From 0447215abf836bbb8eef53aeccf029dd40bd1a52 Mon Sep 17 00:00:00 2001
From: Jeff Gilbert <jgilbert@mozilla.com>
Date: Sun, 12 Apr 2020 21:21:32 +0000
Subject: [PATCH] Bug 1623885 - Add "subsystem" to Mesa sandbox policy to fix
 libdrm-2.4.101+. r=gcp, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D70579
---
 .../linux/broker/SandboxBrokerPolicyFactory.cpp        | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index 3aa7cf27e353..0b3948ebd92e 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -86,10 +86,12 @@ static void AddMesaSysfsPaths(SandboxBroker::Policy* aPolicy) {
             // broker.  To match this, allow the canonical paths.
             UniqueFreePtr<char[]> realSysPath(realpath(sysPath.get(), nullptr));
             if (realSysPath) {
-              static const Array<const char*, 7> kMesaAttrSuffixes = {
-                  "revision",         "vendor", "device", "subsystem_vendor",
-                  "subsystem_device", "uevent", "config"};
-              for (const auto attrSuffix : kMesaAttrSuffixes) {
+              constexpr const char* kMesaAttrSuffixes[] = {
+                  "config",    "device",           "revision",
+                  "subsystem", "subsystem_device", "subsystem_vendor",
+                  "uevent",    "vendor",
+              };
+              for (const auto& attrSuffix : kMesaAttrSuffixes) {
                 nsPrintfCString attrPath("%s/%s", realSysPath.get(),
                                          attrSuffix);
                 aPolicy->AddPath(rdonly, attrPath.get());
-- 
2.26.2