Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Mon, 24 Jul 2017 09:50:32 -0400
changeset 421766 6fc6a92ad62ecae876c19be2026afeed85ee1064
parent 421765 9efa1cfe64b1eeea5a202963bbe95ceceec0f53f
child 421767 91ddffcd405d5abcdc46bd8126d25bbd438f85a0
push id1517
push userjlorenzo@mozilla.com
push dateThu, 14 Sep 2017 16:50:54 +0000
treeherdermozilla-release@3b41fd564418 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1383818
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; r=haik It is not used, so this is an attack surface reduction. MozReview-Commit-ID: mrW9hi0SAh
security/sandbox/mac/SandboxPolicies.h
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -196,17 +196,16 @@ static const char contentSandboxRules[] 
       (global-name "com.apple.PowerManagement.control")
       (global-name "com.apple.cmio.VDCAssistant")
       (global-name "com.apple.SystemConfiguration.configd")
       (global-name "com.apple.iconservices")
       (global-name "com.apple.cookied")
       (global-name "com.apple.cache_delete")
       (global-name "com.apple.pluginkit.pkd")
       (global-name "com.apple.bird")
-      (global-name "com.apple.ocspd")
       (global-name "com.apple.cmio.AppleCameraAssistant")
       (global-name "com.apple.DesktopServicesHelper"))
 
 ; bug 1376163
   (if (string=? macosMinorVersion-min13 "TRUE")
     (allow mach-lookup (global-name "com.apple.audio.AudioComponentRegistrar")))
 
 ; bug 1312273