Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 draft
authorAlex Gaynor <agaynor@mozilla.com>
Tue, 30 May 2017 13:52:57 -0400
changeset 586540 b5dd2967289d7714038b511245601f20d4eeb30e
parent 586536 39d5cc0fda5e16c49a59d29d4ca186a5534cc88b
child 631028 f928f421a1b8dff6b878b0f95f1688a6d1bd9f6d
push id61449
push userbmo:agaynor@mozilla.com
push dateTue, 30 May 2017 17:59:30 +0000
bugs1368771
milestone55.0a1
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r?haik MozReview-Commit-ID: HPW4luz5n0M
security/sandbox/test/browser_content_sandbox_fs.js
--- a/security/sandbox/test/browser_content_sandbox_fs.js
+++ b/security/sandbox/test/browser_content_sandbox_fs.js
@@ -375,16 +375,26 @@ function* testFileAccess() {
       tests.push({
         desc:     `$TMPDIR (${macTempDir.path})`,
         ok:       true,
         browser:  fileBrowser,
         file:     macTempDir,
         minLevel: 0,
       });
     }
+
+    // Test that we cannot read from /Volumes at level 3
+    let volumes = GetDir("/Volumes");
+    tests.push({
+      desc:     "/Volumes",
+      ok:       false,
+      browser:  webBrowser,
+      file:     volumes,
+      minLevel: minHomeReadSandboxLevel(),
+    });
   }
 
   let extensionsDir = GetProfileEntry("extensions");
   if (extensionsDir.exists() && extensionsDir.isDirectory()) {
     tests.push({
       desc:     "extensions dir",
       ok:       true,
       browser:  webBrowser,