Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell

* We change `InitializeDllBlocklistOOP` to be able to set the correct flags when initializing a sandbox child process. * We change the freestanding DLL blocklist code to be sensitive to the `CHILD_PROCESSES_ONLY` flag; * We move the declaration of `gBlocklistInitFlags` to `WindowsDllBlocklist.h` so that it is visible to more code. Differential Revision: https://phabricator.services.mozilla.com/D53674 --HG-- extra : moz-landing-system : lando
2025-01-13 07:24:47 +00:00 · 2019-12-06 22:00:18 +00:00 · 2019-12-06 22:00:18 +00:00 · b43c0975e4
commit b43c0975e4
parent 1ebde9174f
3 changed files with 15 additions and 5 deletions
--- a/browser/app/winlauncher/DllBlocklistInit.cpp
+++ b/browser/app/winlauncher/DllBlocklistInit.cpp
@ -17,8 +17,6 @@
 #include "DllBlocklistInit.h"
 #include "freestanding/DllBlocklist.h"

-extern uint32_t gBlocklistInitFlags;
-
 #if defined(_MSC_VER)
 extern "C" IMAGE_DOS_HEADER __ImageBase;
 #endif
@ -101,6 +99,13 @@ LauncherVoidResult InitializeDllBlocklistOOP(const wchar_t* aFullImagePath,

  // Tell the mozglue blocklist that we have bootstrapped
  uint32_t newFlags = eDllBlocklistInitFlagWasBootstrapped;
+
+  if (gBlocklistInitFlags & eDllBlocklistInitFlagWasBootstrapped) {
+    // If we ourselves were bootstrapped, then we are starting a child process
+    // and need to set the appropriate flag.
+    newFlags |= eDllBlocklistInitFlagIsChildProcess;
+  }
+
  ok = !!::WriteProcessMemory(aChildProcess, &gBlocklistInitFlags, &newFlags,
                              sizeof(newFlags), &bytesWritten);
  if (!ok || bytesWritten != sizeof(newFlags)) {
--- a/browser/app/winlauncher/freestanding/DllBlocklist.cpp
+++ b/browser/app/winlauncher/freestanding/DllBlocklist.cpp
@ -9,6 +9,7 @@
 #include "mozilla/BinarySearch.h"
 #include "mozilla/NativeNt.h"
 #include "mozilla/Types.h"
+#include "mozilla/WindowsDllBlocklist.h"

 #include "DllBlocklist.h"
 #include "LoaderPrivateAPI.h"
@ -180,9 +181,8 @@ static BlockAction CheckBlockInfo(const DllBlockInfo* aInfo, void* aBaseAddress,
    }
  }

-  // We're not bootstrapping child processes at this time, so this case is
-  // always true.
-  if (aInfo->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) {
+  if ((aInfo->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) &&
+      !(gBlocklistInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
    return BlockAction::Allow;
  }

--- a/mozglue/dllservices/WindowsDllBlocklist.h
+++ b/mozglue/dllservices/WindowsDllBlocklist.h
@ -22,6 +22,11 @@ enum DllBlocklistInitFlags {
  eDllBlocklistInitFlagWasBootstrapped = 2
 };

+// Only available from within firefox.exe
+#  if !defined(IMPL_MFBT) && !defined(MOZILLA_INTERNAL_API)
+extern uint32_t gBlocklistInitFlags;
+#  endif  // !defined(IMPL_MFBT) && !defined(MOZILLA_INTERNAL_API)
+
 MFBT_API void DllBlocklist_Initialize(
    uint32_t aInitFlags = eDllBlocklistInitFlagDefault);
 MFBT_API void DllBlocklist_WriteNotes(CrashReporter::AnnotationWriter& aWriter);