Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 04:35:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
545,919 Commits 615 Branches 98 Tags 6 GiB
0edfa97e38
Commit Graph

310 Commits

Author SHA1 Message Date
Jed Davis
1a4ac1cd36 Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp 
MozReview-Commit-ID: JoyYocxnk94
 2017-07-07 08:58:50 -06:00
Jed Davis
1bc1050e9e Bug 1372428 - Deal with fcntl() in media plugins. r=gcp 
MozReview-Commit-ID: 9kBowGtSPYO
 2017-07-07 08:58:45 -06:00
Jed Davis
b2df5f5afd Bug 1372428 - Deal with uname() in media plugins. r=gcp 
MozReview-Commit-ID: JVzjs80Yuex
 2017-07-07 08:58:33 -06:00
Jan Keromnes
09971ac7d3 Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp 2017-06-27 17:57:00 +02:00
Jan Keromnes
df076300b1 Bug 1376643 - Use 'nullptr' where applicable in security/sandbox/. r=gcp 2017-06-27 17:56:00 +02:00
Carsten "Tomcat" Book
7918eeee02 merge mozilla-inbound to mozilla-central a=merge 2017-06-28 13:23:29 +02:00
Jed Davis
8e5d5bda0f Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp 
MozReview-Commit-ID: Gml8lR1Heu1

--HG--
extra : rebase_source : 6b466f887bd1802277a506295a9c6cc575196385
 2017-06-27 14:52:25 -07:00
Gian-Carlo Pascutto
f2e7c8b77a Bug 1374281. r=jld 
MozReview-Commit-ID: Ko5m5i4Wkd6

--HG--
extra : rebase_source : 3076315ef3639a89f752addbb01d5d08a9c2db75
 2017-06-19 20:07:38 +02:00
Bill McCloskey
f115503a0b Bug 1372405 - Provide names for all runnables in the tree (r=froydnj) 
MozReview-Commit-ID: DKR6ROiHRS7
 2017-06-26 14:19:58 -07:00
Nicholas Nethercote
f1364a75ea Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj. 
All the instances are converted as follows.

- nsSubstring  --> nsAString
- nsCSubstring --> nsACString

--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
 2017-06-20 19:19:52 +10:00
Carsten "Tomcat" Book
8a1350b5a6 Backed out changeset 4f6302a98ae4 (bug 1372405) 
--HG--
extra : rebase_source : 41632f3158e88e692809731394a683d065a73dfb
 2017-06-21 13:59:26 +02:00
Bill McCloskey
6b3e84ed5f Bug 1372405 - Provide names for all runnables in the tree (r=froydnj) 
MozReview-Commit-ID: DKR6ROiHRS7
 2017-06-20 21:44:11 -07:00
Carsten "Tomcat" Book
ea1b86680c Backed out changeset 9846de3bd954 (bug 1372405) 
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
 2017-06-20 08:27:02 +02:00
Bill McCloskey
4592152411 Bug 1372405 - Provide names for all runnables in the tree (r=froydnj) 
MozReview-Commit-ID: DKR6ROiHRS7
 2017-06-19 22:25:47 -07:00
Randell Jesup
b0a3a49ce8 Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld 
Enables creating new libevent epoll queues on Linux
 2017-06-13 01:54:20 -04:00
Jed Davis
da2db41a9c Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp 
MozReview-Commit-ID: HCbavpMUxYm

--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
 2017-06-07 16:33:11 -06:00
Jed Davis
039a1c2b5c Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium 
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.

If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work.  So we should avoid that.

MozReview-Commit-ID: 9xoBIhtu5cu

--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
 2017-05-30 07:10:15 -06:00
Jed Davis
b129f08d7f Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp 
MozReview-Commit-ID: B4LmSGR6OEz

--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
 2017-05-30 23:13:37 -06:00
Alex Gaynor
d27dc0ba0b Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm 
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.

MozReview-Commit-ID: 9QNTCkdbTfm

--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
 2017-05-12 17:04:42 -04:00
Sebastian Hengst
fd03aa5bc8 Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout 2017-05-31 21:34:13 +02:00
Alex Gaynor
39f34ea898 Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm 
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.

MozReview-Commit-ID: 9QNTCkdbTfm

--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
 2017-05-12 17:04:42 -04:00
Jed Davis
f6b03fa260 Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp 
MozReview-Commit-ID: 2DeklSGsjUV

--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
 2017-04-11 20:55:34 -06:00
Jed Davis
675bae8c8d Bug 1364533 - Allow madvise huge page hints. r=gcp 
MozReview-Commit-ID: 7sNWS2sFJCx

--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
 2017-05-12 20:04:07 -06:00
Jed Davis
3c4e538953 Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp 
MozReview-Commit-ID: 3M3T3bkx4nP

--HG--
extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4
 2017-05-01 21:51:11 -06:00
Jed Davis
7d9acbdace Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp 
MozReview-Commit-ID: Cz9MKxOJnsS

--HG--
extra : rebase_source : d3ab7ff9020066d5fe9ac3121c88c85b9fde6224
 2017-04-25 19:29:32 -06:00
Mike Hommey
34e619d1c1 Bug 1357323 - Remove support for gonk in the build system. r=gps 
Everything depending on the widget being gonk can go away, as well as
everything depending on MOZ_AUDIO_CHANNEL_MANAGER, which was only
defined on gonk builds under b2g/ (which goes away in bug 1357326).

--HG--
extra : rebase_source : 9f0aeeb7eea8417fa4e06d662d566d67ecaf2a24
 2017-04-18 16:56:09 +09:00
Jed Davis
e6622cfe8a Bug 1355273 - Allow inotify_init alongside inotify_init1. r=Alex_Gaynor,gcp 
MozReview-Commit-ID: 5hAapLdbmeh

--HG--
extra : rebase_source : 2646d97dbdbf8803468c7115b50ae9ab91eae1ca
 2017-04-14 16:17:39 -06:00
Jed Davis
7d599256ca Bug 1354731 - Quietly fail mknod of character devices in content sandbox. r=gcp 
MozReview-Commit-ID: 2aehI5V7tQp

--HG--
extra : rebase_source : ea933354e4018542e4dedda63318153c7cfbdd4e
 2017-04-11 13:22:26 -06:00
Bob Owen
94bf554716 Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz, r=jimm 
Also inclues follow-up to remove mitigations that require Windows 10 SDK.

MozReview-Commit-ID: HwqM4noIHmy
 2017-03-29 14:23:17 +01:00
Carsten "Tomcat" Book
0a1fc914ce Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob 2017-03-24 11:24:13 +01:00
Bob Owen
8995d28500 Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz 2017-03-23 10:29:05 +00:00
Benjamin Bouvier
bcd3dcc6b3 Bug 1342385: Allow mremap on linux32 for wasm; r=jld 
MozReview-Commit-ID: 82f8ryvd57S

--HG--
extra : rebase_source : 0e74611052853f149eb0fefe8fef849a8f8978b0
extra : amend_source : ff91bb31d45ca4783da391e519f10e3613f0f890
 2017-02-24 13:18:57 +01:00
Jed Davis
a01b0b45dd Bug 1286865 - Step 4: Report rejected syscall info in Telemetry. r=gcp r=francois 
MozReview-Commit-ID: 7R755WT1Ftu

--HG--
extra : rebase_source : 77356e29da9a02a3a4392be3de0e9e88ed9e131e
extra : histedit_source : 813980d967009d4270143ce3a503836c7337941f
 2017-02-20 19:55:56 +01:00
Jed Davis
f0666046d6 Bug 1286865 - Step 2: Add XPCOM bindings for sandbox syscall reporter. r=gcp r=glandium 
MozReview-Commit-ID: GERRsOJ7H2w

--HG--
extra : rebase_source : 8ff688150ccf417a266a663ed0973d4850f51e63
 2017-01-30 18:50:41 -07:00
Jed Davis
f2fa27edca Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp 
MozReview-Commit-ID: 8GfFo4xso65

--HG--
extra : rebase_source : 1596a79d65d30dc72d8b84fc4f1639de377f554a
 2017-01-30 18:49:53 -07:00
Jed Davis
eb0d19601a Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp 
MozReview-Commit-ID: 1It6HNizbAc

--HG--
extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
 2017-01-27 14:25:50 -07:00
Sylvestre Ledru
455bdf24fe Bug 1338086 - Remove useless else blocks in order to reduce complexity in security/sandbox/linux/ r=gcp 
MozReview-Commit-ID: 5UWtAe6THd6

--HG--
extra : rebase_source : 17af6640439f209cb37e91552cf0f97043bd9e91
 2017-02-09 10:56:05 +01:00
Sylvestre Ledru
26605e4a7d Bug 1337358 - Converts for(...; ...; ...) loops to use the new range-based loops in C++11 in security/sandbox/ r=gcp 
MozReview-Commit-ID: Iwj7i07LkJ0

--HG--
extra : rebase_source : 88a71d78dd6d3e4cf603047a5714631b4ae4542b
 2017-02-08 11:59:38 +01:00
Jed Davis
467786d86a Bug 1335329 - Improve handling of mkdir() on preexisting directories in Linux sandbox file broker. r=gcp 
If the path given doesn't have write+create permissions in the broker
policy, but does have MAY_ACCESS (i.e., if checking for its existence
with lstat() or access() would be allowed), then check for its existence
and fail with EEXIST the way the the real mkdir() would.

Note that mkdir() fails with EEXIST even the existing file isn't a
directory, including if it's a broken symlink.

MozReview-Commit-ID: 13Cwnq1nRrw

--HG--
extra : rebase_source : c37caa091583fa85a0a72ed62fa9f12a3523e8f4
 2017-02-02 11:56:21 -07:00
Olli Pettay
5de2e3d5f6 Bug 1335323 - Move vector include to sandbox header to fix bustage. r=bustage-fix a=bustage-fix 2017-01-31 13:06:22 +01:00
Gian-Carlo Pascutto
aa1bdaad34 Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld 
MozReview-Commit-ID: 9P0bSLLKRWp

--HG--
extra : rebase_source : e1d2f34e5d0901614d88a583beecb704369ce478
 2017-01-26 19:59:50 +01:00
Sebastian Hengst
e1d5db133e Backed out changeset e87ae43ca443 (bug 1330326) 2017-01-27 20:59:55 +01:00
Gian-Carlo Pascutto
0d2bf66dfd Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld 
MozReview-Commit-ID: 9P0bSLLKRWp

--HG--
extra : rebase_source : ab7d7da81459bd08c6aec7d7c89949ca7207471f
 2017-01-26 19:59:50 +01:00
David Parks
990402c301 Bug 1317735 - Consolidate env vars for logging. r=jimm 
Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged.  The pref defaults to true.  On Linux, only the environment variable is considered.

--HG--
extra : rebase_source : f67870a74795228548b290aec32d08552c068874
 2017-01-23 12:46:49 -08:00
Carsten "Tomcat" Book
b54e4ad90d Merge mozilla-central to autoland 2016-12-07 11:40:35 +01:00
Jed Davis
416e1ecb8f Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd r=gcp 2016-12-06 12:38:22 -10:00
Gian-Carlo Pascutto
c028a5f875 Bug 1309098 - Add ALSA devices to filesystem policy whitelist. r=glandium 
MozReview-Commit-ID: F2GmQEj9XEN

--HG--
extra : rebase_source : 8444d905acd3bf62668c30f04cbfd9669de96d0b
 2016-10-11 16:35:39 +02:00
Jed Davis
2f25df5d1e Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd 
This applies only to content processes, where we already allow getrlimit
(but not setrlimit).  The rule added here does not allow using prlimit64
to set any resource limits or interact with any other process.

MozReview-Commit-ID: nMry3t6QPj

--HG--
extra : rebase_source : ecf792077a672ab1f2c5edf9fbeb915a0d8dd30e
 2016-11-28 12:05:28 -07:00
Julian Seward
8358f9ad56 Bug 1318012 - SandboxBrokerCommon::SendWithFd sends uninitialised stack-allocated data out of process. r=jld@mozilla.com. 2016-11-21 07:33:19 +01:00
Jed Davis
a2d3e4e9f2 Bug 1313218 - Preload libmozsandbox.so in child processes on Linux. r=tedd r=billm r=glandium 
Preloading libmozsandbox allows the symbol interpositions used by
sandboxing to be defined there instead of statically linked into the
executable; this patch also does that.

MozReview-Commit-ID: FL1QWLSKA0S

--HG--
rename : security/sandbox/linux/interpose/SandboxHooks.cpp => security/sandbox/linux/SandboxHooks.cpp
 2016-11-04 18:16:05 -06:00