Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-27 23:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1734470 - Add MITIGATION_DYNAMIC_CODE_DISABLE back to socket process sandboxing, r=bobowen,necko-reviewers,valentin

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D138204
This commit is contained in:
Kershaw Chang 2022-02-10 09:09:59 +00:00
parent ce3539943c
commit ef25b1a6f3
4 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
netwerk/ipc/SocketProcessChild.cpp
View File

@ -681,6 +681,8 @@ mozilla::ipc::IPCResult SocketProcessChild::RecvInitProxyAutoConfigChild(
Endpoint<PProxyAutoConfigChild>&& aEndpoint) {
// For parsing PAC.
if (!sInitializedJS) {
JS::DisableJitBackend();
const char* jsInitFailureReason = JS_InitWithFailureDiagnostic();
if (jsInitFailureReason) {
MOZ_CRASH_UNSAFE(jsInitFailureReason);

3
netwerk/test/unit/test_protocolproxyservice.js
View File

@ -1047,8 +1047,7 @@ function localhost_callback(pi) {
prefs.setIntPref("network.proxy.type", 0);
// Due to the sandbox limitation on windows, we can't test this on windows.
if (mozinfo.socketprocess_networking && again && mozinfo.os != "win") {
if (mozinfo.socketprocess_networking && again) {
info("run test again");
again = false;
cleanUp();

3
netwerk/test/unit/test_trr_proxy.js
View File

@ -144,8 +144,7 @@ add_task(async function test_pac_dnsResolve() {
await do_test_pac_dnsResolve();
// Due to the sandbox limitation on windows, we can't test this on windows.
if (mozinfo.socketprocess_networking && mozinfo.os != "win") {
if (mozinfo.socketprocess_networking) {
info("run test again");
Services.prefs.clearUserPref("network.proxy.type");
trr_clear_prefs();

9
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View File

@ -1192,18 +1192,13 @@ bool SandboxBroker::SetSecurityLevelForSocketProcess() {
}
mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
sandbox::MITIGATION_DLL_SEARCH_ORDER;
sandbox::MITIGATION_DLL_SEARCH_ORDER |
sandbox::MITIGATION_DYNAMIC_CODE_DISABLE;
if (exceptionModules.isNothing()) {
mitigations |= sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;
}
// TODO: MITIGATION_DYNAMIC_CODE_DISABLE will be always added to mitigations
// in bug 1734470.
if (!StaticPrefs::network_proxy_parse_pac_on_socket_process()) {
mitigations |= sandbox::MITIGATION_DYNAMIC_CODE_DISABLE;
}
result = mPolicy->SetDelayedProcessMitigations(mitigations);
SANDBOX_ENSURE_SUCCESS(result,
"Invalid flags for SetDelayedProcessMitigations.");