static void SetUpSandboxEnvironment() { MOZ_ASSERT(nsDirectoryService::gService, "SetUpSandboxEnvironment relies on nsDirectoryService being initialized"); if (!IsSandboxTempDirRequired()) { return; } nsCOMPtr<nsIFile> sandboxedContentTemp; nsresult rv = nsDirectoryService::gService->Get(NS_APP_CONTENT_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile), getter_AddRefs(sandboxedContentTemp)); if (NS_WARN_IF(NS_FAILED(rv))) { return; } // Change the gecko defined temp directory to our sandbox-writable one. // Undefine returns a failure if the property is not already set. Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR); rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, sandboxedContentTemp); if (NS_WARN_IF(NS_FAILED(rv))) { return; } SetTmpEnvironmentVariable(sandboxedContentTemp); }
static void SetUpSandboxEnvironment() { MOZ_ASSERT(nsDirectoryService::gService, "SetUpSandboxEnvironment relies on nsDirectoryService being initialized"); if (!IsSandboxTempDirRequired()) { return; } nsAdoptingString tempDirSuffix = Preferences::GetString("security.sandbox.content.tempDirSuffix"); if (tempDirSuffix.IsEmpty()) { NS_WARNING("Sandbox-writable temp directory suffix pref not set."); return; } // Get the parent of our sandbox writable temp directory. nsCOMPtr<nsIFile> lowIntegrityTemp; nsresult rv = nsDirectoryService::gService->Get(SandboxTempDirParent(), NS_GET_IID(nsIFile), getter_AddRefs(lowIntegrityTemp)); if (NS_WARN_IF(NS_FAILED(rv))) { return; } // Append our profile specific temp name. rv = lowIntegrityTemp->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix); if (NS_WARN_IF(NS_FAILED(rv))) { return; } // Change the gecko defined temp directory to our sandbox-writable one. // Undefine returns a failure if the property is not already set. Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR); rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, lowIntegrityTemp); if (NS_WARN_IF(NS_FAILED(rv))) { return; } }