Bug 1619466 - Make the blocklist variable BROWSER_PROCESS work. r=aklotz

The blocklist variable `BROWSER_PROCESS` did not work as expected.  Entries
defined there were blocked not only in the browser process but also in the
child process.

This patch makes sure entries in `BROWSER_PROCESS` are blocked only in the
browser process.

Differential Revision: https://phabricator.services.mozilla.com/D65248

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Toshihito Kikuchi 2020-03-08 19:47:17 +00:00
parent d51b1be41f
commit 17bf9c99ee
4 changed files with 18 additions and 7 deletions

View File

@ -186,6 +186,11 @@ static BlockAction CheckBlockInfo(const DllBlockInfo* aInfo, void* aBaseAddress,
return BlockAction::Allow;
}
if ((aInfo->mFlags & DllBlockInfo::BROWSER_PROCESS_ONLY) &&
(gBlocklistInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
return BlockAction::Allow;
}
if (aInfo->mMaxVersion == DllBlockInfo::ALL_VERSIONS) {
return BlockAction::Deny;
}

View File

@ -473,6 +473,11 @@ static NTSTATUS NTAPI patched_LdrLoadDll(PWCHAR filePath, PULONG flags,
goto continue_loading;
}
if ((info->mFlags & DllBlockInfo::BROWSER_PROCESS_ONLY) &&
(sInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
goto continue_loading;
}
unsigned long long fVersion = DllBlockInfo::ALL_VERSIONS;
if (info->mMaxVersion != DllBlockInfo::ALL_VERSIONS) {

View File

@ -36,10 +36,11 @@ struct DllBlockInfoT {
// only when we are a child process.
enum Flags {
FLAGS_DEFAULT = 0,
BLOCK_WIN8PLUS_ONLY = 1,
BLOCK_WIN8_ONLY = 2,
USE_TIMESTAMP = 4,
CHILD_PROCESSES_ONLY = 8
BLOCK_WIN8PLUS_ONLY = 1 << 0,
BLOCK_WIN8_ONLY = 1 << 1,
USE_TIMESTAMP = 1 << 2,
CHILD_PROCESSES_ONLY = 1 << 3,
BROWSER_PROCESS_ONLY = 1 << 4,
} mFlags;
bool IsVersionBlocked(const uint64_t aOther) const {

View File

@ -59,6 +59,7 @@ BLOCK_WIN8PLUS_ONLY = 'BLOCK_WIN8PLUS_ONLY'
BLOCK_WIN8_ONLY = 'BLOCK_WIN8_ONLY'
USE_TIMESTAMP = 'USE_TIMESTAMP'
CHILD_PROCESSES_ONLY = 'CHILD_PROCESSES_ONLY'
BROWSER_PROCESS_ONLY = 'BROWSER_PROCESS_ONLY'
SUBSTITUTE_LSP_PASSTHROUGH = 'SUBSTITUTE_LSP_PASSTHROUGH'
# Only these flags are available in the input script
@ -355,12 +356,11 @@ LSP_OUTPUT_SPEC = [
GENERATED_BLOCKLIST_FILES = [
BlocklistDescriptor('A11y', ['BROWSER_PROCESS'], outspec=A11Y_OUTPUT_SPEC),
# Child is not used by anything at the moment, so we'll just leave this
# descriptor commented out for now.
# BlocklistDescriptor('Child', ['ALL_PROCESSES', 'CHILD_PROCESSES']),
BlocklistDescriptor('Launcher', ALL_DEFINITION_LISTS, flagspec={
'BROWSER_PROCESS': {BROWSER_PROCESS_ONLY},
'CHILD_PROCESSES': {CHILD_PROCESSES_ONLY}}),
BlocklistDescriptor('Legacy', ALL_DEFINITION_LISTS, flagspec={
'BROWSER_PROCESS': {BROWSER_PROCESS_ONLY},
'CHILD_PROCESSES': {CHILD_PROCESSES_ONLY}}),
# Roughed-in for the moment; we'll enable this in bug 1238735
# BlocklistDescriptor('LSP', ALL_DEFINITION_LISTS, outspec=LSP_OUTPUT_SPEC),