Bug 1309098 - Add ALSA devices to filesystem policy whitelist. r=glandium
authorGian-Carlo Pascutto <gcp@mozilla.com>
Tue, 11 Oct 2016 16:35:39 +0200
changeset 325343 5ae2260e20e758d04e80427d29cf8aa1d2cd2890
parent 325311 373caf284bbc8e8d9cff6638b11006d55b3cc1c0
child 325344 c58bfbe2800682c2c2c85716d3155e30a33997ad
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewersglandium
bugs1309098
milestone53.0a1
Bug 1309098 - Add ALSA devices to filesystem policy whitelist. r=glandium MozReview-Commit-ID: F2GmQEj9XEN
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
security/sandbox/linux/broker/moz.build
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -135,19 +135,24 @@ SandboxBrokerPolicyFactory::SandboxBroke
   // If the above fails at any point, fall back to a very good guess.
   if (NS_FAILED(rv)) {
     policy->AddDir(rdwrcr, "/tmp");
   }
 
   // Bug 1308851: NVIDIA proprietary driver when using WebGL
   policy->AddPrefix(rdwr, "/dev", "nvidia");
 
-  // Bug 1312678: radeonsi/Intel with DRI when using WebGL
+    // Bug 1312678: radeonsi/Intel with DRI when using WebGL
   policy->AddDir(rdwr, "/dev/dri");
 
+#ifdef MOZ_ALSA
+  // Bug 1309098: ALSA support
+  policy->AddDir(rdwr, "/dev/snd");
+#endif
+
   mCommonContentPolicy.reset(policy);
 #endif
 }
 
 #ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy>
 SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
 {
--- a/security/sandbox/linux/broker/moz.build
+++ b/security/sandbox/linux/broker/moz.build
@@ -15,16 +15,19 @@ SOURCES += [
     'SandboxBrokerCommon.cpp',
     'SandboxBrokerPolicyFactory.cpp',
 ]
 
 if CONFIG['OS_TARGET'] == 'Android':
     if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk':
         DEFINES['HAVE_ANDROID_OS'] = True
 
+if CONFIG['MOZ_ALSA']:
+    DEFINES['MOZ_ALSA'] = True
+
 LOCAL_INCLUDES += [
     '/security/sandbox/linux', # SandboxLogging.h, SandboxInfo.h
 ]
 
 # Need this for mozilla::ipc::FileDescriptor etc.
 include('/ipc/chromium/chromium-config.mozbuild')
 
 # Need this for safe_sprintf.h used by SandboxLogging.h,