Bug 1412090 - Add font whitelist preference. draft
authorGian-Carlo Pascutto <gcp@mozilla.com>
Fri, 03 Nov 2017 13:37:28 +0100
changeset 692689 abf76384a3921dc5630f9bf5f6cf9dd0b2a99e6c
parent 689079 c6a6606f3ea7a662ac7f0384d4d2b67d447e348a
child 738818 ee1135fce07ddaf2d97b83beb3609325ded074fd
push id87569
push usergpascutto@mozilla.com
push dateFri, 03 Nov 2017 12:37:51 +0000
bugs1412090
milestone58.0a1
Bug 1412090 - Add font whitelist preference. MozReview-Commit-ID: GGHI2RV0VCU
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -417,16 +417,21 @@ SandboxBrokerPolicyFactory::GetContentPo
                      "security.sandbox.content.write_path_whitelist",
                      rdwr);
 
   // Whitelisted for reading by the user/distro
   AddDynamicPathList(policy.get(),
                     "security.sandbox.content.read_path_whitelist",
                     rdonly);
 
+  // Whitelisted for reading by the user/distro
+  AddDynamicPathList(policy.get(),
+                     "security.sandbox.content.font_whitelist",
+                     rdonly);
+
   // No read blocking at level 2 and below.
   // file:// processes also get global read permissions
   // This requires accessing user preferences so we can only do it now.
   // Our constructor is initialized before user preferences are read in.
   if (GetEffectiveContentSandboxLevel() <= 2 || aFileProcess) {
     policy->AddDir(rdonly, "/");
     // Any other read-only rules will be removed as redundant by
     // Policy::FixRecursivePermissions, so there's no need to