Use RLBox for sandboxing Graphite on macOS

In https://bugzilla.mozilla.org/show_bug.cgi?id=1610149 and child tickets Mozilla landed support for RLBox sandboxing Graphite on macOS as well. This ticket tracks the work for backporting the patches for Tor Browser.

Trac:
Parent Ticket: #32379 (moved)
Child Ticket(s): #33481 (moved), #33487 (moved)

added GeorgKoppen202006 TorBrowserTeam202006 component::applications/tor browser owner::tbb-team parent::32379 priority::medium severity::normal status::needs-revision tbb-security type::task labels

Similarly to what I did in #32380 (moved) here come the commits/Mozilla bugs I considered according to when they landed on mozilla-central (oldest first):

1610994 (77d72088ad9a86b3942d64f4d77d3e9460e00baf) (x)
1615201 (5e113e2cf961f76fd42a09e80c05eb7d21778e5c) (okay to leave out)
1610991 (4fbd7a0f7c66b8b1356b3ba337658b0222acda77) (can skip)
1610986 (a3d8f9303d2d859785409cc285022c104b2a17d9) (okay to leave out) (part 1)
1610986 (9df9f90a4ac17db7a0a8f2edc201fb644e99e738) (x) (part 2)
1610986 (3f2d9684cba9974a7b0554fe7f6e346ea63a90ea) (x) (part 3)
1610986 (b5ec5b84be405ef930aec26cec4d9453deef34ff) (x) (part 4)
1615595 (543b59831b33e7b7aab0f268e21b22d5493a9cd9) (okay to leave out)
1615786 (826acb823b21570c9ee4dd45d7a3fe9a732cfe4e) (x)
1610149 (017d4d5cdf2a8013f373528b989bb38acc8f0581) (x) (part 1)
1610149 (9871aad8ea0fca48b4a9dc297beaca9b3db89429) (x) (part 2)
1610149 (4cbe8542acee1486bdcc11d0b1593894dc1574d6) (okay to leave out)

As before I just picked the ones with "x" and the other were strictly speaking no browser patches we needed (e.g. I bumped the lucetc version in our tor-browser-build repo in #33410 (moved)). The result is on bug_33410_v2 (https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_33410_v2) up for review.

I leave the ticket state as-is for now as I hope I can put up the final patch for our tor-browser-build repo, too, in this ticket, so that we have everything in one ticket this time.

bug_33410_v3 (https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_33410_v3) has a small bugfix that fixes build bustage. So, that's the one for review now.

bug_33410_v4 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_33410_v4&id=c57883e4a5a42e52ed07eb9b4d17d6445bee23d0) has the patch for enabling sandboxing Graphite on macOS, which includes the browser patches I put above up for review.

I am not sure whether things are working yet as I don't have a functional macOS system around. I've uploaded a test build for those that do, though:

https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly.2020.02.29_33410_osx64_en-US.dmg https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly.2020.02.29_33410_osx64_en-US.dmg.asc

Trac:
Keywords: N/A deleted, TorBrowserTeam202002R added
Cc: N/A to brade, mcs, tbb-team

Trac:
Status: new to needs_review

We are no longer in February moving reviews

Trac:
Keywords: TorBrowserTeam202002R deleted, TorBrowserTeam202003R added

Replying to gk:

bug_33410_v4 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_33410_v4&id=c57883e4a5a42e52ed07eb9b4d17d6445bee23d0) has the patch for enabling sandboxing Graphite on macOS, which includes the browser patches I put above up for review.

I updated the patch to take feedback from comment:8:ticket:32389 into account. The new patch to review is at bug_33410_v5 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_33410_v5&id=ad993cef7174f227dbc1249f2717bda3510ccf2f) in my tor-browser-build user repo.

We are no longer in March

Trac:
Keywords: TorBrowserTeam202003R deleted, TorBrowserTeam202004R added

Trac:
Reviewer: N/A to pospeselr

Trac:
Keywords: TorBrowserTeam202004R, GeorgKoppen202002 deleted, GeorgKoppen202006, TorBrowserTeam202006 added
Reviewer: pospeselr to N/A
Status: needs_review to needs_revision

mentioned in issue #32379 (moved)

mentioned in issue #33481 (moved)

mentioned in issue #33487 (moved)

moved to tpo/applications/tor-browser-build#33410 (closed)