Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp draft
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 30 Sep 2016 11:59:48 -0700
changeset 422634 b3d738365a978505fdbc5ba0a94de62a8824e2f2
parent 422633 52ef8da1bf9df868c3f9cc0cbdfdee2147425454
child 533332 34a420b410a839c9dbaa9cf009d1759aac6da8b8
push id31768
push userhaftandilian@mozilla.com
push dateSat, 08 Oct 2016 03:17:37 +0000
reviewersgcp
bugs1307282
milestone52.0a1
Bug 1307282 - Remove redundant read-metadata rights from the content sandbox; r=gcp MozReview-Commit-ID: CILCWk4nINs
security/sandbox/mac/Sandbox.mm
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -250,18 +250,16 @@ static const char contentSandboxRules[] 
   "                 (home-literal (string-append \"/Library/Preferences/\" domain \".plist\"))\n"
   "                 (home-regex (string-append \"/Library/Preferences/ByHost/\" (regex-quote domain) \"\\..*\\.plist$\")))\n"
   "          ))\n"
   "\n"
   "  (define (allow-shared-list domain)\n"
   "    (allow file-read*\n"
   "           (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
   "\n"
-  "  (allow file-read-metadata)\n"
-  "\n"
   "  (allow ipc-posix-shm\n"
   "      (ipc-posix-name-regex \"^/tmp/com.apple.csseed:\")\n"
   "      (ipc-posix-name-regex \"^CFPBS:\")\n"
   "      (ipc-posix-name-regex \"^AudioIO\"))\n"
   "\n"
   "  (allow file-read-metadata\n"
   "      (literal \"/home\")\n"
   "      (literal \"/net\")\n"