Bug 1294641 - whitelist reads from the .app directory in the macOS sa…

…ndbox r=froydnj,haik

This patch does a few things:
a) Adds the resources location from the .app directory to the read whitelist
b) When it's a non-packaged build, mach run (and various mach tests) set an environment variable for the repo location which we allow reads from.

r=haik,froydnj

MozReview-Commit-ID: KNvAoUs5Ati

dom/ipc/ContentChild.cpp

@@ -59,6 +59,7 @@
 #include "mozilla/layout/RenderFrameChild.h"
 #include "mozilla/net/NeckoChild.h"
 #include "mozilla/net/CaptivePortalService.h"
+#include "mozilla/Omnijar.h"
 #include "mozilla/plugins/PluginInstanceParent.h"
 #include "mozilla/plugins/PluginModuleParent.h"
 #include "mozilla/widget/ScreenManager.h"
@@ -1225,7 +1226,7 @@ GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
   if (!dirSvc) {
     return false;
   }
-  rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR,
+  rv = dirSvc->Get(NS_GRE_DIR,
                    NS_GET_IID(nsIFile), getter_AddRefs(appDir));
   if (NS_FAILED(rv)) {
     return false;
@@ -1259,6 +1260,18 @@ GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
   return true;
 }
 
+// Returns whether or not the currently running build is a development build -
+// where development build means "the files in the .app are symlinks to the src
+// directory". This check is implemented by looking for omni.ja in
+// .app/Contents/Resources/.
+static bool
+IsDevelopmentBuild()
+{
+  nsCOMPtr<nsIFile> path = mozilla::Omnijar::GetPath(mozilla::Omnijar::GRE);
+  // If the path doesn't exist, we're a dev build.
+  return path == nullptr;
+}
+
 static bool
 StartMacOSContentSandbox()
 {
@@ -1302,6 +1315,13 @@ StartMacOSContentSandbox()
   }
 
   bool isFileProcess = cc->GetRemoteType().EqualsLiteral(FILE_REMOTE_TYPE);
+  char *developer_repo_dir = nullptr;
+  if (IsDevelopmentBuild()) {
+    // If this is a developer build the resources in the .app are symlinks to
+    // outside of the .app. Therefore in non-release builds we allow reads from
+    // the whole repository. MOZ_DEVELOPER_REPO_DIR is set by mach run.
+    developer_repo_dir = PR_GetEnv("MOZ_DEVELOPER_REPO_DIR");
+  }
 
   MacSandboxInfo info;
   info.type = MacSandboxType_Content;
@@ -1311,7 +1331,11 @@ StartMacOSContentSandbox()
                    PR_GetEnv("MOZ_SANDBOX_LOGGING");
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
-  info.appDir.assign(appDir.get());
+  if (developer_repo_dir != nullptr) {
+    info.appDir.assign(developer_repo_dir);
+  } else {
+    info.appDir.assign(appDir.get());
+  }
   info.appTempDir.assign(tempDirPath.get());
 
   if (profileDir) {

layout/tools/reftest/mach_commands.py

@@ -222,6 +222,7 @@ def run_crashtest(self, **kwargs):
         return self._run_reftest(**kwargs)
 
     def _run_reftest(self, **kwargs):
+        kwargs["topsrcdir"] = self.topsrcdir
         process_test_objects(kwargs)
         reftest = self._spawn(ReftestRunner)
         if conditions.is_android(self):

layout/tools/reftest/runreftest.py

@@ -362,6 +362,7 @@ def buildBrowserEnv(self, options, profileDir):
         browserEnv = self.environment(
             xrePath=options.xrePath, debugger=options.debugger)
         browserEnv["XPCOM_DEBUG_BREAK"] = "stack"
+        browserEnv["MOZ_DEVELOPER_REPO_DIR"] = options.topsrcdir
 
         if mozinfo.info["asan"]:
             # Disable leak checking for reftests for now

python/mozbuild/mozbuild/mach_commands.py

@@ -1182,7 +1182,9 @@ def run(self, params, remote, background, noprofile, disable_e10s,
                 args.append('-profile')
                 args.append(path)
 
-        extra_env = {}
+        extra_env = {
+            'MOZ_DEVELOPER_REPO_DIR': self.topsrcdir,
+        }
 
         if not enable_crash_reporter:
             extra_env['MOZ_CRASHREPORTER_DISABLE'] = '1'

testing/mochitest/mach_commands.py

@@ -139,6 +139,7 @@ def run_desktop_test(self, context, tests=None, suite=None, **kwargs):
             logging.getLogger().removeHandler(handler)
 
         options = Namespace(**kwargs)
+        options.topsrcdir = self.topsrcdir
 
         from manifestparser import TestManifest
         if tests and not options.manifestFile:

testing/mochitest/mochitest_options.py

@@ -1002,6 +1002,9 @@ def validate(self, parser, options, context):
         if options.xrePath is None:
             options.xrePath = options.utilityPath
 
+        if build_obj:
+            options.topsrcdir = build_obj.topsrcdir
+
         if options.pidFile != "":
             f = open(options.pidFile, 'w')
             f.write("%s" % os.getpid())

testing/mochitest/runtests.py

@@ -1577,6 +1577,9 @@ def buildBrowserEnv(self, options, debugger=False, env=None):
             dmdPath=options.dmdPath,
             lsanPath=lsanPath)
 
+        if hasattr(options, "topsrcdir"):
+            browserEnv["MOZ_DEVELOPER_REPO_DIR"] = options.topsrcdir
+
         # These variables are necessary for correct application startup; change
         # via the commandline at your own risk.
         browserEnv["XPCOM_DEBUG_BREAK"] = "stack"

testing/xpcshell/runxpcshelltests.py

@@ -921,6 +921,7 @@ def buildCoreEnvironment(self):
         # enable non-local connections for the purposes of local testing.
         # Don't override the user's choice here.  See bug 1049688.
         self.env.setdefault('MOZ_DISABLE_NONLOCAL_CONNECTIONS', '1')
+        self.env["MOZ_DEVELOPER_REPO_DIR"] = self.mozInfo["topsrcdir"]
 
     def buildEnvironment(self):
         """