Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Tue, 30 May 2017 13:52:57 -0400
changeset 409730 fe207354c3a19be148bbdda509008332fd4a9f11
parent 409729 b555966eb1bbc72279295b50efb53ac8e3f1204a
child 409731 155a190e5c863b6d12387aec7b061a55061d59f0
push id7391
push usermtabara@mozilla.com
push dateMon, 12 Jun 2017 13:08:53 +0000
treeherdermozilla-beta@2191d7f87e2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1368771
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik r?haik MozReview-Commit-ID: HPW4luz5n0M
security/sandbox/test/browser_content_sandbox_fs.js
--- a/security/sandbox/test/browser_content_sandbox_fs.js
+++ b/security/sandbox/test/browser_content_sandbox_fs.js
@@ -375,16 +375,26 @@ function* testFileAccess() {
       tests.push({
         desc:     `$TMPDIR (${macTempDir.path})`,
         ok:       true,
         browser:  fileBrowser,
         file:     macTempDir,
         minLevel: 0,
       });
     }
+
+    // Test that we cannot read from /Volumes at level 3
+    let volumes = GetDir("/Volumes");
+    tests.push({
+      desc:     "/Volumes",
+      ok:       false,
+      browser:  webBrowser,
+      file:     volumes,
+      minLevel: minHomeReadSandboxLevel(),
+    });
   }
 
   let extensionsDir = GetProfileEntry("extensions");
   if (extensionsDir.exists() && extensionsDir.isDirectory()) {
     tests.push({
       desc:     "extensions dir",
       ok:       true,
       browser:  webBrowser,