Security/Sandbox: Difference between revisions

Mac content processes use sandbox level 3. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Mac sandboxing uses a white list policy for all process types. Each policy begins with a statement to deny all access to system resources and then specifies the allowed resources. The level 3 sandbox allows file system read metadata access with full read access for specific system directories and some user directories, access to the microphone, access to various system services, windowserver, named sysctls and iokit properties, and other miscellaneous items. Work is ongoing to remove access to the microphone, windowserver, and other system services where possible. The sandbox blocks write access to all of the file system, read access to the profile directory (apart from the chrome and extensions subdirectories, read access to the home directory, inbound/outbound network I/O, exec, fork, printing, video input devices such as cameras. Older sandbox levels 1 and 2 are less restrictive. Mainly, level 2 allows file-read access to all of the filesystem except the ~/Library directory. Level 1 allows all file-read access. Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.