Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 30 Sep 2016 11:59:48 -0700
changeset 317103 e80c8083d9330539c2dd884ce698c067996fb274
parent 317102 0a7e549e1e9194274b93f4b230e62b1e0226bb34
child 317104 02d2e07063e2a7b519ea4226609b5c2703f512e7
push id32981
push userryanvm@gmail.com
push dateSat, 08 Oct 2016 03:35:39 +0000
treeherderautoland@e80c8083d933 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1307282
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp MozReview-Commit-ID: CILCWk4nINs
security/sandbox/mac/Sandbox.mm
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -250,18 +250,16 @@ static const char contentSandboxRules[] 
   "                 (home-literal (string-append \"/Library/Preferences/\" domain \".plist\"))\n"
   "                 (home-regex (string-append \"/Library/Preferences/ByHost/\" (regex-quote domain) \"\\..*\\.plist$\")))\n"
   "          ))\n"
   "\n"
   "  (define (allow-shared-list domain)\n"
   "    (allow file-read*\n"
   "           (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
   "\n"
-  "  (allow file-read-metadata)\n"
-  "\n"
   "  (allow ipc-posix-shm\n"
   "      (ipc-posix-name-regex \"^/tmp/com.apple.csseed:\")\n"
   "      (ipc-posix-name-regex \"^CFPBS:\")\n"
   "      (ipc-posix-name-regex \"^AudioIO\"))\n"
   "\n"
   "  (allow file-read-metadata\n"
   "      (literal \"/home\")\n"
   "      (literal \"/net\")\n"