Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Mon, 24 Jul 2017 09:50:32 -0400
changeset 419364 6fc6a92ad62ecae876c19be2026afeed85ee1064
parent 419363 9efa1cfe64b1eeea5a202963bbe95ceceec0f53f
child 419365 91ddffcd405d5abcdc46bd8126d25bbd438f85a0
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1383818
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r=haik It is not used, so this is an attack surface reduction. MozReview-Commit-ID: mrW9hi0SAh
security/sandbox/mac/SandboxPolicies.h
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -196,17 +196,16 @@ static const char contentSandboxRules[] 
       (global-name "com.apple.PowerManagement.control")
       (global-name "com.apple.cmio.VDCAssistant")
       (global-name "com.apple.SystemConfiguration.configd")
       (global-name "com.apple.iconservices")
       (global-name "com.apple.cookied")
       (global-name "com.apple.cache_delete")
       (global-name "com.apple.pluginkit.pkd")
       (global-name "com.apple.bird")
-      (global-name "com.apple.ocspd")
       (global-name "com.apple.cmio.AppleCameraAssistant")
       (global-name "com.apple.DesktopServicesHelper"))
 
 ; bug 1376163
   (if (string=? macosMinorVersion-min13 "TRUE")
     (allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
 
 ; bug 1312273