Bug 1463353 - contentSandboxRules does not explcitly list 'com.apple.fonts' mach service. r?Alex_Gaynor
Add font servers to sandbox policies instead of relying
on them to be registered before the sandbox is enabled.
MozReview-Commit-ID: IoVJhAqoEEW
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -339,16 +339,24 @@ static const char contentSandboxRules[]
(subpath "/Library/Application Support/Apple/Fonts")
(home-subpath "/Library/Fonts")
; Allow read access to paths allowed via sandbox extensions.
; This is needed for fonts in non-standard locations normally
; due to third party font managers. The extensions are
; automatically issued by the font server in response to font
; API calls.
(extension "com.apple.app-sandbox.read"))
+ ; Fonts may continue to work without explicitly allowing these
+ ; services because, at present, connections are made to the services
+ ; before the sandbox is enabled as a side-effect of some API calls.
+ (allow mach-lookup
+ (global-name "com.apple.fonts")
+ (global-name "com.apple.FontObjectsServer"))
+ (if (<= macosMinorVersion 11)
+ (allow mach-lookup (global-name "com.apple.FontServer")))
; Fonts
; Workaround for sandbox extensions not being automatically
; issued for fonts on 10.11 and earlier versions (bug 1460917).
(if (<= macosMinorVersion 11)
(allow file-read*
(regex #"\.[oO][tT][fF]$" ; otf
#"\.[tT][tT][fF]$" ; ttf
@@ -612,18 +620,16 @@ static const char flashPluginSandboxRule
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.SecurityServer")
(global-name "com.apple.SystemConfiguration.PPPController")
(global-name "com.apple.SystemConfiguration.configd")
(global-name "com.apple.UNCUserNotification")
(global-name "com.apple.audio.audiohald")
(global-name "com.apple.audio.coreaudiod")
(global-name "com.apple.cfnetwork.AuthBrokerAgent")
- (global-name "com.apple.FontObjectsServer")
- (global-name "com.apple.fonts")
(global-name "com.apple.lsd.mapdb")
(global-name "com.apple.pasteboard.1") ; Allows paste into input field
(global-name "com.apple.dock.server")
(global-name "com.apple.dock.fullscreen")
(global-name "com.apple.coreservices.appleevents")
(global-name "com.apple.coreservices.launchservicesd")
(global-name "com.apple.window_proxies")
(local-name "com.apple.tsm.portname")
@@ -643,16 +649,24 @@ static const char flashPluginSandboxRule
(subpath "/Library/Application Support/Apple/Fonts")
(home-library-subpath "/Fonts")
; Allow read access to paths allowed via sandbox extensions.
; This is needed for fonts in non-standard locations normally
; due to third party font managers. The extensions are
; automatically issued by the font server in response to font
; API calls.
(extension "com.apple.app-sandbox.read"))
+ ; Fonts may continue to work without explicitly allowing these
+ ; services because, at present, connections are made to the services
+ ; before the sandbox is enabled as a side-effect of some API calls.
+ (allow mach-lookup
+ (global-name "com.apple.fonts")
+ (global-name "com.apple.FontObjectsServer"))
+ (if (<= macosMinorVersion 11)
+ (allow mach-lookup (global-name "com.apple.FontServer")))
; Fonts
; Workaround for sandbox extensions not being automatically
; issued for fonts on 10.11 and earlier versions (bug 1460917).
(if (<= macosMinorVersion 11)
(allow file-read*
(regex #"\.[oO][tT][fF]$" ; otf
#"\.[tT][tT][fF]$" ; ttf