From 27ae4de9b6d4d9a0a29e14ba64e45c6919685a61 Mon Sep 17 00:00:00 2001
From: Bob Owen <bobowencode@gmail.com>
Date: Tue, 16 Sep 2014 15:44:25 +0100
Subject: [PATCH] Bug 1068000 - Add client side chrome.* pipe rule for Windows
 content sandbox. r=tabraldes

---
 security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index f1c2d1843fcd..31ff8b84cb27 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -86,6 +86,14 @@ SandboxBroker::SetSecurityLevelForContentProcess(bool inWarnOnlyMode)
   result = mPolicy->SetAlternateDesktop(true);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
+  // Add the policy for the client side of a pipe. It is just a file
+  // in the \pipe\ namespace. We restrict it to pipes that start with
+  // "chrome." so the sandboxed process cannot connect to system services.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                            sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                            L"\\??\\pipe\\chrome.*");
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
+
   if (inWarnOnlyMode) {
     mozilla::warnonlysandbox::ApplyWarnOnlyPolicy(*mPolicy);
   }