[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser-bundle/master] Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2



commit f55cbeea243675db8acf1015ca7e1ceed39f0933
Author: Kathy Brade <brade@xxxxxxxxxxxxxxxxx>
Date:   Tue Jan 17 10:27:25 2017 -0500

    Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
    
    Allow full read access to all files under /usr/lib.
    Allow full read access to /Library/Preferences/com.apple.ViewBridge.plist.
    Allow writes to TorBrowser-Data/Browser/profiles.ini (otherwise, a new
      browser profile is created each time the browser is opened).
---
 Bundle-Data/mac-sandbox/tb.sb | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/Bundle-Data/mac-sandbox/tb.sb b/Bundle-Data/mac-sandbox/tb.sb
index eda7a1f..385e914 100644
--- a/Bundle-Data/mac-sandbox/tb.sb
+++ b/Bundle-Data/mac-sandbox/tb.sb
@@ -28,6 +28,7 @@
 
 (allow file-read*
        (path "/Library/Preferences/com.apple.HIToolbox.plist")
+       (path "/Library/Preferences/com.apple.ViewBridge.plist")
        (path "/Library/Preferences/.GlobalPreferences.plist")
        (path "/dev/random")
        (path "/dev/urandom")
@@ -41,6 +42,7 @@
        (subpath "/Library/Fonts")
        (subpath "/System")
        (subpath "/private/var/folders")
+       (subpath "/usr/lib")
        (subpath "/usr/share")
        (home-subpath "/Downloads")
        (home-subpath "/Library/Input Methods")
@@ -66,7 +68,6 @@
        (path "/private/var/db/.AppleSetupDone")
        (path "/tmp")
        (path "/var")
-       (subpath "/usr/lib")
        (torbrowser-data-dir-path "/Tor/control.socket")
        (torbrowser-data-dir-path "/Tor/socks.socket")
        (path-regex "/private/tmp/Tor[-0-9]*/control.socket")
@@ -86,11 +87,6 @@
        (path "/Library/Preferences/.GlobalPreferences.plist")
 )
 
-; Disallow writes to the profiles ini file.
-(deny file-write*
-       (torbrowser-data-dir-subpath "/Browser/profiles.ini")
-)
-
 (allow iokit-open)
 
 (allow ipc-posix-shm

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits