From bef4807107a76b340acc71cb2ac37e79df112e96 Mon Sep 17 00:00:00 2001 From: Bob Owen Date: Thu, 18 Jun 2015 12:01:38 +0100 Subject: [PATCH] Bug 1165895: Add NPAPI sandbox rule for the crash server pipe and x64 Temp dir write access. r=bbondy --- dom/plugins/ipc/PluginProcessParent.cpp | 8 ++++---- security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp index ac8399e334f0..966d3a33bfce 100644 --- a/dom/plugins/ipc/PluginProcessParent.cpp +++ b/dom/plugins/ipc/PluginProcessParent.cpp @@ -96,17 +96,17 @@ AddSandboxAllowedFiles(int32_t aSandboxLevel, // Level 2 and above is now using low integrity, so we need to give write // access to the Flash directories. + // This should be made Flash specific (Bug 1171396). AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, NS_LITERAL_STRING("\\Adobe\\Flash Player\\*")); -#if defined(_X86_) - // Write access to the Temp directory should only be needed for 32-bit as - // it is used to turn off protected mode, which only applies to x86. + // Write access to the Temp directory is used to turn off protected mode + // and is needed in some mochitest crash tests. + // Bug 1171393 tracks removing this requirement. AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_OS_TEMP_DIR, NS_LITERAL_STRING("\\*")); -#endif } #endif diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp index fa5087e4c632..3ed28d6d4aab 100644 --- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp +++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp @@ -240,6 +240,12 @@ SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) L"\\??\\pipe\\chrome.*"); ret = ret && (sandbox::SBOX_ALL_OK == result); + // Add the policy for the client side of the crash server pipe. + result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + L"\\??\\pipe\\gecko-crash-server-pipe.*"); + ret = ret && (sandbox::SBOX_ALL_OK == result); + // The NPAPI process needs to be able to duplicate shared memory to the // content process and broker process, which are Section type handles. // Content and broker are for e10s and non-e10s cases.