Bug 1046166 - Add sandbox white list for userContent.css on Windows. r?bobowen
MozReview-Commit-ID: LQT67vC12y2
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -18,17 +18,17 @@
#include "SharedMemoryBasic.h"
#endif
#include "MainThreadUtils.h"
#include "mozilla/Sprintf.h"
#include "prenv.h"
#include "nsXPCOMPrivate.h"
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_CONTENT_SANDBOX)
#include "nsAppDirectoryServiceDefs.h"
#endif
#include "nsExceptionHandler.h"
#include "nsDirectoryServiceDefs.h"
#include "nsIFile.h"
#include "nsPrintfCString.h"
@@ -102,16 +102,44 @@ GeckoChildProcessHost::GeckoChildProcess
mSandboxLevel(0),
#endif
mChildProcessHandle(0)
#if defined(MOZ_WIDGET_COCOA)
, mChildTask(MACH_PORT_NULL)
#endif
{
MOZ_COUNT_CTOR(GeckoChildProcessHost);
+
+#if defined(OS_WIN) && defined(MOZ_CONTENT_SANDBOX)
+ // Add $PROFILE/chrome to the white list because it may located on network
+ // drive.
+ if (mProcessType == GeckoProcessType_Content) {
+ nsCOMPtr<nsIProperties> directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
+ NS_ASSERTION(directoryService, "Expected XPCOM to be available");
+ if (directoryService) {
+ // Full path to the profile dir
+ nsCOMPtr<nsIFile> profileDir;
+ nsresult rv = directoryService->Get(NS_APP_USER_PROFILE_50_DIR,
+ NS_GET_IID(nsIFile),
+ getter_AddRefs(profileDir));
+ if (NS_SUCCEEDED(rv)) {
+ profileDir->Append(NS_LITERAL_STRING("chrome"));
+ profileDir->Append(NS_LITERAL_STRING("*"));
+ nsAutoCString path;
+ MOZ_ALWAYS_SUCCEEDS(profileDir->GetNativePath(path));
+ std::wstring wpath = UTF8ToWide(path.get());
+ // If the patch starts with "\\\\", it is a UNC path.
+ if (wpath.find(L"\\\\") == 0) {
+ wpath.insert(1, L"??\\UNC");
+ }
+ mAllowedFilesRead.push_back(wpath);
+ }
+ }
+ }
+#endif
}
GeckoChildProcessHost::~GeckoChildProcessHost()
{
AssertIOThread();
MOZ_COUNT_DTOR(GeckoChildProcessHost);