Bug 1502228 - [Mac] With sandbox early startup enabled, some form elements are not rendered r=Alex_Gaynor
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 26 Oct 2018 18:51:37 +0000
changeset 443216 fdeb43b7bc65cb624dc1dcc18f2ba070ef254fdc
parent 443215 129d9009661f020cd9ef9fb2a4a9d62d8e7d86e0
child 443217 bc93ef323aa20d6ae6e4ef24a60267fb560344af
push id34944
push userncsoregi@mozilla.com
push dateSat, 27 Oct 2018 09:49:55 +0000
treeherdermozilla-central@49d47a692ca4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersAlex_Gaynor
bugs1502228
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1502228 - [Mac] With sandbox early startup enabled, some form elements are not rendered r=Alex_Gaynor Add the /private/var directory to the list of file-read-metadata paths to avoid rendering issues on macOS 10.14 when sandbox early startup is enabled. Differential Revision: https://phabricator.services.mozilla.com/D9933
security/sandbox/mac/SandboxPolicies.h
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -260,19 +260,17 @@ static const char contentSandboxRules[] 
         (allow file-read* (subpath testingReadPath2)))
       (when testingReadPath3
         (allow file-read* (subpath testingReadPath3)))
       (when testingReadPath4
         (allow file-read* (subpath testingReadPath4)))))
 
   (allow file-read-metadata (home-subpath "/Library"))
 
-  (allow file-read-metadata
-    (literal "/private/var")
-    (subpath "/private/var/folders"))
+  (allow file-read-metadata (subpath "/private/var"))
 
   ; bug 1303987
   (if (string? debugWriteDir)
     (begin
       (allow file-write-data (subpath debugWriteDir))
       (allow file-write-create
         (require-all
           (subpath debugWriteDir)