Bug 1697865 - Add Win32k Lockdown Pref to Nightly Experiments r=preferences-reviewers,jaws,fluent-reviewers

Win32k Lockdown is getting to the point where we *could* have people in the community start testing. Let's make it easy for them! Differential Revision: https://phabricator.services.mozilla.com/D108255
2025-02-27 12:50:09 +00:00 · 2021-03-15 17:37:48 +00:00 · 2021-03-15 17:37:48 +00:00 · ae33288c2c
commit ae33288c2c
parent b59ae453a7
3 changed files with 26 additions and 7 deletions
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -9770,14 +9770,18 @@
  mirror: always
  do_not_use_directly: true # Consumers should use SandboxSettings to ask.

-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
+
 # Whether win32k is disabled for content processes.
 # true means win32k system calls are not permitted.
+# (This cannot be put behind the XP_WIN and MOZ_SANDBOX guards because
+#  "Nightly Experiments" has no way to filter options based on OS or other
+#  CPP defines, and it fails if the pref doesn't exist)
 - name: security.sandbox.content.win32k-disable
  type: RelaxedAtomicBool
  value: false
  mirror: always

+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
  # Note: win32k is currently _not_ disabled for GMP due to intermittent test
  # failures, where the GMP process fails very early. See bug 1449348.
 -   name: security.sandbox.gmp.win32k-disable
--- a/toolkit/components/featuregates/Features.toml
+++ b/toolkit/components/featuregates/Features.toml
@ -135,6 +135,16 @@ bug-numbers = [1643027]
 is-public = true
 default-value = false

+[win32-lockdown]
+title = "experimental-features-win32k-lockdown"
+description = "experimental-features-win32k-lockdown-description"
+restart-required = true
+preference = "security.sandbox.content.win32k-disable"
+type = "boolean"
+bug-numbers = [1697865]
+is-public = true
+default-value = false
+
 [fission]
 title = "experimental-features-fission"
 description = "experimental-features-fission-description"
--- a/toolkit/locales/en-US/toolkit/featuregates/features.ftl
+++ b/toolkit/locales/en-US/toolkit/featuregates/features.ftl
@ -78,6 +78,11 @@ experimental-features-webrtc-global-mute-toggles =
    .label = WebRTC Global Mute Toggles
 experimental-features-webrtc-global-mute-toggles-description = Add controls to the WebRTC global sharing indicator that allow users to globally mute their microphone and camera feeds.

+# Win32k Lockdown
+experimental-features-win32k-lockdown =
+    .label = Win32k Lockdown
+experimental-features-win32k-lockdown-description = Disable use of Win32k APIs in browser tabs. Provides an increase in security but may currently be unstable or glitchy. (Windows only)
+
 # JS JIT Warp project
 experimental-features-js-warp =
    .label = JavaScript JIT: Warp