Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik
☠☠ backed out by 084696d19f1a ☠ ☠
authorAlex Gaynor <agaynor@mozilla.com>
Thu, 27 Jul 2017 13:58:28 -0400
changeset 420213 4d7f8040175114453ed4a1927fd6a0bf376f21d3
parent 420212 bdad4ba95b6da5bd63db5f3edd8f70dfb6711ed3
child 420214 73f48b4bd6018f6f4c6dea264299861c9bc9a664
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1385028
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik MozReview-Commit-ID: BDD7WzTqHC6
security/sandbox/mac/Sandbox.mm
security/sandbox/mac/SandboxPolicies.h
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -124,16 +124,25 @@ OSXVersion::GetVersionNumber()
 
 namespace mozilla {
 
 bool StartMacSandbox(MacSandboxInfo aInfo, std::string &aErrorMessage)
 {
   std::vector<const char *> params;
   char *profile = NULL;
   bool profile_needs_free = false;
+
+// 11 bytes is enough to store any int32_t, plus one for the NUL byte. In
+// practice of course, it's unlikely we'll see a macOS minor version greater
+// than 2 digits in the lifetime of this code. Better safe than sorry though!
+#define MAX_MACOS_MINOR_VERSION_LENGTH 12
+  char macOSMinor[MAX_MACOS_MINOR_VERSION_LENGTH];
+  snprintf(macOSMinor, sizeof(macOSMinor), "%d", OSXVersion::OSXVersionMinor());
+#undef MAX_MACOS_MINOR_VERSION_LENGTH
+
   if (aInfo.type == MacSandboxType_Plugin) {
     profile = const_cast<char *>(pluginSandboxRules);
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("PLUGIN_BINARY_PATH");
     params.push_back(aInfo.pluginInfo.pluginBinaryPath.c_str());
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
@@ -155,20 +164,18 @@ bool StartMacSandbox(MacSandboxInfo aInf
       params.push_back("SHOULD_LOG");
       params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
       params.push_back("SANDBOX_LEVEL_1");
       params.push_back(aInfo.level == 1 ? "TRUE" : "FALSE");
       params.push_back("SANDBOX_LEVEL_2");
       params.push_back(aInfo.level == 2 ? "TRUE" : "FALSE");
       params.push_back("SANDBOX_LEVEL_3");
       params.push_back(aInfo.level == 3 ? "TRUE" : "FALSE");
-      params.push_back("MAC_OS_MINOR_9");
-      params.push_back(OSXVersion::OSXVersionMinor() == 9 ? "TRUE" : "FALSE");
-      params.push_back("MAC_OS_MINOR_MIN_13");
-      params.push_back(OSXVersion::OSXVersionMinor() >= 13 ? "TRUE" : "FALSE");
+      params.push_back("MAC_OS_MINOR");
+      params.push_back(macOSMinor);
       params.push_back("APP_PATH");
       params.push_back(aInfo.appPath.c_str());
       params.push_back("APP_BINARY_PATH");
       params.push_back(aInfo.appBinaryPath.c_str());
       params.push_back("APP_DIR");
       params.push_back(aInfo.appDir.c_str());
       params.push_back("APP_TEMP_DIR");
       params.push_back(aInfo.appTempDir.c_str());
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -49,18 +49,17 @@ static const char widevinePluginSandboxR
 
 static const char contentSandboxRules[] = R"(
   (version 1)
 
   (define should-log (param "SHOULD_LOG"))
   (define sandbox-level-1 (param "SANDBOX_LEVEL_1"))
   (define sandbox-level-2 (param "SANDBOX_LEVEL_2"))
   (define sandbox-level-3 (param "SANDBOX_LEVEL_3"))
-  (define macosMinorVersion-9 (param "MAC_OS_MINOR_9"))
-  (define macosMinorVersion-min13 (param "MAC_OS_MINOR_MIN_13"))
+  (define macosMinorVersion (string->number (param "MAC_OS_MINOR")))
   (define appPath (param "APP_PATH"))
   (define appBinaryPath (param "APP_BINARY_PATH"))
   (define appdir-path (param "APP_DIR"))
   (define appTempDir (param "APP_TEMP_DIR"))
   (define hasProfileDir (param "HAS_SANDBOXED_PROFILE"))
   (define profileDir (param "PROFILE_DIR"))
   (define home-path (param "HOME_PATH"))
   (define hasFilePrivileges (param "HAS_FILE_PRIVILEGES"))
@@ -105,17 +104,17 @@ static const char contentSandboxRules[] 
 
   (allow file-read*
     file-write-data
     file-ioctl
     (literal "/dev/dtracehelper"))
 
   ; macOS 10.9 does not support the |sysctl-name| predicate, so unfortunately
   ; we need to allow all sysctl-reads there.
-  (if (string=? macosMinorVersion-9 "TRUE")
+  (if (= macosMinorVersion 9)
     (allow sysctl-read)
     (allow sysctl-read
       (sysctl-name-regex #"^sysctl\.")
       (sysctl-name "kern.ostype")
       (sysctl-name "kern.osversion")
       (sysctl-name "kern.osrelease")
       (sysctl-name "kern.version")
       ; TODO: remove "kern.hostname". Without it the tests hang, but the hostname
@@ -199,21 +198,21 @@ static const char contentSandboxRules[] 
       (global-name "com.apple.iconservices")
       (global-name "com.apple.cache_delete")
       (global-name "com.apple.pluginkit.pkd")
       (global-name "com.apple.bird")
       (global-name "com.apple.cmio.AppleCameraAssistant")
       (global-name "com.apple.DesktopServicesHelper"))
 
 ; bug 1376163
-  (if (string=? macosMinorVersion-min13 "TRUE")
+  (if (>= macosMinorVersion 13)
     (allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
 
 ; bug 1312273
-  (if (string=? macosMinorVersion-9 "TRUE")
+  (if (= macosMinorVersion 9)
      (allow mach-lookup (global-name "com.apple.xpcd")))
 
   (allow iokit-open
       (iokit-user-client-class "IOHIDParamUserClient")
       (iokit-user-client-class "IOAudioControlUserClient")
       (iokit-user-client-class "IOAudioEngineUserClient")
       (iokit-user-client-class "IGAccelDevice")
       (iokit-user-client-class "nvDevice")