Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
☠☠ backed out by 531f3dcfbbfc ☠ ☠
authorHaik Aftandilian <haftandilian@mozilla.com>
Wed, 04 Oct 2017 10:50:48 -0700
changeset 384555 1ba3220d84fa149de42ea996dac0472292069538
parent 384554 45695eda1c1cd75426d2b8adfd59bff3109b513f
child 384556 4fe99f70e199cacff46a87deaa0ed55c4308dabe
push id32631
push userarchaeopteryx@coole-files.de
push dateThu, 05 Oct 2017 08:51:33 +0000
treeherdermozilla-central@66042a706980 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1393805
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp MozReview-Commit-ID: 2eTx1eM1fCM
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -254,28 +254,40 @@ SandboxBrokerPolicyFactory::SandboxBroke
         }
       }
     }
   }
 
   // Firefox binary dir.
   // Note that unlike the previous cases, we use NS_GetSpecialDirectory
   // instead of GetSpecialSystemDirectory. The former requires a working XPCOM
-  // system, which may not be the case for some tests. For quering for the
+  // system, which may not be the case for some tests. For querying for the
   // location of XPCOM things, we can use it anyway.
   nsCOMPtr<nsIFile> ffDir;
   rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(ffDir));
   if (NS_SUCCEEDED(rv)) {
     nsAutoCString tmpPath;
     rv = ffDir->GetNativePath(tmpPath);
     if (NS_SUCCEEDED(rv)) {
       policy->AddDir(rdonly, tmpPath.get());
     }
   }
 
+  // ~/.mozilla/systemextensionsdev (bug 1393805)
+  nsCOMPtr<nsIFile> sysExtDevDir;
+  rv = NS_GetSpecialDirectory(XRE_USER_SYS_EXTENSION_DEV_DIR,
+                              getter_AddRefs(sysExtDevDir));
+  if (NS_SUCCEEDED(rv)) {
+    nsAutoCString tmpPath;
+    rv = sysExtDevDir->GetNativePath(tmpPath);
+    if (NS_SUCCEEDED(rv)) {
+      policy->AddDir(rdonly, tmpPath.get());
+    }
+  }
+
   if (mozilla::IsDevelopmentBuild()) {
     // If this is a developer build the resources are symlinks to outside the binary dir.
     // Therefore in non-release builds we allow reads from the whole repository.
     // MOZ_DEVELOPER_REPO_DIR is set by mach run.
     const char *developer_repo_dir = PR_GetEnv("MOZ_DEVELOPER_REPO_DIR");
     if (developer_repo_dir) {
       policy->AddDir(rdonly, developer_repo_dir);
     }