mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 11:55:49 +00:00
Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9. MozReview-Commit-ID: IXsg2nGOqoa --HG-- extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
This commit is contained in:
parent
3e0685deec
commit
ecee115838
@ -987,7 +987,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
||||
switch (mProcessType) {
|
||||
case GeckoProcessType_Content:
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
if (!PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX")) {
|
||||
if (mSandboxLevel > 0 &&
|
||||
!PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX")) {
|
||||
mSandboxBroker.SetSecurityLevelForContentProcess(mSandboxLevel);
|
||||
cmdLine.AppendLooseValue(UTF8ToWide("-sandbox"));
|
||||
shouldSandboxCurrentProcess = true;
|
||||
|
@ -111,7 +111,7 @@ SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel)
|
||||
accessTokenLevel = sandbox::USER_LIMITED;
|
||||
initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
|
||||
delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
|
||||
} else if (aSandboxLevel == 2) {
|
||||
} else if (aSandboxLevel >= 2) {
|
||||
jobLevel = sandbox::JOB_INTERACTIVE;
|
||||
accessTokenLevel = sandbox::USER_INTERACTIVE;
|
||||
initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
|
||||
@ -122,10 +122,8 @@ SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel)
|
||||
initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
|
||||
delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
|
||||
} else {
|
||||
jobLevel = sandbox::JOB_NONE;
|
||||
accessTokenLevel = sandbox::USER_NON_ADMIN;
|
||||
initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
|
||||
delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
|
||||
MOZ_ASSERT_UNREACHABLE("Should not be called with aSandboxLevel < 1");
|
||||
return false;
|
||||
}
|
||||
|
||||
sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel,
|
||||
@ -146,24 +144,22 @@ SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel)
|
||||
ret = ret && (sandbox::SBOX_ALL_OK == result);
|
||||
}
|
||||
|
||||
if (aSandboxLevel >= 1) {
|
||||
sandbox::MitigationFlags mitigations =
|
||||
sandbox::MITIGATION_BOTTOM_UP_ASLR |
|
||||
sandbox::MITIGATION_HEAP_TERMINATE |
|
||||
sandbox::MITIGATION_SEHOP |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK |
|
||||
sandbox::MITIGATION_DEP;
|
||||
sandbox::MitigationFlags mitigations =
|
||||
sandbox::MITIGATION_BOTTOM_UP_ASLR |
|
||||
sandbox::MITIGATION_HEAP_TERMINATE |
|
||||
sandbox::MITIGATION_SEHOP |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK |
|
||||
sandbox::MITIGATION_DEP;
|
||||
|
||||
result = mPolicy->SetProcessMitigations(mitigations);
|
||||
ret = ret && (sandbox::SBOX_ALL_OK == result);
|
||||
result = mPolicy->SetProcessMitigations(mitigations);
|
||||
ret = ret && (sandbox::SBOX_ALL_OK == result);
|
||||
|
||||
mitigations =
|
||||
sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
|
||||
sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
||||
mitigations =
|
||||
sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
|
||||
sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
||||
|
||||
result = mPolicy->SetDelayedProcessMitigations(mitigations);
|
||||
ret = ret && (sandbox::SBOX_ALL_OK == result);
|
||||
}
|
||||
result = mPolicy->SetDelayedProcessMitigations(mitigations);
|
||||
ret = ret && (sandbox::SBOX_ALL_OK == result);
|
||||
|
||||
// Add the policy for the client side of a pipe. It is just a file
|
||||
// in the \pipe\ namespace. We restrict it to pipes that start with
|
||||
|
Loading…
Reference in New Issue
Block a user