Bug 1955136 - Fix read in sandbox for macOS >= 15 r=haik

Differential Revision: https://phabricator.services.mozilla.com/D246714
2025-05-06 04:53:24 +00:00
parent 61216238e2
commit f4104a876c
3 changed files with 23 additions and 1 deletions
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -324,6 +324,8 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) {
    params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
    params.push_back("APP_PATH");
    params.push_back(aInfo.appPath.c_str());
+    params.push_back("APP_BINARY_PATH");
+    params.push_back(aInfo.appBinaryPath.c_str());
    if (!aInfo.crashServerPort.empty()) {
      params.push_back("CRASH_PORT");
      params.push_back(aInfo.crashServerPort.c_str());
@@ -637,6 +639,18 @@ bool GetContentSandboxParamsFromArgs(int aArgc, char** aArgv,
  return true;
 }

+bool GetAppPathForExecutable(const char* aAppName, const char* aExecutablePath,
+                             std::string& aAppPath) {
+  std::string execPath(aExecutablePath);
+  std::string appName(aAppName);
+  size_t pos = execPath.rfind(appName + '/');
+  if (pos == std::string::npos) {
+    return false;
+  }
+  aAppPath = execPath.substr(0, pos + appName.size());
+  return true;
+}
+
 bool GetUtilitySandboxParamsFromArgs(int aArgc, char** aArgv,
                                     MacSandboxInfo& aInfo,
                                     bool aSandboxingKindRequired = true) {
@@ -644,6 +658,9 @@ bool GetUtilitySandboxParamsFromArgs(int aArgc, char** aArgv,
  // line arguments. Return false if any are missing.
  bool foundAppPath = false;

+  GetAppPathForExecutable(MOZ_CHILD_PROCESS_BUNDLENAME, aArgv[0],
+                          aInfo.appBinaryPath);
+
  // Collect sandbox params from CLI arguments
  for (int i = 0; i < aArgc; i++) {
    if (strcmp(aArgv[i], "-sbLogging") == 0) {
--- a/security/sandbox/mac/SandboxPolicyUtility.h
+++ b/security/sandbox/mac/SandboxPolicyUtility.h
@@ -13,6 +13,7 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(

  (define should-log (param "SHOULD_LOG"))
  (define app-path (param "APP_PATH"))
+  (define app-binary-path (param "APP_BINARY_PATH"))
  (define crashPort (param "CRASH_PORT"))
  (define isRosettaTranslated (param "IS_ROSETTA_TRANSLATED"))

@@ -36,7 +37,8 @@ static const char SandboxPolicyUtility[] = R"SANDBOX_LITERAL(
  (allow file-map-executable file-read*
    (subpath "/System/Library")
    (subpath "/usr/lib")
-    (subpath app-path))
+    (subpath app-path)
+    (subpath app-binary-path))

  (if (string? crashPort)
    (allow mach-lookup (global-name crashPort)))
--- a/security/sandbox/mac/moz.build
+++ b/security/sandbox/mac/moz.build
@@ -4,6 +4,9 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

+for var in ("MOZ_CHILD_PROCESS_BUNDLENAME",):
+    DEFINES[var] = '"%s"' % CONFIG[var]
+
 EXPORTS.mozilla += [
    "Sandbox.h",
    "SandboxPolicyContent.h",