Commit Graph

558 Commits

Author SHA1 Message Date
Jonathan Kew
17d57d21e1 Bug 1340351 - Allow sandboxed content process on macOS to access fonts synced by Adobe Creative Cloud. r=haik 2017-03-16 22:26:43 +00:00
Florian Quèze
37bbced84d Bug 1344711 - hand cleanup of remaining useless try blocks around get*Pref calls identified by eslint, r=jaws.
--HG--
extra : rebase_source : 18c027010838faba91f0ac699f9bde07f85500e7
2017-03-07 15:29:48 +01:00
Honza Bambas
654b5c9af9 Bug 1320458 - Make logging by sandboxed child processes to a file work on Windows, r=aklotz
MozReview-Commit-ID: 7eiW3Lo6q8Z
2017-03-06 17:42:31 +01:00
Haik Aftandilian
8f8a9f5255 Bug 1344106 - Remove Linux todos() now that Linux sandboxing is riding the trains. r=haik
MozReview-Commit-ID: 9tI2S6fEYkD

--HG--
extra : rebase_source : 0a5d00f8498861e7ea281e527b2be6b2c4e472d6
2017-03-03 09:50:29 +01:00
Bob Owen
d30aee57bf Bug 1339729: Remove wow_helper from Windows process sandboxing. r=glandium 2017-03-01 10:41:07 +00:00
David Parks
672079f03f Bug 1329328 - Permit sandboxed processes to access Flash temporary files. r=bobowen
Allows the creation/use of temp files when the user has already green-lit
the use of a file for write purposes in that folder.
2017-02-27 14:15:52 -08:00
Benjamin Bouvier
bcd3dcc6b3 Bug 1342385: Allow mremap on linux32 for wasm; r=jld
MozReview-Commit-ID: 82f8ryvd57S

--HG--
extra : rebase_source : 0e74611052853f149eb0fefe8fef849a8f8978b0
extra : amend_source : ff91bb31d45ca4783da391e519f10e3613f0f890
2017-02-24 13:18:57 +01:00
David Parks
7f64ae96ea Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.

--HG--
extra : rebase_source : f1ddd3bdfb52cef0a2dc8bfbae4ba5c78e7fd7eb
2017-01-20 08:27:57 -08:00
David Parks
26437f4ecd Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.

--HG--
extra : rebase_source : 4d5637bcdbeae605b0b99e9192598d48f371b698
2017-02-14 15:08:40 -08:00
Sebastian Hengst
68e7240c0c Backed out changeset 71b9ac06a60a (bug 1284897) 2017-02-21 23:13:29 +01:00
Sebastian Hengst
0155610268 Backed out changeset 0740284125d3 (bug 1284897) 2017-02-21 23:13:24 +01:00
David Parks
5b871d6f30 Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.

--HG--
extra : rebase_source : 309715aa2449d53456934495b1f5e854df599bfb
extra : histedit_source : 26761a6a33e4e5b2bb559caf3b3eb51c249f2bcd
2017-01-20 08:27:57 -08:00
David Parks
82eb0f3fdd Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.

--HG--
extra : rebase_source : e34e8b50101cc40ded26e80791052123b24c8243
extra : histedit_source : 69c9b2dc91546adbfdad03b5d43842809191ffb9
2017-02-14 15:08:40 -08:00
Jed Davis
a01b0b45dd Bug 1286865 - Step 4: Report rejected syscall info in Telemetry. r=gcp r=francois
MozReview-Commit-ID: 7R755WT1Ftu

--HG--
extra : rebase_source : 77356e29da9a02a3a4392be3de0e9e88ed9e131e
extra : histedit_source : 813980d967009d4270143ce3a503836c7337941f
2017-02-20 19:55:56 +01:00
Jed Davis
f0666046d6 Bug 1286865 - Step 2: Add XPCOM bindings for sandbox syscall reporter. r=gcp r=glandium
MozReview-Commit-ID: GERRsOJ7H2w

--HG--
extra : rebase_source : 8ff688150ccf417a266a663ed0973d4850f51e63
2017-01-30 18:50:41 -07:00
Jed Davis
f2fa27edca Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp
MozReview-Commit-ID: 8GfFo4xso65

--HG--
extra : rebase_source : 1596a79d65d30dc72d8b84fc4f1639de377f554a
2017-01-30 18:49:53 -07:00
Jed Davis
eb0d19601a Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
MozReview-Commit-ID: 1It6HNizbAc

--HG--
extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
2017-01-27 14:25:50 -07:00
Phil Ringnalda
87ae1a50e4 Backed out 5 changesets (bug 1284897) for mozilla::SandboxPermissions::RemovePermissionsForProcess crashes
Backed out changeset 19b2fcee13a9 (bug 1284897)
Backed out changeset a5171791437f (bug 1284897)
Backed out changeset 3ea8b8a18515 (bug 1284897)
Backed out changeset 21497a4e3bde (bug 1284897)
Backed out changeset 12e17d5f0fa9 (bug 1284897)
2017-02-16 22:14:15 -08:00
David Parks
3fd846f6a8 Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
2017-01-20 08:27:57 -08:00
David Parks
e9bcaf4cbe Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.
2017-02-14 15:08:40 -08:00
Wes Kocher
017c515285 Merge inbound to m-c a=merge
MozReview-Commit-ID: IKI0zVtF1n9
2017-02-15 16:18:13 -08:00
Bob Owen
209be0e8ce Bug 1339389: Remove legacy build config from Windows SandboxBroker moz.build. r=glandium
MozReview-Commit-ID: KA3dCxrCZRo
2017-02-15 08:31:14 +00:00
Matt Woodrow
0686551eab Bug 1325227 - Part 3: Allow child process to share semaphore handles with the parent/gpu processes. r=bobowen 2017-02-04 23:19:03 +13:00
Sylvestre Ledru
455bdf24fe Bug 1338086 - Remove useless else blocks in order to reduce complexity in security/sandbox/linux/ r=gcp
MozReview-Commit-ID: 5UWtAe6THd6

--HG--
extra : rebase_source : 17af6640439f209cb37e91552cf0f97043bd9e91
2017-02-09 10:56:05 +01:00
Sylvestre Ledru
26605e4a7d Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/sandbox/ r=gcp
MozReview-Commit-ID: Iwj7i07LkJ0

--HG--
extra : rebase_source : 88a71d78dd6d3e4cf603047a5714631b4ae4542b
2017-02-08 11:59:38 +01:00
Carsten "Tomcat" Book
775c0b6d2b Merge mozilla-central to mozilla-inbound 2017-02-07 14:14:38 +01:00
Haik Aftandilian
fe1e99cceb Bug 1333681 - Part 2 - Adds tests for reading of the profile dir; r=bobowen,gcp
Adds additional tests that try to read files and get directory listings from
both a web content process and a file content process.

Tests include attempting to read the profile directory and cookies file from
a web content process and validating that this is prevented by the sandbox
when the sandbox level (security.sandbox.content.level) is set high enough.
Only Mac (for now) uses a level that includes read access blocking of the
profile directory.

Tests also attempt to read the profile and cookies file from a file content
process which should be allowed.

MozReview-Commit-ID: KfyT9ohsuuG

--HG--
extra : rebase_source : f1c5aa2fef58a6bb859623072770ea918f8f4df1
2017-02-01 21:26:23 -08:00
Bob Owen
0b173d4f36 Bug 1321724: Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
MozReview-Commit-ID: 9cx2R6kMUwa
2017-02-07 10:59:43 +00:00
Carsten "Tomcat" Book
ac8a2fb906 Backed out changeset a608c5cc4ff8 (bug 1321725) for landing with wrong bug number
--HG--
extra : rebase_source : 1d7b5b836c1e67507c6592c11d1bfe50623eee84
2017-02-07 11:50:54 +01:00
Bob Owen
2ca65ce116 Bug 1321725: Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
MozReview-Commit-ID: 9cx2R6kMUwa
2017-02-07 10:38:24 +00:00
Jed Davis
467786d86a Bug 1335329 - Improve handling of mkdir() on preexisting directories in Linux sandbox file broker. r=gcp
If the path given doesn't have write+create permissions in the broker
policy, but does have MAY_ACCESS (i.e., if checking for its existence
with lstat() or access() would be allowed), then check for its existence
and fail with EEXIST the way the the real mkdir() would.

Note that mkdir() fails with EEXIST even the existing file isn't a
directory, including if it's a broken symlink.

MozReview-Commit-ID: 13Cwnq1nRrw

--HG--
extra : rebase_source : c37caa091583fa85a0a72ed62fa9f12a3523e8f4
2017-02-02 11:56:21 -07:00
Olli Pettay
5de2e3d5f6 Bug 1335323 - Move vector include to sandbox header to fix bustage. r=bustage-fix a=bustage-fix 2017-01-31 13:06:22 +01:00
Gian-Carlo Pascutto
aa1bdaad34 Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
MozReview-Commit-ID: 9P0bSLLKRWp

--HG--
extra : rebase_source : e1d2f34e5d0901614d88a583beecb704369ce478
2017-01-26 19:59:50 +01:00
Haik Aftandilian
9086ac87fb Bug 1332522 - Part 2 - Remove read restrictions from level 2 policy for file content processes; r=gcp
Update MacSandboxInfo struct to include file system read flag and remove
filesytem read restrictions from the file content process sandbox.

MozReview-Commit-ID: B9LPocvb0W3

--HG--
extra : rebase_source : 7c80335c28dbdb7146d2ad0b447959db5e06cf0f
2017-01-24 15:20:08 -08:00
Sebastian Hengst
e1d5db133e Backed out changeset e87ae43ca443 (bug 1330326) 2017-01-27 20:59:55 +01:00
Gian-Carlo Pascutto
0d2bf66dfd Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
MozReview-Commit-ID: 9P0bSLLKRWp

--HG--
extra : rebase_source : ab7d7da81459bd08c6aec7d7c89949ca7207471f
2017-01-26 19:59:50 +01:00
David Parks
990402c301 Bug 1317735 - Consolidate env vars for logging. r=jimm
Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged.  The pref defaults to true.  On Linux, only the environment variable is considered.

--HG--
extra : rebase_source : f67870a74795228548b290aec32d08552c068874
2017-01-23 12:46:49 -08:00
David Parks
033c45c4ef Bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default on. r=haik
Turns on sandbox denial logging if security.sandbox.logging.enabled is true.

Removes most sandbox violation messages but some related messages generated
by other processes will still get through.

--HG--
extra : rebase_source : 4f06e70d53b0f500cc85a869c5bd7f8ea20d8341
2017-01-17 15:47:13 -08:00
Chris Peterson
4d95c4db20 Bug 1330496 - Part 1: Remove MOZ_WIN_INHERIT_STD_HANDLES_PRE_VISTA support for inheriting stdout/stderr handles on XP. r=bobowen
MozReview-Commit-ID: B7qJdK2sjv5

--HG--
extra : rebase_source : 4053054009359c0a775dae5ad5e24ba74b4c7c7b
extra : amend_source : 3231886a86fd03ac52f3717e22f33a7b4dc41f54
extra : histedit_source : 4533b894f9894bf5c883943bc53b260faa2ae8b1
2017-01-10 23:50:16 -08:00
Eric Rahm
87cfbc1b65 Bug 1322735 - Remove MOZ_STACKWALKING define. r=glandium
With frame pointer omission disabled we should always have usable stacks on Windows. This allows us to remove the MOZ_STACKWALKING define as it will always be enabled.

MozReview-Commit-ID: 54xs3Hf1r4P

--HG--
extra : rebase_source : dfaf13fb4c2185985f4f074c338ccf1fef8f3c94
2016-12-20 15:11:36 -08:00
Haik Aftandilian
d144ed6ded Bug 1309394 - automated tests to validate content process sandboxing works as intended; r=bobowen,gcp
Adds security/sandbox/test/browser_content_sandbox_fs.js for validating content
sandbox file I/O restrictions.

Adds security/sandbox/test/browser_content_sandbox_syscalls.js for validating
OS-level calls are sandboxed as intended. Uses js-ctypes to invoke native
library routines. Windows tests yet to be added here.

Adds security/sandbox/test/browser_content_sandbox_utils.js with some
shared utility functions.

MozReview-Commit-ID: 5zfCLctfuN5

--HG--
extra : rebase_source : 4edd14220bcd18b15a3c522e44d7223547a79f43
2017-01-10 22:01:03 -08:00
Phil Ringnalda
1c2d0d367f Backed out 3 changesets (bug 1322735) for ASan leaks and xpcshell/selftest.py failures
CLOSED TREE

Backed out changeset 01cfc71ce542 (bug 1322735)
Backed out changeset 84c729c41230 (bug 1322735)
Backed out changeset b419aaefae95 (bug 1322735)
2017-01-10 20:17:34 -08:00
Eric Rahm
2e195de610 Bug 1322735 - Remove MOZ_STACKWALKING define. r=glandium
With frame pointer omission disabled we should always have usable stacks on Windows. This allows us to remove the MOZ_STACKWALKING define as it will always be enabled.

MozReview-Commit-ID: 54xs3Hf1r4P

--HG--
extra : rebase_source : 5fe27cdeeb464d81fbedc8c02ac187658bd759e7
2016-12-20 15:11:36 -08:00
Haik Aftandilian
ae26e69231 Bug 1324610 - Some printing permissions still needed by content processes; r=gcp
MozReview-Commit-ID: B7nPgf5Xc9x

--HG--
extra : rebase_source : ac689b4b264bef73266baec3e284f2eb6575da86
2017-01-03 14:33:14 -08:00
Haik Aftandilian
7e7b9330e3 Bug 1322716 - Remove /private/var regex from GMP sandbox rules. r=jesup, r=cpearce, r=gcp
MozReview-Commit-ID: I1Y2MOum5T3
2016-12-19 18:16:31 -08:00
Haik Aftandilian
05755370a0 Bug 1322370 - Disable camera access in the Mac content sandbox; r=jimm
MozReview-Commit-ID: CSEXN1B0Al8

--HG--
extra : rebase_source : cb83c181b11229587f6381ebf2f348d1ab4a6d9b
2016-12-06 12:34:15 -10:00
Bob Owen
badd6bf1b0 Bug 1273372 Part 4: Add AppLocker rules to GMP sandbox policy. r=aklotz 2016-12-22 11:11:07 +00:00
Bob Owen
01b653ad07 Bug 1273372 Part 3: Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz 2016-12-22 11:11:07 +00:00
Bob Owen
9d42290e8c Bug 1273372 Part 2: Re-apply change to allow network drives in sandbox rules with non-file device fix. r=aklotz 2016-02-01 08:59:00 +00:00
Bob Owen
fe98a5b119 Bug 1273372 Part 1: Backout change to allow network drives in sandbox rules. r=backout 2016-12-22 11:11:06 +00:00