Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
☠☠ backed out by a41a34f7d936 ☠ ☠
authorHaik Aftandilian <haftandilian@mozilla.com>
Thu, 26 May 2016 00:08:00 -0400
changeset 338176 d3bde9a513bb8b33a97bf6c2e5d451a133e59192
parent 338175 9fd1d6aeed21def0fbbec7cba706b5752cb0ad08
child 338177 f43c78d7cc1393e2b88488e85d082d4dd440fb9b
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbobowen
bugs1272764
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
security/sandbox/mac/Sandbox.mm
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -57,276 +57,276 @@ static const char contentSandboxRules[] 
   "(define appPath \"%s\")\n"
   "(define appBinaryPath \"%s\")\n"
   "(define appDir \"%s\")\n"
   "(define appTempDir \"%s\")\n"
   "(define home-path \"%s\")\n"
   "\n"
   "(import \"/System/Library/Sandbox/Profiles/system.sb\")\n"
   "\n"
-  "  (begin\n"
-  "    (deny default)\n"
-  "    (debug deny)\n"
+  "(begin\n"
+  "  (deny default)\n"
+  "  (debug deny)\n"
   "\n"
-  "    (define resolving-literal literal)\n"
-  "    (define resolving-subpath subpath)\n"
-  "    (define resolving-regex regex)\n"
+  "  (define resolving-literal literal)\n"
+  "  (define resolving-subpath subpath)\n"
+  "  (define resolving-regex regex)\n"
   "\n"
-  "    (define container-path appPath)\n"
-  "    (define appdir-path appDir)\n"
-  "    (define var-folders-re \"^/private/var/folders/[^/][^/]\")\n"
-  "    (define var-folders2-re (string-append var-folders-re \"/[^/]+/[^/]\"))\n"
+  "  (define container-path appPath)\n"
+  "  (define appdir-path appDir)\n"
+  "  (define var-folders-re \"^/private/var/folders/[^/][^/]\")\n"
+  "  (define var-folders2-re (string-append var-folders-re \"/[^/]+/[^/]\"))\n"
   "\n"
-  "    (define (home-regex home-relative-regex)\n"
-  "      (resolving-regex (string-append \"^\" (regex-quote home-path) home-relative-regex)))\n"
-  "    (define (home-subpath home-relative-subpath)\n"
-  "      (resolving-subpath (string-append home-path home-relative-subpath)))\n"
-  "    (define (home-literal home-relative-literal)\n"
-  "      (resolving-literal (string-append home-path home-relative-literal)))\n"
+  "  (define (home-regex home-relative-regex)\n"
+  "    (resolving-regex (string-append \"^\" (regex-quote home-path) home-relative-regex)))\n"
+  "  (define (home-subpath home-relative-subpath)\n"
+  "    (resolving-subpath (string-append home-path home-relative-subpath)))\n"
+  "  (define (home-literal home-relative-literal)\n"
+  "    (resolving-literal (string-append home-path home-relative-literal)))\n"
   "\n"
-  "    (define (container-regex container-relative-regex)\n"
-  "      (resolving-regex (string-append \"^\" (regex-quote container-path) container-relative-regex)))\n"
-  "    (define (container-subpath container-relative-subpath)\n"
-  "      (resolving-subpath (string-append container-path container-relative-subpath)))\n"
-  "    (define (container-literal container-relative-literal)\n"
-  "      (resolving-literal (string-append container-path container-relative-literal)))\n"
+  "  (define (container-regex container-relative-regex)\n"
+  "    (resolving-regex (string-append \"^\" (regex-quote container-path) container-relative-regex)))\n"
+  "  (define (container-subpath container-relative-subpath)\n"
+  "    (resolving-subpath (string-append container-path container-relative-subpath)))\n"
+  "  (define (container-literal container-relative-literal)\n"
+  "    (resolving-literal (string-append container-path container-relative-literal)))\n"
   "\n"
-  "    (define (var-folders-regex var-folders-relative-regex)\n"
-  "      (resolving-regex (string-append var-folders-re var-folders-relative-regex)))\n"
-  "    (define (var-folders2-regex var-folders2-relative-regex)\n"
-  "      (resolving-regex (string-append var-folders2-re var-folders2-relative-regex)))\n"
+  "  (define (var-folders-regex var-folders-relative-regex)\n"
+  "    (resolving-regex (string-append var-folders-re var-folders-relative-regex)))\n"
+  "  (define (var-folders2-regex var-folders2-relative-regex)\n"
+  "    (resolving-regex (string-append var-folders2-re var-folders2-relative-regex)))\n"
   "\n"
-  "    (define (appdir-regex appdir-relative-regex)\n"
-  "      (resolving-regex (string-append \"^\" (regex-quote appdir-path) appdir-relative-regex)))\n"
-  "    (define (appdir-subpath appdir-relative-subpath)\n"
-  "      (resolving-subpath (string-append appdir-path appdir-relative-subpath)))\n"
-  "    (define (appdir-literal appdir-relative-literal)\n"
-  "      (resolving-literal (string-append appdir-path appdir-relative-literal)))\n"
+  "  (define (appdir-regex appdir-relative-regex)\n"
+  "    (resolving-regex (string-append \"^\" (regex-quote appdir-path) appdir-relative-regex)))\n"
+  "  (define (appdir-subpath appdir-relative-subpath)\n"
+  "    (resolving-subpath (string-append appdir-path appdir-relative-subpath)))\n"
+  "  (define (appdir-literal appdir-relative-literal)\n"
+  "    (resolving-literal (string-append appdir-path appdir-relative-literal)))\n"
   "\n"
-  "    (define (allow-shared-preferences-read domain)\n"
-  "          (begin\n"
-  "            (if (defined? `user-preference-read)\n"
-  "              (allow user-preference-read (preference-domain domain)))\n"
-  "            (allow file-read*\n"
-  "                   (home-literal (string-append \"/Library/Preferences/\" domain \".plist\"))\n"
-  "                   (home-regex (string-append \"/Library/Preferences/ByHost/\" (regex-quote domain) \"\\..*\\.plist$\")))\n"
-  "            ))\n"
+  "  (define (allow-shared-preferences-read domain)\n"
+  "        (begin\n"
+  "          (if (defined? `user-preference-read)\n"
+  "            (allow user-preference-read (preference-domain domain)))\n"
+  "          (allow file-read*\n"
+  "                 (home-literal (string-append \"/Library/Preferences/\" domain \".plist\"))\n"
+  "                 (home-regex (string-append \"/Library/Preferences/ByHost/\" (regex-quote domain) \"\\..*\\.plist$\")))\n"
+  "          ))\n"
   "\n"
-  "    (define (allow-shared-list domain)\n"
-  "      (allow file-read*\n"
-  "             (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
+  "  (define (allow-shared-list domain)\n"
+  "    (allow file-read*\n"
+  "           (home-regex (string-append \"/Library/Preferences/\" (regex-quote domain)))))\n"
   "\n"
-  "    (allow file-read-metadata)\n"
+  "  (allow file-read-metadata)\n"
   "\n"
-  "    (allow ipc-posix-shm\n"
-  "        (ipc-posix-name-regex \"^/tmp/com.apple.csseed:\")\n"
-  "        (ipc-posix-name-regex \"^CFPBS:\")\n"
-  "        (ipc-posix-name-regex \"^AudioIO\"))\n"
+  "  (allow ipc-posix-shm\n"
+  "      (ipc-posix-name-regex \"^/tmp/com.apple.csseed:\")\n"
+  "      (ipc-posix-name-regex \"^CFPBS:\")\n"
+  "      (ipc-posix-name-regex \"^AudioIO\"))\n"
   "\n"
-  "    (allow file-read-metadata\n"
-  "        (literal \"/home\")\n"
-  "        (literal \"/net\")\n"
-  "        (regex \"^/private/tmp/KSInstallAction\\.\")\n"
-  "        (var-folders-regex \"/\")\n"
-  "        (home-subpath \"/Library\"))\n"
+  "  (allow file-read-metadata\n"
+  "      (literal \"/home\")\n"
+  "      (literal \"/net\")\n"
+  "      (regex \"^/private/tmp/KSInstallAction\\.\")\n"
+  "      (var-folders-regex \"/\")\n"
+  "      (home-subpath \"/Library\"))\n"
   "\n"
-  "    (allow signal (target self))\n"
-  "    (allow job-creation (literal \"/Library/CoreMediaIO/Plug-Ins/DAL\"))\n"
-  "    (allow iokit-set-properties (iokit-property \"IOAudioControlValue\"))\n"
+  "  (allow signal (target self))\n"
+  "  (allow job-creation (literal \"/Library/CoreMediaIO/Plug-Ins/DAL\"))\n"
+  "  (allow iokit-set-properties (iokit-property \"IOAudioControlValue\"))\n"
   "\n"
-  "    (allow mach-lookup\n"
-  "        (global-name \"com.apple.coreservices.launchservicesd\")\n"
-  "        (global-name \"com.apple.coreservices.appleevents\")\n"
-  "        (global-name \"com.apple.pasteboard.1\")\n"
-  "        (global-name \"com.apple.window_proxies\")\n"
-  "        (global-name \"com.apple.windowserver.active\")\n"
-  "        (global-name \"com.apple.audio.coreaudiod\")\n"
-  "        (global-name \"com.apple.audio.audiohald\")\n"
-  "        (global-name \"com.apple.PowerManagement.control\")\n"
-  "        (global-name \"com.apple.cmio.VDCAssistant\")\n"
-  "        (global-name \"com.apple.SystemConfiguration.configd\")\n"
-  "        (global-name \"com.apple.iconservices\")\n"
-  "        (global-name \"com.apple.cookied\")\n"
-  "        (global-name \"com.apple.printuitool.agent\")\n"
-  "        (global-name \"com.apple.printtool.agent\")\n"
-  "        (global-name \"com.apple.cache_delete\")\n"
-  "        (global-name \"com.apple.pluginkit.pkd\")\n"
-  "        (global-name \"com.apple.bird\")\n"
-  "        (global-name \"com.apple.ocspd\")\n"
-  "        (global-name \"com.apple.cmio.AppleCameraAssistant\")\n"
-  "        (global-name \"com.apple.DesktopServicesHelper\")\n"
-  "        (global-name \"com.apple.printtool.daemon\"))\n"
+  "  (allow mach-lookup\n"
+  "      (global-name \"com.apple.coreservices.launchservicesd\")\n"
+  "      (global-name \"com.apple.coreservices.appleevents\")\n"
+  "      (global-name \"com.apple.pasteboard.1\")\n"
+  "      (global-name \"com.apple.window_proxies\")\n"
+  "      (global-name \"com.apple.windowserver.active\")\n"
+  "      (global-name \"com.apple.audio.coreaudiod\")\n"
+  "      (global-name \"com.apple.audio.audiohald\")\n"
+  "      (global-name \"com.apple.PowerManagement.control\")\n"
+  "      (global-name \"com.apple.cmio.VDCAssistant\")\n"
+  "      (global-name \"com.apple.SystemConfiguration.configd\")\n"
+  "      (global-name \"com.apple.iconservices\")\n"
+  "      (global-name \"com.apple.cookied\")\n"
+  "      (global-name \"com.apple.printuitool.agent\")\n"
+  "      (global-name \"com.apple.printtool.agent\")\n"
+  "      (global-name \"com.apple.cache_delete\")\n"
+  "      (global-name \"com.apple.pluginkit.pkd\")\n"
+  "      (global-name \"com.apple.bird\")\n"
+  "      (global-name \"com.apple.ocspd\")\n"
+  "      (global-name \"com.apple.cmio.AppleCameraAssistant\")\n"
+  "      (global-name \"com.apple.DesktopServicesHelper\")\n"
+  "      (global-name \"com.apple.printtool.daemon\"))\n"
   "\n"
-  "    (allow iokit-open\n"
-  "        (iokit-user-client-class \"IOHIDParamUserClient\")\n"
-  "        (iokit-user-client-class \"IOAudioControlUserClient\")\n"
-  "        (iokit-user-client-class \"IOAudioEngineUserClient\")\n"
-  "        (iokit-user-client-class \"IGAccelDevice\")\n"
-  "        (iokit-user-client-class \"nvDevice\")\n"
-  "        (iokit-user-client-class \"nvSharedUserClient\")\n"
-  "        (iokit-user-client-class \"nvFermiGLContext\")\n"
-  "        (iokit-user-client-class \"IGAccelGLContext\")\n"
-  "        (iokit-user-client-class \"IGAccelSharedUserClient\")\n"
-  "        (iokit-user-client-class \"IGAccelVideoContextMain\")\n"
-  "        (iokit-user-client-class \"IGAccelVideoContextMedia\")\n"
-  "        (iokit-user-client-class \"IGAccelVideoContextVEBox\")\n"
-  "        (iokit-user-client-class \"RootDomainUserClient\")\n"
-  "        (iokit-user-client-class \"IOUSBDeviceUserClientV2\")\n"
-  "        (iokit-user-client-class \"IOUSBInterfaceUserClientV2\"))\n"
+  "  (allow iokit-open\n"
+  "      (iokit-user-client-class \"IOHIDParamUserClient\")\n"
+  "      (iokit-user-client-class \"IOAudioControlUserClient\")\n"
+  "      (iokit-user-client-class \"IOAudioEngineUserClient\")\n"
+  "      (iokit-user-client-class \"IGAccelDevice\")\n"
+  "      (iokit-user-client-class \"nvDevice\")\n"
+  "      (iokit-user-client-class \"nvSharedUserClient\")\n"
+  "      (iokit-user-client-class \"nvFermiGLContext\")\n"
+  "      (iokit-user-client-class \"IGAccelGLContext\")\n"
+  "      (iokit-user-client-class \"IGAccelSharedUserClient\")\n"
+  "      (iokit-user-client-class \"IGAccelVideoContextMain\")\n"
+  "      (iokit-user-client-class \"IGAccelVideoContextMedia\")\n"
+  "      (iokit-user-client-class \"IGAccelVideoContextVEBox\")\n"
+  "      (iokit-user-client-class \"RootDomainUserClient\")\n"
+  "      (iokit-user-client-class \"IOUSBDeviceUserClientV2\")\n"
+  "      (iokit-user-client-class \"IOUSBInterfaceUserClientV2\"))\n"
   "\n"
   "; depending on systems, the 1st, 2nd or both rules are necessary\n"
-  "    (allow-shared-preferences-read \"com.apple.HIToolbox\")\n"
-  "    (allow file-read-data (literal \"/Library/Preferences/com.apple.HIToolbox.plist\"))\n"
+  "  (allow-shared-preferences-read \"com.apple.HIToolbox\")\n"
+  "  (allow file-read-data (literal \"/Library/Preferences/com.apple.HIToolbox.plist\"))\n"
   "\n"
-  "    (allow-shared-preferences-read \"com.apple.ATS\")\n"
-  "    (allow file-read-data (literal \"/Library/Preferences/.GlobalPreferences.plist\"))\n"
+  "  (allow-shared-preferences-read \"com.apple.ATS\")\n"
+  "  (allow file-read-data (literal \"/Library/Preferences/.GlobalPreferences.plist\"))\n"
   "\n"
-  "    (allow file-read*\n"
-  "        (subpath \"/Library/Fonts\")\n"
-  "        (subpath \"/Library/Audio/Plug-Ins\")\n"
-  "        (subpath \"/Library/CoreMediaIO/Plug-Ins/DAL\")\n"
-  "        (subpath \"/Library/Spelling\")\n"
-  "        (subpath \"/private/etc/cups/ppd\")\n"
-  "        (subpath \"/private/var/run/cupsd\")\n"
-  "        (literal \"/\")\n"
-  "        (literal \"/private/tmp\")\n"
-  "        (literal \"/private/var/tmp\")\n"
+  "  (allow file-read*\n"
+  "      (subpath \"/Library/Fonts\")\n"
+  "      (subpath \"/Library/Audio/Plug-Ins\")\n"
+  "      (subpath \"/Library/CoreMediaIO/Plug-Ins/DAL\")\n"
+  "      (subpath \"/Library/Spelling\")\n"
+  "      (subpath \"/private/etc/cups/ppd\")\n"
+  "      (subpath \"/private/var/run/cupsd\")\n"
+  "      (literal \"/\")\n"
+  "      (literal \"/private/tmp\")\n"
+  "      (literal \"/private/var/tmp\")\n"
   "\n"
-  "        (home-literal \"/.CFUserTextEncoding\")\n"
-  "        (home-literal \"/Library/Preferences/com.apple.DownloadAssessment.plist\")\n"
-  "        (home-subpath \"/Library/Colors\")\n"
-  "        (home-subpath \"/Library/Fonts\")\n"
-  "        (home-subpath \"/Library/FontCollections\")\n"
-  "        (home-subpath \"/Library/Keyboard Layouts\")\n"
-  "        (home-subpath \"/Library/Input Methods\")\n"
-  "        (home-subpath \"/Library/PDF Services\")\n"
-  "        (home-subpath \"/Library/Spelling\")\n"
+  "      (home-literal \"/.CFUserTextEncoding\")\n"
+  "      (home-literal \"/Library/Preferences/com.apple.DownloadAssessment.plist\")\n"
+  "      (home-subpath \"/Library/Colors\")\n"
+  "      (home-subpath \"/Library/Fonts\")\n"
+  "      (home-subpath \"/Library/FontCollections\")\n"
+  "      (home-subpath \"/Library/Keyboard Layouts\")\n"
+  "      (home-subpath \"/Library/Input Methods\")\n"
+  "      (home-subpath \"/Library/PDF Services\")\n"
+  "      (home-subpath \"/Library/Spelling\")\n"
   "\n"
-  "        (subpath appdir-path)\n"
+  "      (subpath appdir-path)\n"
   "\n"
-  "        (literal appPath)\n"
-  "        (literal appBinaryPath))\n"
+  "      (literal appPath)\n"
+  "      (literal appBinaryPath))\n"
   "\n"
-  "    (allow-shared-list \"org.mozilla.plugincontainer\")\n"
+  "  (allow-shared-list \"org.mozilla.plugincontainer\")\n"
   "\n"
   "; the following 2 rules should be removed when microphone and camera access\n"
   "; are brokered through the content process\n"
-  "    (allow device-microphone)\n"
-  "    (allow device-camera)\n"
+  "  (allow device-microphone)\n"
+  "  (allow device-camera)\n"
   "\n"
-  "    (allow file* (var-folders2-regex \"/com\\.apple\\.IntlDataCache\\.le$\"))\n"
-  "    (allow file-read*\n"
-  "        (var-folders2-regex \"/com\\.apple\\.IconServices/\")\n"
-  "        (var-folders2-regex \"/[^/]+\\.mozrunner/extensions/[^/]+/chrome/[^/]+/content/[^/]+\\.j(s|ar)$\"))\n"
+  "  (allow file* (var-folders2-regex \"/com\\.apple\\.IntlDataCache\\.le$\"))\n"
+  "  (allow file-read*\n"
+  "      (var-folders2-regex \"/com\\.apple\\.IconServices/\")\n"
+  "      (var-folders2-regex \"/[^/]+\\.mozrunner/extensions/[^/]+/chrome/[^/]+/content/[^/]+\\.j(s|ar)$\"))\n"
   "\n"
-  "    (allow file-write* (var-folders2-regex \"/org\\.chromium\\.[a-zA-Z0-9]*$\"))\n"
-  "    (allow file-read*\n"
-  "        (home-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
-  "        (resolving-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
-  "        (home-regex \"/Library/Application Support/Firefox/Profiles/[^/]+/extensions/\")\n"
-  "        (home-regex \"/Library/Application Support/Firefox/Profiles/[^/]+/weave/\"))\n"
+  "  (allow file-write* (var-folders2-regex \"/org\\.chromium\\.[a-zA-Z0-9]*$\"))\n"
+  "  (allow file-read*\n"
+  "      (home-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
+  "      (resolving-regex \"/Library/Application Support/[^/]+/Extensions/[^/]/\")\n"
+  "      (home-regex \"/Library/Application Support/Firefox/Profiles/[^/]+/extensions/\")\n"
+  "      (home-regex \"/Library/Application Support/Firefox/Profiles/[^/]+/weave/\"))\n"
   "\n"
   "; the following rules should be removed when printing and \n"
   "; opening a file from disk are brokered through the main process\n"
-  "    (if\n"
-  "      (< sandbox-level 2)\n"
-  "      (allow file*\n"
-  "          (require-not\n"
-  "              (home-subpath \"/Library\")))\n"
-  "      (allow file*\n"
-  "          (require-all\n"
-  "              (subpath home-path)\n"
-  "              (require-not\n"
-  "                  (home-subpath \"/Library\")))))\n"
+  "  (if\n"
+  "    (< sandbox-level 2)\n"
+  "    (allow file*\n"
+  "        (require-not\n"
+  "            (home-subpath \"/Library\")))\n"
+  "    (allow file*\n"
+  "        (require-all\n"
+  "            (subpath home-path)\n"
+  "            (require-not\n"
+  "                (home-subpath \"/Library\")))))\n"
   "\n"
   "; printing\n"
-  "    (allow authorization-right-obtain\n"
-  "           (right-name \"system.print.operator\")\n"
-  "           (right-name \"system.printingmanager\"))\n"
-  "    (allow mach-lookup\n"
-  "           (global-name \"com.apple.printuitool.agent\")\n"
-  "           (global-name \"com.apple.printtool.agent\")\n"
-  "           (global-name \"com.apple.printtool.daemon\")\n"
-  "           (global-name \"com.apple.sharingd\")\n"
-  "           (global-name \"com.apple.metadata.mds\")\n"
-  "           (global-name \"com.apple.mtmd.xpc\")\n"
-  "           (global-name \"com.apple.FSEvents\")\n"
-  "           (global-name \"com.apple.locum\")\n"
-  "           (global-name \"com.apple.ImageCaptureExtension2.presence\"))\n"
-  "    (allow file-read*\n"
-  "           (home-literal \"/.cups/lpoptions\")\n"
-  "           (home-literal \"/.cups/client.conf\")\n"
-  "           (literal \"/private/etc/cups/lpoptions\")\n"
-  "           (literal \"/private/etc/cups/client.conf\")\n"
-  "           (subpath \"/private/etc/cups/ppd\")\n"
-  "           (literal \"/private/var/run/cupsd\"))\n"
-  "    (allow-shared-preferences-read \"org.cups.PrintingPrefs\")\n"
-  "    (allow-shared-preferences-read \"com.apple.finder\")\n"
-  "    (allow-shared-preferences-read \"com.apple.LaunchServices\")\n"
-  "    (allow-shared-preferences-read \".GlobalPreferences\")\n"
-  "    (allow network-outbound\n"
-  "        (literal \"/private/var/run/cupsd\")\n"
-  "        (literal \"/private/var/run/mDNSResponder\"))\n"
+  "  (allow authorization-right-obtain\n"
+  "         (right-name \"system.print.operator\")\n"
+  "         (right-name \"system.printingmanager\"))\n"
+  "  (allow mach-lookup\n"
+  "         (global-name \"com.apple.printuitool.agent\")\n"
+  "         (global-name \"com.apple.printtool.agent\")\n"
+  "         (global-name \"com.apple.printtool.daemon\")\n"
+  "         (global-name \"com.apple.sharingd\")\n"
+  "         (global-name \"com.apple.metadata.mds\")\n"
+  "         (global-name \"com.apple.mtmd.xpc\")\n"
+  "         (global-name \"com.apple.FSEvents\")\n"
+  "         (global-name \"com.apple.locum\")\n"
+  "         (global-name \"com.apple.ImageCaptureExtension2.presence\"))\n"
+  "  (allow file-read*\n"
+  "         (home-literal \"/.cups/lpoptions\")\n"
+  "         (home-literal \"/.cups/client.conf\")\n"
+  "         (literal \"/private/etc/cups/lpoptions\")\n"
+  "         (literal \"/private/etc/cups/client.conf\")\n"
+  "         (subpath \"/private/etc/cups/ppd\")\n"
+  "         (literal \"/private/var/run/cupsd\"))\n"
+  "  (allow-shared-preferences-read \"org.cups.PrintingPrefs\")\n"
+  "  (allow-shared-preferences-read \"com.apple.finder\")\n"
+  "  (allow-shared-preferences-read \"com.apple.LaunchServices\")\n"
+  "  (allow-shared-preferences-read \".GlobalPreferences\")\n"
+  "  (allow network-outbound\n"
+  "      (literal \"/private/var/run/cupsd\")\n"
+  "      (literal \"/private/var/run/mDNSResponder\"))\n"
   "\n"
   "; print preview\n"
-  "    (allow lsopen)\n"
-  "    (allow file-write* file-issue-extension (var-folders2-regex \"/\"))\n"
-  "    (allow file-read-xattr (literal \"/Applications/Preview.app\"))\n"
-  "    (allow mach-task-name)\n"
-  "    (allow mach-register)\n"
-  "    (allow file-read-data\n"
-  "        (regex \"^/Library/Printers/[^/]+/PDEs/[^/]+.plugin\")\n"
-  "        (subpath \"/Library/PDF Services\")\n"
-  "        (subpath \"/Applications/Preview.app\")\n"
-  "        (home-literal \"/Library/Preferences/com.apple.ServicesMenu.Services.plist\"))\n"
-  "    (allow mach-lookup\n"
-  "        (global-name \"com.apple.pbs.fetch_services\")\n"
-  "        (global-name \"com.apple.tsm.uiserver\")\n"
-  "        (global-name \"com.apple.ls.boxd\")\n"
-  "        (global-name \"com.apple.coreservices.quarantine-resolver\")\n"
-  "        (global-name-regex \"_OpenStep$\"))\n"
-  "    (allow appleevent-send\n"
-  "        (appleevent-destination \"com.apple.preview\")\n"
-  "        (appleevent-destination \"com.apple.imagecaptureextension2\"))\n"
+  "  (allow lsopen)\n"
+  "  (allow file-write* file-issue-extension (var-folders2-regex \"/\"))\n"
+  "  (allow file-read-xattr (literal \"/Applications/Preview.app\"))\n"
+  "  (allow mach-task-name)\n"
+  "  (allow mach-register)\n"
+  "  (allow file-read-data\n"
+  "      (regex \"^/Library/Printers/[^/]+/PDEs/[^/]+.plugin\")\n"
+  "      (subpath \"/Library/PDF Services\")\n"
+  "      (subpath \"/Applications/Preview.app\")\n"
+  "      (home-literal \"/Library/Preferences/com.apple.ServicesMenu.Services.plist\"))\n"
+  "  (allow mach-lookup\n"
+  "      (global-name \"com.apple.pbs.fetch_services\")\n"
+  "      (global-name \"com.apple.tsm.uiserver\")\n"
+  "      (global-name \"com.apple.ls.boxd\")\n"
+  "      (global-name \"com.apple.coreservices.quarantine-resolver\")\n"
+  "      (global-name-regex \"_OpenStep$\"))\n"
+  "  (allow appleevent-send\n"
+  "      (appleevent-destination \"com.apple.preview\")\n"
+  "      (appleevent-destination \"com.apple.imagecaptureextension2\"))\n"
   "\n"
   "; accelerated graphics\n"
-  "    (allow-shared-preferences-read \"com.apple.opengl\")\n"
-  "    (allow-shared-preferences-read \"com.nvidia.OpenGL\")\n"
-  "    (allow mach-lookup\n"
-  "        (global-name \"com.apple.cvmsServ\"))\n"
-  "    (allow iokit-open\n"
-  "        (iokit-connection \"IOAccelerator\")\n"
-  "        (iokit-user-client-class \"IOAccelerationUserClient\")\n"
-  "        (iokit-user-client-class \"IOSurfaceRootUserClient\")\n"
-  "        (iokit-user-client-class \"IOSurfaceSendRight\")\n"
-  "        (iokit-user-client-class \"IOFramebufferSharedUserClient\")\n"
-  "        (iokit-user-client-class \"AppleSNBFBUserClient\")\n"
-  "        (iokit-user-client-class \"AGPMClient\")\n"
-  "        (iokit-user-client-class \"AppleGraphicsControlClient\")\n"
-  "        (iokit-user-client-class \"AppleGraphicsPolicyClient\"))\n"
+  "  (allow-shared-preferences-read \"com.apple.opengl\")\n"
+  "  (allow-shared-preferences-read \"com.nvidia.OpenGL\")\n"
+  "  (allow mach-lookup\n"
+  "      (global-name \"com.apple.cvmsServ\"))\n"
+  "  (allow iokit-open\n"
+  "      (iokit-connection \"IOAccelerator\")\n"
+  "      (iokit-user-client-class \"IOAccelerationUserClient\")\n"
+  "      (iokit-user-client-class \"IOSurfaceRootUserClient\")\n"
+  "      (iokit-user-client-class \"IOSurfaceSendRight\")\n"
+  "      (iokit-user-client-class \"IOFramebufferSharedUserClient\")\n"
+  "      (iokit-user-client-class \"AppleSNBFBUserClient\")\n"
+  "      (iokit-user-client-class \"AGPMClient\")\n"
+  "      (iokit-user-client-class \"AppleGraphicsControlClient\")\n"
+  "      (iokit-user-client-class \"AppleGraphicsPolicyClient\"))\n"
   "\n"
   "; bug 1153809\n"
-  "    (allow iokit-open\n"
-  "        (iokit-user-client-class \"NVDVDContextTesla\")\n"
-  "        (iokit-user-client-class \"Gen6DVDContext\"))\n"
+  "  (allow iokit-open\n"
+  "      (iokit-user-client-class \"NVDVDContextTesla\")\n"
+  "      (iokit-user-client-class \"Gen6DVDContext\"))\n"
   "\n"
   "; bug 1190032\n"
-  "    (allow file*\n"
-  "        (home-regex \"/Library/Caches/TemporaryItems/plugtmp.*\"))\n"
+  "  (allow file*\n"
+  "      (home-regex \"/Library/Caches/TemporaryItems/plugtmp.*\"))\n"
   "\n"
   "; bug 1201935\n"
-  "    (allow file-read*\n"
-  "        (home-subpath \"/Library/Caches/TemporaryItems\"))\n"
+  "  (allow file-read*\n"
+  "      (home-subpath \"/Library/Caches/TemporaryItems\"))\n"
   "\n"
   "; bug 1237847\n"
-  "    (allow file-read*\n"
-  "        (subpath appTempDir))\n"
-  "    (allow file-write*\n"
-  "        (subpath appTempDir))\n"
-  "  )\n";
+  "  (allow file-read*\n"
+  "      (subpath appTempDir))\n"
+  "  (allow file-write*\n"
+  "      (subpath appTempDir))\n"
+  ")\n";
 
 bool StartMacSandbox(MacSandboxInfo aInfo, std::string &aErrorMessage)
 {
   char *profile = NULL;
   if (aInfo.type == MacSandboxType_Plugin) {
     asprintf(&profile, pluginSandboxRules,
              aInfo.pluginInfo.pluginBinaryPath.c_str(),
              aInfo.appPath.c_str(),