Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Sat, 16 Apr 2016 09:00:29 +0200
changeset 352309 a9e12099d7f695c943dae615d2978687e709b9d6
parent 352308 1150a9442ad2fd6bf4470b6d18c160ee0b6bb0f2
child 352310 3243da9095ef3fd8458966625c73ba6a03a51f8e
push id15674
push userjdolske@mozilla.com
push dateSat, 16 Apr 2016 23:06:58 +0000
reviewersbobowen, gcp
bugs1261751
milestone48.0a1
Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
toolkit/xre/nsAppRunner.cpp
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -35,17 +35,17 @@ typedef struct _MacSandboxPluginInfo {
 } MacSandboxPluginInfo;
 
 typedef struct _MacSandboxInfo {
   _MacSandboxInfo()
     : type(MacSandboxType_Default), level(0) {}
   _MacSandboxInfo(const struct _MacSandboxInfo& other)
     : type(other.type), level(other.level), pluginInfo(other.pluginInfo),
       appPath(other.appPath), appBinaryPath(other.appBinaryPath),
-      appDir(other.appDir) {}
+      appDir(other.appDir), appTempDir(other.appTempDir) {}
   MacSandboxType type;
   int32_t level;
   MacSandboxPluginInfo pluginInfo;
   std::string appPath;
   std::string appBinaryPath;
   std::string appDir;
   std::string appTempDir;
 } MacSandboxInfo;
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -420,19 +420,19 @@ static const char contentSandboxRules[] 
   "        (home-regex \"/Library/Caches/TemporaryItems/plugtmp.*\"))\n"
   "\n"
   "; bug 1201935\n"
   "    (allow file-read*\n"
   "        (home-subpath \"/Library/Caches/TemporaryItems\"))\n"
   "\n"
   "; bug 1237847\n"
   "    (allow file-read*\n"
-  "        (home-subpath appTempDir))\n"
+  "        (subpath appTempDir))\n"
   "    (allow file-write*\n"
-  "        (home-subpath appTempDir))\n"
+  "        (subpath appTempDir))\n"
   "  )\n"
   ")\n";
 
 bool StartMacSandbox(MacSandboxInfo aInfo, std::string &aErrorMessage)
 {
   char *profile = NULL;
   if (aInfo.type == MacSandboxType_Plugin) {
     if (OSXVersion::OnLionOrLater()) {
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -616,18 +616,22 @@ GetAndCleanTempDir()
   // sandbox-writable temp directory
   nsCOMPtr<nsIFile> tempDir;
   nsresult rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
                                        getter_AddRefs(tempDir));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
+  // Don't return an error if the directory doesn't exist.
+  // Windows Remove() returns NS_ERROR_FILE_NOT_FOUND while
+  // OS X returns NS_ERROR_FILE_TARGET_DOES_NOT_EXIST.
   rv = tempDir->Remove(/* aRecursive */ true);
-  if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND) {
+  if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND &&
+      rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
     NS_WARNING("Failed to delete temp directory.");
     return nullptr;
   }
 
   return tempDir.forget();
 }
 
 static void