Bug 1289718 - Respect file brokering preference regardless of supportedness.
MozReview-Commit-ID: CIX6d7td6Bc
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -126,25 +126,25 @@ SandboxBrokerPolicyFactory::SandboxBroke
mCommonContentPolicy.reset(policy);
#endif
}
#ifdef MOZ_CONTENT_SANDBOX
UniquePtr<SandboxBroker::Policy>
SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
{
+ // Policy entries that vary per-process (currently the only reason
+ // that can happen is because they contain the pid) are added here.
+#if defined(MOZ_WIDGET_GONK)
// Allow overriding "unsupported"ness with a pref, for testing.
if (!IsSystemSupported() &&
Preferences::GetInt("security.sandbox.content.level") <= 1) {
return nullptr;
}
- // Policy entries that vary per-process (currently the only reason
- // that can happen is because they contain the pid) are added here.
-#if defined(MOZ_WIDGET_GONK)
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(mCommonContentPolicy);
UniquePtr<SandboxBroker::Policy>
policy(new SandboxBroker::Policy(*mCommonContentPolicy));
// Bug 1029337: where the profiler writes the data.
nsPrintfCString profilerLogPath("/data/local/tmp/profile_%d_%d.txt",
GeckoProcessType_Content, aPid);
@@ -154,16 +154,20 @@ SandboxBrokerPolicyFactory::GetContentPo
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/maps", aPid).get());
// Bug 1198552: memory reporting.
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/statm", aPid).get());
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/smaps", aPid).get());
return policy;
#elif defined(XP_LINUX)
+ // File broker usage is controlled through a pref.
+ if (Preferences::GetInt("security.sandbox.content.level") <= 1) {
+ return nullptr;
+ }
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(mCommonContentPolicy);
UniquePtr<SandboxBroker::Policy>
policy(new SandboxBroker::Policy(*mCommonContentPolicy));
// Return the common policy.
return policy;
#endif
}