Bug 1469657 - Whitelist Extensis UTC fonts on 10.11 and Earlier r?Alex_Gaynor
Add whitelist rules to allow access to Extensis Universal Type Manager fonts
on 10.11 and earlier OS versions.
MozReview-Commit-ID: 3cPKlC1xCUW
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -361,16 +361,18 @@ static const char contentSandboxRules[]
(regex #"\.[oO][tT][fF]$" ; otf
#"\.[tT][tT][fF]$" ; ttf
#"\.[tT][tT][cC]$" ; ttc
#"\.[oO][tT][cC]$" ; otc
#"\.[dD][fF][oO][nN][tT]$") ; dfont
(home-subpath "/Library/FontCollections")
(home-subpath "/Library/Application Support/Adobe/CoreSync/plugins/livetype")
(home-subpath "/Library/Application Support/FontAgent")
+ (home-subpath "/Library/Extensis/UTC") ; bug 1469657
+ (subpath "/Library/Extensis/UTC") ; bug 1469657
(regex #"\.fontvault/")
(home-subpath "/FontExplorer X/Font Library")))
)SANDBOX_LITERAL";
// These are additional rules that are added to the content process rules for
// file content processes.
static const char fileContentProcessAddend[] = R"SANDBOX_LITERAL(
; This process has blanket file read privileges
@@ -671,16 +673,18 @@ static const char flashPluginSandboxRule
(regex #"\.[oO][tT][fF]$" ; otf
#"\.[tT][tT][fF]$" ; ttf
#"\.[tT][tT][cC]$" ; ttc
#"\.[oO][tT][cC]$" ; otc
#"\.[dD][fF][oO][nN][tT]$") ; dfont
(home-subpath "/Library/FontCollections")
(home-subpath "/Library/Application Support/Adobe/CoreSync/plugins/livetype")
(home-subpath "/Library/Application Support/FontAgent")
+ (home-subpath "/Library/Extensis/UTC") ; bug 1469657
+ (subpath "/Library/Extensis/UTC") ; bug 1469657
(regex #"\.fontvault/")
(home-subpath "/FontExplorer X/Font Library")))
(if (string=? sandbox-level-1 "TRUE") (begin
; Open file dialogs
(allow mach-lookup
; needed for the dialog sidebar
(global-name "com.apple.coreservices.sharedfilelistd.xpc")