Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-05 22:05:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1068000 - Add client side chrome.* pipe rule for Windows content sandbox. r=tabraldes

Browse Source
This commit is contained in:
Bob Owen 2014-09-16 15:44:25 +01:00
parent eab4f246d5
commit 27ae4de9b6
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View File

@ -86,6 +86,14 @@ SandboxBroker::SetSecurityLevelForContentProcess(bool inWarnOnlyMode)
result = mPolicy->SetAlternateDesktop(true);
ret = ret && (sandbox::SBOX_ALL_OK == result);
// Add the policy for the client side of a pipe. It is just a file
// in the \pipe\ namespace. We restrict it to pipes that start with
// "chrome." so the sandboxed process cannot connect to system services.
result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
sandbox::TargetPolicy::FILES_ALLOW_ANY,
L"\\??\\pipe\\chrome.*");
ret = ret && (sandbox::SBOX_ALL_OK == result);
if (inWarnOnlyMode) {
mozilla::warnonlysandbox::ApplyWarnOnlyPolicy(*mPolicy);
}