Bug 1387570 - remove access to the com.apple.cache_delete mach service from content processes; r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Mon, 07 Aug 2017 10:11:37 -0400
changeset 422950 dee759b7d98a6bdc7249b8400692cd3ef6e425e1
parent 422949 0623467f11baf68bb4260c9d6ac17c0ddd350314
child 422951 ce2b6a193210388b2e672e1201684448bb1f4220
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1387570
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1387570 - remove access to the com.apple.cache_delete mach service from content processes; r=haik MozReview-Commit-ID: LoB1rx5DoV5
security/sandbox/mac/SandboxPolicies.h
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -184,18 +184,17 @@ static const char contentSandboxRules[] 
 
   (allow mach-lookup
       (global-name "com.apple.coreservices.launchservicesd")
       (global-name "com.apple.pasteboard.1")
       (global-name "com.apple.window_proxies")
       (global-name "com.apple.audio.coreaudiod")
       (global-name "com.apple.audio.audiohald")
       (global-name "com.apple.SystemConfiguration.configd")
-      (global-name "com.apple.iconservices")
-      (global-name "com.apple.cache_delete"))
+      (global-name "com.apple.iconservices"))
 
 ; bug 1376163
   (if (>= macosMinorVersion 13)
     (allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
 
 ; bug 1312273
   (if (= macosMinorVersion 9)
      (allow mach-lookup (global-name "com.apple.xpcd")))