relative-subpath)))
- (define (allow-shared-preferences-read domain)
- (begin
- (if (defined? `user-preference-read)
- (allow user-preference-read (preference-domain domain)))
- (allow file-read*
- (home-literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-regex (string-append "/Library/Preferences/ByHost/" (regex-quote domain) "\..*\.plist$")))
- ))
-
(define (allow-shared-list domain)
(allow file-read*
(home-regex (string-append "/Library/Preferences/" (regex-quote domain)))))
(allow ipc-posix-shm-read-data ipc-posix-shm-write-data
(ipc-posix-name-regex #"^CFPBS:"))
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name-regex #"^AudioIO"))
@@ -191,20 +182,20 @@ static const char contentSandboxRules[]
(if (= macosMinorVersion 9)
(allow mach-lookup (global-name "com.apple.xpcd")))
(allow iokit-open
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "IOAudioEngineUserClient"))
; depending on systems, the 1st, 2nd or both rules are necessary
- (allow-shared-preferences-read "com.apple.HIToolbox")
+ (allow user-preference-read (preference-domain "com.apple.HIToolbox"))
(allow file-read-data (literal "/Library/Preferences/com.apple.HIToolbox.plist"))
- (allow-shared-preferences-read "com.apple.ATS")
+ (allow user-preference-read (preference-domain "com.apple.ATS"))
(allow file-read-data (literal "/Library/Preferences/.GlobalPreferences.plist"))
(allow file-read*
(subpath "/Library/Fonts")
(subpath "/Library/Audio/Plug-Ins")
(subpath "/Library/Spelling")
(literal "/")
(literal "/private/tmp")
@@ -295,18 +286,18 @@ static const char contentSandboxRules[]
(if (string=? hasProfileDir "TRUE")
; we have a profile dir
(allow file-read*
(profile-subpath "/extensions")
(profile-subpath "/chrome")))
; accelerated graphics
- (allow-shared-preferences-read "com.apple.opengl")
- (allow-shared-preferences-read "com.nvidia.OpenGL")
+ (allow user-preference-read (preference-domain "com.apple.opengl"))
+ (allow user-preference-read (preference-domain "com.nvidia.OpenGL"))
(allow mach-lookup
(global-name "com.apple.cvmsServ"))
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "IOAccelerationUserClient")
(iokit-user-client-class "IOSurfaceRootUserClient")
(iokit-user-client-class "IOSurfaceSendRight")
(iokit-user-client-class "IOFramebufferSharedUserClient")