# --- T2-COPYRIGHT-BEGIN ---
# t2/package/*/firefox/sandbox-fonts.patch
# Copyright (C) 2020 - 2025 The T2 SDE Project
# SPDX-License-Identifier: GPL-2.0 or patched project license
# --- T2-COPYRIGHT-END ---

Adapt sandbox broker policy allow-list to the font path we actually use.

-- Signed-off-by: René Rebe <rene@exactcode.de>

--- firefox-134.0.2/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp.vanilla	2025-01-31 11:28:23.618931553 +0100
+++ firefox-134.0.2/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp	2025-01-31 11:31:03.809925166 +0100
@@ -458,17 +458,12 @@
   policy->AddTree(rdonly, "/usr/share");
   policy->AddTree(rdonly, "/usr/local/share");
   // Various places where fonts reside
-  policy->AddTree(rdonly, "/usr/X11R6/lib/X11/fonts");
-  policy->AddTree(rdonly, "/nix/store");
-  // https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf
-  policy->AddTree(rdonly, "/run/host/fonts");
-  policy->AddTree(rdonly, "/run/host/user-fonts");
-  policy->AddTree(rdonly, "/run/host/local-fonts");
-  policy->AddTree(rdonly, "/var/cache/fontconfig");
+  
+  policy->AddTree(rdonly, "/usr/X11/share/fonts");
+  policy->AddTree(rdonly, "/usr/X11/lib/X11/fonts");
 
   // Bug 1848615
   policy->AddPath(rdonly, "/usr");
-  policy->AddPath(rdonly, "/nix");
 
   AddLdconfigPaths(policy);
   AddLdLibraryEnvPaths(policy);