Bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process on Nightly; r?Alex_Gaynor
Enable the level 1 Mac Flash sandbox by default on Nightly,
controlled by pref dom.ipc.plugins.sandbox-level.flash.
Enable the level 1 Mac Flash sandbox as the default for
other plugins so that the sandbox is used for plugin
tests. (Flash is the only non-test plugin allowed by the
browser.) Controlled by pref dom.ipc.plugins.sandbox-level.default.
MozReview-Commit-ID: 37gLKpHCQwp
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1095,21 +1095,21 @@ pref("security.sandbox.content.level", 3
#if defined(NIGHTLY_BUILD) && defined(XP_MACOSX) && defined(MOZ_SANDBOX)
// Controls whether and how the Mac NPAPI Flash plugin process is sandboxed.
// On Mac these levels are:
// 0 - "no sandbox"
// 1 - "write access to some Flash-specific directories and global
// read access triggered by file dialog activity"
// 2 - "no global read access, read and write access to some
// Flash-specific directories"
-pref("dom.ipc.plugins.sandbox-level.flash", 0);
+pref("dom.ipc.plugins.sandbox-level.flash", 1);
// Controls the sandbox level used by plugins other than Flash. On Mac,
// no other plugins are supported and this pref is only used for test
// plugins used in automated tests.
-pref("dom.ipc.plugins.sandbox-level.default", 0);
+pref("dom.ipc.plugins.sandbox-level.default", 1);
#endif
#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
// This pref is introduced as part of bug 742434, the naming is inspired from
// its Windows/Mac counterpart, but on Linux it's an integer which means:
// 0 -> "no sandbox"
// 1 -> "content sandbox using seccomp-bpf when available" + ipc restrictions
// 2 -> "seccomp-bpf + write file broker"