Bug 1322370 - Disable camera access in the Mac content sandbox; r=jimm a=jcristau
authorHaik Aftandilian <haftandilian@mozilla.com>
Tue, 06 Dec 2016 12:34:15 -1000
changeset 353477 9d14fb0994cc6ad9e4a87ab3fc9e244e476a78f2
parent 353476 5425255d6615a46ce08b86b37d93153ad659100a
child 353478 636a4707dc9322b275d2dcd724664077222822f2
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm, jcristau
bugs1322370
milestone52.0a2
Bug 1322370 - Disable camera access in the Mac content sandbox; r=jimm a=jcristau MozReview-Commit-ID: CSEXN1B0Al8
security/sandbox/mac/Sandbox.mm
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -320,20 +320,19 @@ static const char contentSandboxRules[] 
   "\n"
   "      (subpath appdir-path)\n"
   "\n"
   "      (literal appPath)\n"
   "      (literal appBinaryPath))\n"
   "\n"
   "  (allow-shared-list \"org.mozilla.plugincontainer\")\n"
   "\n"
-  "; the following 2 rules should be removed when microphone and camera access\n"
-  "; are brokered through the content process\n"
+  "; the following rule should be removed when microphone access\n"
+  "; is brokered through the content process\n"
   "  (allow device-microphone)\n"
-  "  (allow device-camera)\n"
   "\n"
   "  (allow file* (var-folders2-regex \"/com\\.apple\\.IntlDataCache\\.le$\"))\n"
   "  (allow file-read*\n"
   "      (var-folders2-regex \"/com\\.apple\\.IconServices/\")\n"
   "      (var-folders2-regex \"/[^/]+\\.mozrunner/extensions/[^/]+/chrome/[^/]+/content/[^/]+\\.j(s|ar)$\"))\n"
   "\n"
   "  (allow file-write* (var-folders2-regex \"/org\\.chromium\\.[a-zA-Z0-9]*$\"))\n"
   "\n"