Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Tue, 30 May 2017 13:52:57 -0400
changeset 361613 fe207354c3a19be148bbdda509008332fd4a9f11
parent 361612 b555966eb1bbc72279295b50efb53ac8e3f1204a
child 361614 155a190e5c863b6d12387aec7b061a55061d59f0
push id31934
push userryanvm@gmail.com
push dateThu, 01 Jun 2017 00:25:46 +0000
treeherdermozilla-central@7fb3d9dfa8e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1368771
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik r?haik MozReview-Commit-ID: HPW4luz5n0M
security/sandbox/test/browser_content_sandbox_fs.js
--- a/security/sandbox/test/browser_content_sandbox_fs.js
+++ b/security/sandbox/test/browser_content_sandbox_fs.js
@@ -375,16 +375,26 @@ function* testFileAccess() {
       tests.push({
         desc:     `$TMPDIR (${macTempDir.path})`,
         ok:       true,
         browser:  fileBrowser,
         file:     macTempDir,
         minLevel: 0,
       });
     }
+
+    // Test that we cannot read from /Volumes at level 3
+    let volumes = GetDir("/Volumes");
+    tests.push({
+      desc:     "/Volumes",
+      ok:       false,
+      browser:  webBrowser,
+      file:     volumes,
+      minLevel: minHomeReadSandboxLevel(),
+    });
   }
 
   let extensionsDir = GetProfileEntry("extensions");
   if (extensionsDir.exists() && extensionsDir.isDirectory()) {
     tests.push({
       desc:     "extensions dir",
       ok:       true,
       browser:  webBrowser,