commit eefa6b4a5a0642a44e65bd4ff6582861bcca2e12
parent 46924cbe8792c8a59093ff3fff7520167b8117d9
Author: Bob Owen <bobowencode@gmail.com>
Date: Wed, 19 Nov 2025 19:55:22 +0000
Bug 2001149 - Get the user's AppData\Local dir directly from windows for sandbox rules. r=handyman
This means we can add user font rules for the profile picker gpu process.
Differential Revision: https://phabricator.services.mozilla.com/D273236
Diffstat:
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -249,6 +249,12 @@ static void AddCachedWindowsDirRule(
AddCachedDirRule(aConfig, aAccess, sWindowsSystemDir, aRelativePath);
return;
}
+ if (aFolderID == FOLDERID_LocalAppData) {
+ EnsureWindowsDirCached(FOLDERID_LocalAppData, sLocalAppDataDir,
+ "Failed to get Windows LocalAppData folder");
+ AddCachedDirRule(aConfig, aAccess, sLocalAppDataDir, aRelativePath);
+ return;
+ }
if (aFolderID == FOLDERID_LocalAppDataLow) {
// For LocalAppDataLow we also require the parent dir.
EnsureWindowsDirCached(FOLDERID_LocalAppDataLow, sLocalAppDataLowDir,
@@ -287,7 +293,6 @@ void SandboxBroker::GeckoDependentInitialize() {
}
CacheDirectoryServiceDir(dirSvc, NS_APP_USER_PROFILE_50_DIR, sProfileDir);
- CacheDirectoryServiceDir(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, sLocalAppDataDir);
#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
CacheDirectoryServiceDir(dirSvc, XRE_USER_SYS_EXTENSION_DIR,
sUserExtensionsDir);
@@ -1142,8 +1147,9 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
"what happened?");
} else {
// Add rule to allow access to user specific fonts.
- AddCachedDirRule(config, sandbox::FileSemantics::kAllowReadonly,
- sLocalAppDataDir, u"\\Microsoft\\Windows\\Fonts\\*"_ns);
+ AddCachedWindowsDirRule(config, sandbox::FileSemantics::kAllowReadonly,
+ FOLDERID_LocalAppData,
+ u"\\Microsoft\\Windows\\Fonts\\*"_ns);
// Add rule to allow read access to installation directory.
AddCachedDirRule(config, sandbox::FileSemantics::kAllowReadonly, sBinDir,
@@ -1354,17 +1360,19 @@ void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
AddShaderCachesToPolicy(&trackingConfig, aSandboxLevel);
- // The GPU process is launched without GeckoDependentInitialize for the
- // profile picker making sLocalAppDataDir null.
- if (aSandboxLevel >= 2 && sLocalAppDataDir) {
+ if (aSandboxLevel >= 2) {
// We don't want to add a rule directly here but use the same retrieval and
- // caching mechanism to get the Windows user profile dir.
+ // caching mechanism to get the Windows user's dirs.
EnsureWindowsDirCached(FOLDERID_Profile, sWindowsProfileDir,
"Failed to get Windows Profile folder");
- sandboxing::UserFontConfigHelper configHelper(
- LR"(Software\Microsoft\Windows NT\CurrentVersion\Fonts)",
- *sWindowsProfileDir, *sLocalAppDataDir);
- configHelper.AddRules(trackingConfig);
+ EnsureWindowsDirCached(FOLDERID_LocalAppData, sLocalAppDataDir,
+ "Failed to get Windows LocalAppDataLow folder");
+ if (sWindowsProfileDir && sLocalAppDataDir) {
+ sandboxing::UserFontConfigHelper configHelper(
+ LR"(Software\Microsoft\Windows NT\CurrentVersion\Fonts)",
+ *sWindowsProfileDir, *sLocalAppDataDir);
+ configHelper.AddRules(trackingConfig);
+ }
}
}
