Backed out changeset 1e8a7c6dcea1 (bug 1284588) for leaks in browser-chrome tests on OS X 10.10 debug. r=backout
authorSebastian Hengst <archaeopteryx@coole-files.de>
Sat, 24 Sep 2016 11:51:01 +0200
changeset 315202 b1ed834646428b724a2ff0427f01769a26a93beb
parent 315201 2c801c76a2a7d52308e69728ea5e0edeb1e077bd
child 315203 3e89a12f219e1ed00deb408bc71096ff64795cd9
push id82104
push userihsiao@mozilla.com
push dateMon, 26 Sep 2016 11:08:56 +0000
treeherdermozilla-inbound@87aeaae19f90 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1284588
milestone52.0a1
backs out1e8a7c6dcea1d73db0da4c61b2dfe4b4cbaec79f
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 1e8a7c6dcea1 (bug 1284588) for leaks in browser-chrome tests on OS X 10.10 debug. r=backout
browser/app/profile/firefox.js
security/sandbox/mac/Sandbox.mm
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -967,34 +967,26 @@ pref("security.sandbox.content.level", 1
 // process because the only other sandbox (for GMP) has too strict a policy to
 // allow stack tracing.  This does not require a restart to take effect.
 pref("security.sandbox.windows.log.stackTraceDepth", 0);
 #endif
 #endif
 #endif
 
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// This pref is discussed in bug 1083344, the naming is inspired from its
-// Windows counterpart, but on Mac it's an integer which means:
+// This pref is discussed in bug 1083344, the naming is inspired from its Windows
+// counterpart, but on Mac it's an integer which means:
 // 0 -> "no sandbox"
-// 1 -> "preliminary content sandboxing enabled: write access to
-//       home directory is prevented"
-// 2 -> "preliminary content sandboxing enabled with profile protection:
-//       write access to home directory is prevented, read and write access
-//       to ~/Library and profile directories are prevented (excluding
-//       $PROFILE/{extensions,weave})"
+// 1 -> "an imperfect sandbox designed to allow firefox to run reasonably well"
+// 2 -> "an ideal sandbox which may break many things"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
-#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
-#else
 pref("security.sandbox.content.level", 1);
 #endif
-#endif
 
 #if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "content sandbox using seccomp-bpf when available"
 // 2 -> "seccomp-bpf + file broker"
 // Content sandboxing on Linux is currently in the stage of
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -368,41 +368,36 @@ static const char contentSandboxRules[] 
   "\n"
   "  (allow file-write* (var-folders2-regex \"/org\\.chromium\\.[a-zA-Z0-9]*$\"))\n"
   "\n"
   "; Per-user and system-wide Extensions dir\n"
   "  (allow file-read*\n"
   "      (home-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
   "      (resolving-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\"))\n"
   "\n"
-  "; The following rules impose file access restrictions which get\n"
-  "; more restrictive in higher levels. When file-origin-specific\n"
-  "; content processes are used for file:// origin browsing, the\n"
-  "; global file-read* permission should be removed from each level.\n"
-  "\n"
-  "; level 1: global read access permitted, no global write access\n"
-  "  (if (= sandbox-level 1) (allow file-read*))\n"
+  "; Profile subdirectories\n"
+  "  (if (not (zero? hasProfileDir)) (allow file-read*\n"
+  "      (profile-subpath \"/extensions\")\n"
+  "      (profile-subpath \"/weave\")))\n"
   "\n"
-  "; level 2: global read access permitted, no global write access,\n"
-  ";          no read/write access to ~/Library,\n"
-  ";          no read/write access to $PROFILE,\n"
-  ";          read access permitted to $PROFILE/{extensions,weave}\n"
-  "  (if (= sandbox-level 2)\n"
+  "; the following rules should be removed when printing and\n"
+  "; opening a file from disk are brokered through the main process\n"
+  "  (if (< sandbox-level 2)\n"
   "    (if (not (zero? hasProfileDir))\n"
-  "      ; we have a profile dir\n"
-  "      (begin\n"
-  "        (allow file-read* (require-all\n"
+  "      (allow file*\n"
+  "          (require-all\n"
   "              (require-not (home-subpath \"/Library\"))\n"
   "              (require-not (subpath profileDir))))\n"
-  "        (allow file-read*\n"
-  "              (profile-subpath \"/extensions\")\n"
-  "              (profile-subpath \"/weave\")))\n"
-  "      ; we don't have a profile dir\n"
-  "      (allow file-read*\n"
-  "          (require-not (home-subpath \"/Library\")))))\n"
+  "      (allow file*\n"
+  "          (require-not (home-subpath \"/Library\"))))\n"
+  "    (allow file*\n"
+  "        (require-all\n"
+  "            (subpath home-path)\n"
+  "            (require-not\n"
+  "                (home-subpath \"/Library\")))))\n"
   "\n"
   "; accelerated graphics\n"
   "  (allow-shared-preferences-read \"com.apple.opengl\")\n"
   "  (allow-shared-preferences-read \"com.nvidia.OpenGL\")\n"
   "  (allow mach-lookup\n"
   "      (global-name \"com.apple.cvmsServ\"))\n"
   "  (allow iokit-open\n"
   "      (iokit-connection \"IOAccelerator\")\n"