Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac r=Alex_Gaynor
Update Mac sandbox rules to allow executable mappings from /Library/GPUBundles which is
used by the Nvidia downloadable "Web" driver.
MozReview-Commit-ID: L2nTP4YWdJJ
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -75,28 +75,29 @@ static const char contentSandboxRules[]
(deny iokit-get-properties))
(if (defined? 'file-map-executable)
(deny file-map-executable))
(if (defined? 'file-map-executable)
(allow file-map-executable file-read*
(subpath "/System")
(subpath "/usr/lib")
+ (subpath "/Library/GPUBundles")
(subpath appdir-path))
(allow file-read*
(subpath "/System")
(subpath "/usr/lib")
+ (subpath "/Library/GPUBundles")
(subpath appdir-path)))
; Allow read access to standard system paths.
(allow file-read*
(require-all (file-mode #o0004)
(require-any
(subpath "/Library/Filesystems/NetFSPlugins")
- (subpath "/Library/GPUBundles")
(subpath "/usr/share"))))
; Top-level directory metadata access (bug 1404298)
(allow file-read-metadata (regex #"^/[^/]+$"))
(allow file-read-metadata
(literal "/private/etc/localtime")
(regex #"^/private/tmp/KSInstallAction\."))