Changes

* Windows Content Process** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchpriority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=whiteboardallwordssubstr&query_format=advanced&status_whiteboard=sb%3Asbwc1 sbwc12B&v1=meta&list_id=13711690 P1]*** low integrity sandbox support*** Roll out level 1 sandbox policy to release. (completed, fx50)** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchlist_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=whiteboardsb%3Asbwc2 sbwc22B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]*** file:/// isolation*** User token removal, to limit User directory file access*** use JOB_RESTRICTED to apply further global restrictions*** printing tests*** roll out level 3 to release * OSX Content Process** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchpriority=P3&f1=whiteboardkeywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%3Asbmc1 sbmc12B&v1=meta P3]*** Roll out level 1 OSX security sandbox access ruleset. (completed, fx52)*** Prevent file system write access<br>** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchproduct=Core&component=whiteboardSecurity%3Asbmc2 sbmc23A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full Bug List]*** Home directory read access restrictions*** file:/// isolation *** roll out level2 OSX sandbox to release * Linux Content Process** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchpriority=--&f1=status_whiteboard&o1=notsubstring&resolution=whiteboard%3Asblc1 sblc1]*** enable (heavily perforated) seccomp-bpf filter by default in Nightly** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch--&query_format=advanced&v1=meta&component=whiteboardSecurity%3A%3Asblc2 sblc220Process%20Sandboxing&product=Core&list_id=13711687 No priority set]*** land basic file system broker*** remove/restrict file system write access*** roll out entry level file broker to release** [https://bugzilla.mozilla.org/buglist.cgi?quicksearchkeywords=whiteboard%3Asblc3 sblc3]*** remove/restrict file system read access*** file:/// isolation?*** remote pulseaudio work (BLOCKED on media work, TBD) * Windows 64meta&keywords_type=allwords&resolution=---bit NPAPI** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch&query_format=advanced&component=whiteboardSecurity%3Asbwn1 sbwn13A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]** (completed, fx52)