Bug 1381019 - Enable Win32k Lockdown by default in Nightly r=preferences-reviewers,fluent-reviewers,Gijs

It's time to graduate Win32k lockdown from Nightly Experiments to default on
Nightly.

Differential Revision: https://phabricator.services.mozilla.com/D136018
This commit is contained in:
Chris Martin 2022-01-17 14:43:08 +00:00
parent e18b1fe590
commit 22909c3fbf
3 changed files with 8 additions and 26 deletions

View File

@ -11347,18 +11347,15 @@
mirror: always
do_not_use_directly: true # Consumers should use SandboxSettings to ask.
# Whether win32k is disabled for content processes.
# true means win32k system calls are not permitted.
# (This cannot be put behind the XP_WIN and MOZ_SANDBOX guards because
# "Nightly Experiments" has no way to filter options based on OS or other
# CPP defines, and it fails if the pref doesn't exist)
- name: security.sandbox.content.win32k-disable
type: RelaxedAtomicBool
value: false
mirror: always
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
# Whether win32k is disabled for content processes.
# true means win32k system calls are not permitted.
- name: security.sandbox.content.win32k-disable
type: RelaxedAtomicBool
value: @IS_NIGHTLY_BUILD@
mirror: always
# Note: win32k is currently _not_ disabled for GMP due to intermittent test
# failures, where the GMP process fails very early. See bug 1449348.
- name: security.sandbox.gmp.win32k-disable

View File

@ -113,16 +113,6 @@ bug-numbers = [1643027]
is-public = true
default-value = false
[win32-lockdown]
title = "experimental-features-win32k-lockdown"
description = "experimental-features-win32k-lockdown-description"
restart-required = true
preference = "security.sandbox.content.win32k-disable"
type = "boolean"
bug-numbers = [1697865]
is-public = true
default-value = false
[url-bar-ime-search]
title = "experimental-features-ime-search"
description = "experimental-features-ime-search-description"

View File

@ -63,11 +63,6 @@ experimental-features-webrtc-global-mute-toggles =
.label = WebRTC Global Mute Toggles
experimental-features-webrtc-global-mute-toggles-description = Add controls to the WebRTC global sharing indicator that allow users to globally mute their microphone and camera feeds.
# Win32k Lockdown
experimental-features-win32k-lockdown =
.label = Win32k Lockdown
experimental-features-win32k-lockdown-description = Disable use of Win32k APIs in browser tabs. Provides an increase in security but may currently be unstable or glitchy. (Windows only)
# JS JIT Warp project
experimental-features-js-warp =
.label = JavaScript JIT: Warp