Bug 1307573 - Remove unused system.sb mach-lookups from OS X content sandbox; r?jimm
MozReview-Commit-ID: JDnLDbYs2IV
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -187,35 +187,16 @@ static const char contentSandboxRules[]
" (literal \"/dev/null\")\n"
" (literal \"/dev/zero\"))\n"
"\n"
"(allow file-read*\n"
" file-write-data\n"
" file-ioctl\n"
" (literal \"/dev/dtracehelper\"))\n"
"\n"
- "(allow mach-lookup\n"
- " (global-name \"com.apple.appsleep\")\n"
- " (global-name \"com.apple.bsd.dirhelper\")\n"
- " (global-name \"com.apple.cfprefsd.agent\")\n"
- " (global-name \"com.apple.cfprefsd.daemon\")\n"
- " (global-name \"com.apple.diagnosticd\")\n"
- " (global-name \"com.apple.espd\")\n"
- " (global-name \"com.apple.secinitd\")\n"
- " (global-name \"com.apple.system.DirectoryService.libinfo_v1\")\n"
- " (global-name \"com.apple.system.logger\")\n"
- " (global-name \"com.apple.system.notification_center\")\n"
- " (global-name \"com.apple.system.opendirectoryd.libinfo\")\n"
- " (global-name \"com.apple.system.opendirectoryd.membership\")\n"
- " (global-name \"com.apple.trustd\")\n"
- " (global-name \"com.apple.trustd.agent\")\n"
- " (global-name \"com.apple.xpc.activity.unmanaged\")\n"
- " (global-name \"com.apple.xpcd\")\n"
- " (local-name \"com.apple.cfprefsd.agent\"))\n"
- "\n"
"; Used to read hw.ncpu, hw.physicalcpu_max, kern.ostype, and others\n"
"(allow sysctl-read)\n"
"\n"
"(begin\n"
" (deny default)\n"
" (debug deny)\n"
"\n"
" (define resolving-literal literal)\n"