Carsten "Tomcat" Book
038afacb9f
Backed out changeset 2ae22a66e02d (bug 1366694) for memory leaks
2017-07-11 13:14:55 +02:00
Carsten "Tomcat" Book
05734fd002
Backed out changeset 88b71119fbf8 (bug 1366694)
2017-07-11 13:14:38 +02:00
Carsten "Tomcat" Book
7e0d52f50e
Merge mozilla-central to inbound
2017-07-11 13:00:28 +02:00
Bob Owen
db58bdb9ca
Bug 1377555 Part 3: Don't use restricting SIDs when running from a network drive. r=jimm
2017-07-11 09:44:21 +01:00
Bob Owen
bbf27f0cae
Bug 1377555 Part 2: Add option to Windows chromium sandbox policy to not use restricting SIDs. r=jimm
2017-07-11 09:44:20 +01:00
Bob Owen
01f2685a30
Bug 1377555 Part 1: Back out changesets 04edb03fb817 and d17ac655cc51. r=jimm
...
This backouts the previous change to detect and change the sandbox policy
when running from a network drive.
2017-07-11 09:44:20 +01:00
Alex Gaynor
f514ff97b3
Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik
...
On macOS, the file-write* permission type contains numerous sub-permissions (see
bug for full listing). Restrict the ones we allow to only the two we need:
file-write-create and file-write-data. This primarily reduces kernel attack
surface, I'm not aware of any bad things that could be done directly with the
removed permissions.
MozReview-Commit-ID: 3VvjFesy2qx
--HG--
extra : rebase_source : 934ec17c44c9ef3d7fab29919d66cf1a55d57697
2017-07-07 11:05:01 -04:00
Wes Kocher
5dd57ee395
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: IVwrN2VivZT
2017-07-07 17:30:32 -07:00
Wes Kocher
fd4857585c
Merge autoland to central, a=merge
...
MozReview-Commit-ID: Lf7ROINgvql
2017-07-07 17:22:00 -07:00
Alex Gaynor
d40ad40466
Bug 1376976 - Restrict sysctl access in the content process to a whitelist of sysctl names. r=jld, r=haik
...
MozReview-Commit-ID: 14yoiP1gskM
2017-06-29 13:55:15 -07:00
Haik Aftandilian
c610a4c66b
Bug 1376163 - [10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta). r=Alex_Gaynor
...
Allow access to the "com.apple.audio.AudioComponentRegistrar" API on 10.13+ systems.
MozReview-Commit-ID: 8gWXvuXTNKi
--HG--
extra : rebase_source : 8abf9a2548d915a89adfa82580d46c1bc00726d8
2017-07-06 14:09:11 -07:00
Sylvestre Ledru
4e9cf83ee8
Bug 1378712 - Remove all trailing whitespaces r=Ehsan
...
MozReview-Commit-ID: Kdz2xtTF9EG
--HG--
extra : rebase_source : 7235b3802f25bab29a8c6ba40a181a722f3df0ce
2017-07-06 14:00:35 +02:00
Jed Davis
1a4ac1cd36
Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp
...
MozReview-Commit-ID: JoyYocxnk94
2017-07-07 08:58:50 -06:00
Jed Davis
1bc1050e9e
Bug 1372428 - Deal with fcntl() in media plugins. r=gcp
...
MozReview-Commit-ID: 9kBowGtSPYO
2017-07-07 08:58:45 -06:00
Jed Davis
b2df5f5afd
Bug 1372428 - Deal with uname() in media plugins. r=gcp
...
MozReview-Commit-ID: JVzjs80Yuex
2017-07-07 08:58:33 -06:00
Carsten "Tomcat" Book
7857fa0a5e
merge mozilla-inbound to mozilla-central a=merge
2017-07-06 11:18:05 +02:00
Gian-Carlo Pascutto
84f7ba492b
Bug 1377614 - Part 1 - Move IsDevelopmentBuild() to common code. r=Alex_Gaynor
...
MozReview-Commit-ID: AcO0XaMS4Gp
--HG--
extra : rebase_source : ec40a94545fa78ce0210a0614db82b7bcb7e8a97
2017-07-03 11:17:04 -07:00
Sebastian Hengst
8b1992d948
Backed out changeset 9137ed21a66f (bug 1377614) for bustage: not finding mozilla/SandboxSettings.h at netwerk/protocol/res/ExtensionProtocolHandler.cpp:46. r=backout
2017-07-05 22:51:58 +02:00
Gian-Carlo Pascutto
2032eb5262
Bug 1377614 - Part 1 - Move IsDevelopmentBuild() to common code. r=Alex_Gaynor
...
MozReview-Commit-ID: AcO0XaMS4Gp
--HG--
extra : rebase_source : 2fa012f693ad7855c2c6e7b8399edf3c0e734299
2017-07-03 11:17:04 -07:00
Alex Gaynor
53f0246cfd
Bug 1377164 - Improve the readability of the macOS plugin sandbox policy; r=haik
...
MozReview-Commit-ID: 9R8qT98ESQJ
--HG--
extra : rebase_source : 537f0dc3c46bee9b8e295689fbcbc8c63415c5d1
2017-06-29 10:53:04 -07:00
Phil Ringnalda
22cb9f77bb
Merge m-c to m-i
...
MozReview-Commit-ID: H6zGgEm7oOM
2017-07-04 20:32:07 -07:00
Jan Keromnes
09971ac7d3
Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp
2017-06-27 17:57:00 +02:00
Jan Keromnes
df076300b1
Bug 1376643 - Use 'nullptr' where applicable in security/sandbox/. r=gcp
2017-06-27 17:56:00 +02:00
Bob Owen
25e5ff4cde
Bug 1366694 Part 2: Don't run sandbox file system test in DEBUG on Windows. r=jimm
...
This is because in DEBUG mode we currently give full access to TEMP dir
for logging purposes and the temporary profile is created in the TEMP dir.
2017-07-11 09:44:20 +01:00
Bob Owen
ecbd6ca808
Bug 1366694 Part 1: Allow user handles in the content process job in DEBUG builds. r=jimm
2017-07-07 15:51:17 +01:00
Alex Gaynor
b636380391
Bug 1374557
- Part 1 - Add the ability to specify a list of paths to whitelist read access to in the macOS content sandbox; r=haik
...
MozReview-Commit-ID: HXBkyR7Tts2
--HG--
extra : rebase_source : 6daf50a4d7a4ff2ff85dfac43891149353e813aa
2017-06-21 10:19:28 -04:00
Alex Gaynor
bb1ea70f5f
Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik
...
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.
MozReview-Commit-ID: 6VqEoGsWSGH
--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
2017-04-18 15:57:54 -04:00
Wes Kocher
bfc45b98b9
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9XdoB5MuVz6
2017-07-05 17:17:41 -07:00
Bob Owen
1eb1c9091d
Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm
2017-07-05 21:00:55 +01:00
Carsten "Tomcat" Book
7918eeee02
merge mozilla-inbound to mozilla-central a=merge
2017-06-28 13:23:29 +02:00
Jed Davis
8e5d5bda0f
Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp
...
MozReview-Commit-ID: Gml8lR1Heu1
--HG--
extra : rebase_source : 6b466f887bd1802277a506295a9c6cc575196385
2017-06-27 14:52:25 -07:00
Gian-Carlo Pascutto
f2e7c8b77a
Bug 1374281. r=jld
...
MozReview-Commit-ID: Ko5m5i4Wkd6
--HG--
extra : rebase_source : 3076315ef3639a89f752addbb01d5d08a9c2db75
2017-06-19 20:07:38 +02:00
Bill McCloskey
f115503a0b
Bug 1372405
- Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Nicholas Nethercote
f1364a75ea
Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsSubstring --> nsAString
- nsCSubstring --> nsACString
--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
Florian Quèze
66f6d259bc
Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop.
2017-06-22 12:51:42 +02:00
Alex Gaynor
1141573ee9
Bug 1374660
- Removed redundant declarations from macOS content sandbox policy; r=haik
...
MozReview-Commit-ID: Gw6AnH8r9sL
--HG--
extra : rebase_source : 62bb4dc335ab3f38a42543a488d07129a8d92a33
2017-06-20 10:27:18 -04:00
Bob Owen
caa7e3c377
Bug 1368600: Add telemetry with the error code for when a Windows sandboxed child process fails to start. r=jimm, data-review=francois
2017-06-13 08:54:41 +01:00
Randell Jesup
b0a3a49ce8
Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld
...
Enables creating new libevent epoll queues on Linux
2017-06-13 01:54:20 -04:00
Jed Davis
da2db41a9c
Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp
...
MozReview-Commit-ID: HCbavpMUxYm
--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
2017-06-07 16:33:11 -06:00
Alex Gaynor
0403c42ccf
Bug 1371701 - Fixed sandboxing tests to reflect that we're enabling file content process for all channels r=bobowen
...
MozReview-Commit-ID: ICXZjEU2n6L
--HG--
extra : rebase_source : f28d5d61f6a0cdfecb2804239c407c730c4fd2ba
2017-06-09 11:24:07 -04:00
Bob Owen
a3df44ccee
Bug 1323188: Don't use restricting SIDs in the sandbox access tokens when running from a network drive. r=jimm
2017-06-07 20:20:02 +01:00
Jed Davis
039a1c2b5c
Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
...
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.
If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work. So we should avoid that.
MozReview-Commit-ID: 9xoBIhtu5cu
--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
2017-05-30 07:10:15 -06:00
Alex Gaynor
e43d5d424f
Bug 1370540 - Extend the level 3 content sandbox filesystem read blacklist to include /Network and /Users; r=haik
...
MozReview-Commit-ID: 6RfS5aYRghK
--HG--
extra : rebase_source : c8d084d42dc2b37e4a0642e1a72bdd514a68d465
2017-06-06 10:48:06 -04:00
Daniel Holbert
2a87f6e3c3
Bug 1369837: Add a void cast to silence clang Wcomma build warning, in sandbox's snapshot of chromium header. r=bobowen
...
The build warning is for "possible misuse of comma operator".
The comma operator is a bit of a footgun becasue its first operand's result
just gets dropped on the floor (in this case, the result of the DCHECK
expression). It appears that Chromium's use of the comma operator here is
intentional, though -- so we might as well accept clang's suggestion and "cast
expression to void to silence warning".
This is also filed upstream as:
https://bugs.chromium.org/p/chromium/issues/detail?id=729123
MozReview-Commit-ID: Al2xsYEo3p0
--HG--
extra : rebase_source : 68d01b50ff1f07b68ddc0eeb7280ac412ac92932
2017-06-02 12:45:01 -07:00
Jed Davis
b129f08d7f
Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp
...
MozReview-Commit-ID: B4LmSGR6OEz
--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
2017-05-30 23:13:37 -06:00
Alex Gaynor
d27dc0ba0b
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
2017-05-12 17:04:42 -04:00
Sebastian Hengst
fd03aa5bc8
Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
2017-05-31 21:34:13 +02:00
Alex Gaynor
39f34ea898
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
2017-05-12 17:04:42 -04:00
Alex Gaynor
1532472698
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
...
r?haik
MozReview-Commit-ID: HPW4luz5n0M
--HG--
extra : rebase_source : c224b56de4b705758e2ab7820af02a4ef41d4040
2017-05-30 13:52:57 -04:00
Jed Davis
f6b03fa260
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
...
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
2017-04-11 20:55:34 -06:00