Jed Davis
1a4ac1cd36
Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp
...
MozReview-Commit-ID: JoyYocxnk94
2017-07-07 08:58:50 -06:00
Jed Davis
1bc1050e9e
Bug 1372428 - Deal with fcntl() in media plugins. r=gcp
...
MozReview-Commit-ID: 9kBowGtSPYO
2017-07-07 08:58:45 -06:00
Jed Davis
b2df5f5afd
Bug 1372428 - Deal with uname() in media plugins. r=gcp
...
MozReview-Commit-ID: JVzjs80Yuex
2017-07-07 08:58:33 -06:00
Jan Keromnes
09971ac7d3
Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp
2017-06-27 17:57:00 +02:00
Jan Keromnes
df076300b1
Bug 1376643 - Use 'nullptr' where applicable in security/sandbox/. r=gcp
2017-06-27 17:56:00 +02:00
Carsten "Tomcat" Book
7918eeee02
merge mozilla-inbound to mozilla-central a=merge
2017-06-28 13:23:29 +02:00
Jed Davis
8e5d5bda0f
Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp
...
MozReview-Commit-ID: Gml8lR1Heu1
--HG--
extra : rebase_source : 6b466f887bd1802277a506295a9c6cc575196385
2017-06-27 14:52:25 -07:00
Gian-Carlo Pascutto
f2e7c8b77a
Bug 1374281. r=jld
...
MozReview-Commit-ID: Ko5m5i4Wkd6
--HG--
extra : rebase_source : 3076315ef3639a89f752addbb01d5d08a9c2db75
2017-06-19 20:07:38 +02:00
Bill McCloskey
f115503a0b
Bug 1372405
- Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Nicholas Nethercote
f1364a75ea
Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsSubstring --> nsAString
- nsCSubstring --> nsACString
--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
Carsten "Tomcat" Book
8a1350b5a6
Backed out changeset 4f6302a98ae4 (bug 1372405
)
...
--HG--
extra : rebase_source : 41632f3158e88e692809731394a683d065a73dfb
2017-06-21 13:59:26 +02:00
Bill McCloskey
6b3e84ed5f
Bug 1372405
- Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-20 21:44:11 -07:00
Carsten "Tomcat" Book
ea1b86680c
Backed out changeset 9846de3bd954 (bug 1372405
)
...
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
Bill McCloskey
4592152411
Bug 1372405
- Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
Randell Jesup
b0a3a49ce8
Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld
...
Enables creating new libevent epoll queues on Linux
2017-06-13 01:54:20 -04:00
Jed Davis
da2db41a9c
Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp
...
MozReview-Commit-ID: HCbavpMUxYm
--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
2017-06-07 16:33:11 -06:00
Jed Davis
039a1c2b5c
Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
...
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.
If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work. So we should avoid that.
MozReview-Commit-ID: 9xoBIhtu5cu
--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
2017-05-30 07:10:15 -06:00
Jed Davis
b129f08d7f
Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp
...
MozReview-Commit-ID: B4LmSGR6OEz
--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
2017-05-30 23:13:37 -06:00
Alex Gaynor
d27dc0ba0b
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
2017-05-12 17:04:42 -04:00
Sebastian Hengst
fd03aa5bc8
Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
2017-05-31 21:34:13 +02:00
Alex Gaynor
39f34ea898
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
2017-05-12 17:04:42 -04:00
Jed Davis
f6b03fa260
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
...
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
2017-04-11 20:55:34 -06:00
Jed Davis
675bae8c8d
Bug 1364533 - Allow madvise huge page hints. r=gcp
...
MozReview-Commit-ID: 7sNWS2sFJCx
--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
2017-05-12 20:04:07 -06:00
Jed Davis
3c4e538953
Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp
...
MozReview-Commit-ID: 3M3T3bkx4nP
--HG--
extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4
2017-05-01 21:51:11 -06:00
Jed Davis
7d9acbdace
Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp
...
MozReview-Commit-ID: Cz9MKxOJnsS
--HG--
extra : rebase_source : d3ab7ff9020066d5fe9ac3121c88c85b9fde6224
2017-04-25 19:29:32 -06:00
Mike Hommey
34e619d1c1
Bug 1357323 - Remove support for gonk in the build system. r=gps
...
Everything depending on the widget being gonk can go away, as well as
everything depending on MOZ_AUDIO_CHANNEL_MANAGER, which was only
defined on gonk builds under b2g/ (which goes away in bug 1357326).
--HG--
extra : rebase_source : 9f0aeeb7eea8417fa4e06d662d566d67ecaf2a24
2017-04-18 16:56:09 +09:00
Jed Davis
e6622cfe8a
Bug 1355273 - Allow inotify_init alongside inotify_init1. r=Alex_Gaynor,gcp
...
MozReview-Commit-ID: 5hAapLdbmeh
--HG--
extra : rebase_source : 2646d97dbdbf8803468c7115b50ae9ab91eae1ca
2017-04-14 16:17:39 -06:00
Jed Davis
7d599256ca
Bug 1354731 - Quietly fail mknod of character devices in content sandbox. r=gcp
...
MozReview-Commit-ID: 2aehI5V7tQp
--HG--
extra : rebase_source : ea933354e4018542e4dedda63318153c7cfbdd4e
2017-04-11 13:22:26 -06:00
Bob Owen
94bf554716
Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz, r=jimm
...
Also inclues follow-up to remove mitigations that require Windows 10 SDK.
MozReview-Commit-ID: HwqM4noIHmy
2017-03-29 14:23:17 +01:00
Carsten "Tomcat" Book
0a1fc914ce
Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob
2017-03-24 11:24:13 +01:00
Bob Owen
8995d28500
Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz
2017-03-23 10:29:05 +00:00
Benjamin Bouvier
bcd3dcc6b3
Bug 1342385: Allow mremap on linux32 for wasm; r=jld
...
MozReview-Commit-ID: 82f8ryvd57S
--HG--
extra : rebase_source : 0e74611052853f149eb0fefe8fef849a8f8978b0
extra : amend_source : ff91bb31d45ca4783da391e519f10e3613f0f890
2017-02-24 13:18:57 +01:00
Jed Davis
a01b0b45dd
Bug 1286865 - Step 4: Report rejected syscall info in Telemetry. r=gcp r=francois
...
MozReview-Commit-ID: 7R755WT1Ftu
--HG--
extra : rebase_source : 77356e29da9a02a3a4392be3de0e9e88ed9e131e
extra : histedit_source : 813980d967009d4270143ce3a503836c7337941f
2017-02-20 19:55:56 +01:00
Jed Davis
f0666046d6
Bug 1286865 - Step 2: Add XPCOM bindings for sandbox syscall reporter. r=gcp r=glandium
...
MozReview-Commit-ID: GERRsOJ7H2w
--HG--
extra : rebase_source : 8ff688150ccf417a266a663ed0973d4850f51e63
2017-01-30 18:50:41 -07:00
Jed Davis
f2fa27edca
Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp
...
MozReview-Commit-ID: 8GfFo4xso65
--HG--
extra : rebase_source : 1596a79d65d30dc72d8b84fc4f1639de377f554a
2017-01-30 18:49:53 -07:00
Jed Davis
eb0d19601a
Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
...
MozReview-Commit-ID: 1It6HNizbAc
--HG--
extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
2017-01-27 14:25:50 -07:00
Sylvestre Ledru
455bdf24fe
Bug 1338086 - Remove useless else blocks in order to reduce complexity in security/sandbox/linux/ r=gcp
...
MozReview-Commit-ID: 5UWtAe6THd6
--HG--
extra : rebase_source : 17af6640439f209cb37e91552cf0f97043bd9e91
2017-02-09 10:56:05 +01:00
Sylvestre Ledru
26605e4a7d
Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/sandbox/ r=gcp
...
MozReview-Commit-ID: Iwj7i07LkJ0
--HG--
extra : rebase_source : 88a71d78dd6d3e4cf603047a5714631b4ae4542b
2017-02-08 11:59:38 +01:00
Jed Davis
467786d86a
Bug 1335329
- Improve handling of mkdir() on preexisting directories in Linux sandbox file broker. r=gcp
...
If the path given doesn't have write+create permissions in the broker
policy, but does have MAY_ACCESS (i.e., if checking for its existence
with lstat() or access() would be allowed), then check for its existence
and fail with EEXIST the way the the real mkdir() would.
Note that mkdir() fails with EEXIST even the existing file isn't a
directory, including if it's a broken symlink.
MozReview-Commit-ID: 13Cwnq1nRrw
--HG--
extra : rebase_source : c37caa091583fa85a0a72ed62fa9f12a3523e8f4
2017-02-02 11:56:21 -07:00
Olli Pettay
5de2e3d5f6
Bug 1335323 - Move vector include to sandbox header to fix bustage. r=bustage-fix a=bustage-fix
2017-01-31 13:06:22 +01:00
Gian-Carlo Pascutto
aa1bdaad34
Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
...
MozReview-Commit-ID: 9P0bSLLKRWp
--HG--
extra : rebase_source : e1d2f34e5d0901614d88a583beecb704369ce478
2017-01-26 19:59:50 +01:00
Sebastian Hengst
e1d5db133e
Backed out changeset e87ae43ca443 (bug 1330326)
2017-01-27 20:59:55 +01:00
Gian-Carlo Pascutto
0d2bf66dfd
Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
...
MozReview-Commit-ID: 9P0bSLLKRWp
--HG--
extra : rebase_source : ab7d7da81459bd08c6aec7d7c89949ca7207471f
2017-01-26 19:59:50 +01:00
David Parks
990402c301
Bug 1317735 - Consolidate env vars for logging. r=jimm
...
Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged. The pref defaults to true. On Linux, only the environment variable is considered.
--HG--
extra : rebase_source : f67870a74795228548b290aec32d08552c068874
2017-01-23 12:46:49 -08:00
Carsten "Tomcat" Book
b54e4ad90d
Merge mozilla-central to autoland
2016-12-07 11:40:35 +01:00
Jed Davis
416e1ecb8f
Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd r=gcp
2016-12-06 12:38:22 -10:00
Gian-Carlo Pascutto
c028a5f875
Bug 1309098 - Add ALSA devices to filesystem policy whitelist. r=glandium
...
MozReview-Commit-ID: F2GmQEj9XEN
--HG--
extra : rebase_source : 8444d905acd3bf62668c30f04cbfd9669de96d0b
2016-10-11 16:35:39 +02:00
Jed Davis
2f25df5d1e
Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
...
This applies only to content processes, where we already allow getrlimit
(but not setrlimit). The rule added here does not allow using prlimit64
to set any resource limits or interact with any other process.
MozReview-Commit-ID: nMry3t6QPj
--HG--
extra : rebase_source : ecf792077a672ab1f2c5edf9fbeb915a0d8dd30e
2016-11-28 12:05:28 -07:00
Julian Seward
8358f9ad56
Bug 1318012 - SandboxBrokerCommon::SendWithFd sends uninitialised stack-allocated data out of process. r=jld@mozilla.com.
2016-11-21 07:33:19 +01:00
Jed Davis
a2d3e4e9f2
Bug 1313218 - Preload libmozsandbox.so in child processes on Linux. r=tedd r=billm r=glandium
...
Preloading libmozsandbox allows the symbol interpositions used by
sandboxing to be defined there instead of statically linked into the
executable; this patch also does that.
MozReview-Commit-ID: FL1QWLSKA0S
--HG--
rename : security/sandbox/linux/interpose/SandboxHooks.cpp => security/sandbox/linux/SandboxHooks.cpp
2016-11-04 18:16:05 -06:00