Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 30 Sep 2016 11:59:48 -0700
changeset 317105 e80c8083d9330539c2dd884ce698c067996fb274
parent 317104 0a7e549e1e9194274b93f4b230e62b1e0226bb34
child 317106 02d2e07063e2a7b519ea4226609b5c2703f512e7
push id20681
push userphilringnalda@gmail.com
push dateSat, 08 Oct 2016 23:57:20 +0000
treeherderfx-team@7a7ba250bb2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1307282
milestone52.0a1
Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp MozReview-Commit-ID: CILCWk4nINs
security/sandbox/mac/Sandbox.mm
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -250,18 +250,16 @@ static const char contentSandboxRules[] 
   "                 (home-literal (string-append \"/Library/Preferences/\" domain \".plist\"))\n"
   "                 (home-regex (string-append \"/Library/Preferences/ByHost/\" (regex-quote domain) \"\\..*\\.plist$\")))\n"
   "          ))\n"
   "\n"
   "  (define (allow-shared-list domain)\n"
   "    (allow file-read*\n"
   "           (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
   "\n"
-  "  (allow file-read-metadata)\n"
-  "\n"
   "  (allow ipc-posix-shm\n"
   "      (ipc-posix-name-regex \"^/tmp/com.apple.csseed:\")\n"
   "      (ipc-posix-name-regex \"^CFPBS:\")\n"
   "      (ipc-posix-name-regex \"^AudioIO\"))\n"
   "\n"
   "  (allow file-read-metadata\n"
   "      (literal \"/home\")\n"
   "      (literal \"/net\")\n"