Bug 1546836 - Video Playback and Form Rendering Issues on macOS Version 10.14.5 Beta r=jmathies
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 26 Apr 2019 16:28:06 +0000
changeset 530351 434766cf660f8af665892473b7eb8a4b98b8e0f9
parent 530350 f0a23c78fb47dc9a7812d9ccffcde988a8b4e8d9
child 530352 b13f2b24ae625d16fdeeb61cdec10978c3c75638
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjmathies
bugs1546836
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1546836 - Video Playback and Form Rendering Issues on macOS Version 10.14.5 Beta r=jmathies Allow access to Apple's Metal shader language compiler in our content process sandbox. Limit the sandbox policy change to 10.14 and newer OS versions to reduce risk given that problems have only been reported on 10.14.5. Differential Revision: https://phabricator.services.mozilla.com/D28904
security/sandbox/mac/SandboxPolicyContent.h
--- a/security/sandbox/mac/SandboxPolicyContent.h
+++ b/security/sandbox/mac/SandboxPolicyContent.h
@@ -296,16 +296,19 @@ static const char SandboxPolicyContent[]
       (profile-subpath "/extensions")
       (profile-subpath "/chrome")))
 
 ; accelerated graphics
   (allow user-preference-read (preference-domain "com.apple.opengl"))
   (allow user-preference-read (preference-domain "com.nvidia.OpenGL"))
   (allow mach-lookup
       (global-name "com.apple.cvmsServ"))
+  (if (>= macosMinorVersion 14)
+    (allow mach-lookup
+      (global-name "com.apple.MTLCompilerService")))
   (allow iokit-open
       (iokit-connection "IOAccelerator")
       (iokit-user-client-class "IOAccelerationUserClient")
       (iokit-user-client-class "IOSurfaceRootUserClient")
       (iokit-user-client-class "IOSurfaceSendRight")
       (iokit-user-client-class "IOFramebufferSharedUserClient")
       (iokit-user-client-class "AGPMClient")
       (iokit-user-client-class "AppleGraphicsControlClient"))