Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 12:45:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
481,978 Commits 615 Branches 98 Tags 6 GiB
bb409b10ab
Commit Graph

203 Commits

Author SHA1 Message Date
Gian-Carlo Pascutto
bb409b10ab Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd 
For some reason libfontconfig really Needs To Know.

MozReview-Commit-ID: KSET8D5h9xf

--HG--
extra : rebase_source : 10c5df6a4b8b85be120a9828686d0c63e3fff5d4
 2016-07-11 10:54:48 +02:00
Gian-Carlo Pascutto
c4c92abf28 Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd 
MozReview-Commit-ID: 1yV0uqiMSru

--HG--
extra : rebase_source : cbc57f22fc4b5818b1ac9857446d2190eaa359c2
 2016-07-11 10:15:31 +02:00
Julian Hector
2071bf3b6c Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp 2016-07-08 17:59:41 +02:00
Gian-Carlo Pascutto
b3b0630046 Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector 
MozReview-Commit-ID: 7UE6hyDiC6H

--HG--
extra : rebase_source : ef1fcbf9e2aefbf2b215e18a459ce72d4e0abc5c
extra : histedit_source : 02ba293c9af543f850c6ddeb2ca214f7527e3923
 2016-07-08 17:12:30 +02:00
Julian Hector
aa5c174aa4 Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: JQAQAbHUObN

--HG--
extra : rebase_source : 42a14a28503b685125f27faa40ae4efc920c5c5d
 2016-06-16 12:39:07 +02:00
Julian Hector
feca70c6cc Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp 
MozReview-Commit-ID: HrBpcQ1BYFI

--HG--
extra : rebase_source : 0505ff9f9260627a0519e1f0ea536efd7af0210e
 2016-07-05 03:07:00 +02:00
Julian Hector
3ab8691db7 Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp 
MozReview-Commit-ID: 8CW916cJsUZ
 2016-07-05 13:51:57 +02:00
Carsten "Tomcat" Book
30cb0bf87f Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts 2016-07-05 12:25:55 +02:00
Carsten "Tomcat" Book
d90190d784 Backed out changeset 730fcdccb26e (bug 742434) 2016-07-05 12:25:41 +02:00
Julian Hector
a4e6059aeb Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: HyNozlK5SAE
 2016-06-16 12:39:07 +02:00
Julian Hector
21e153fc19 Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp 
MozReview-Commit-ID: HrBpcQ1BYFI
 2016-07-05 03:07:00 +02:00
Gian-Carlo Pascutto
0a5cac2ffc Backed out 2 changesets (bug 742434) 
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)

MozReview-Commit-ID: 8Chchv4HUL

--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
 2016-07-04 18:00:53 +02:00
Julian Hector
c50fb0578f Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: CuSCwcwRiND
 2016-06-16 12:39:07 +02:00
Gian-Carlo Pascutto
a7f65e7eac Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld 
MozReview-Commit-ID: F9rVM0VKmUR

--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
 2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto
d270c42cdd Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld 
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.

See Linux kernel commit:

commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date:   Tue Jul 14 15:24:24 2015 -0700

    x86/entry/syscalls: Wire up 32-bit direct socket calls


MozReview-Commit-ID: I3GEvolGfsR

--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
 2016-06-29 20:34:40 +02:00
Thomas Zimmermann
97a43c0b93 Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice 
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
 2016-06-16 08:43:51 +01:00
Sebastian Hengst
bb691db120 Backed out changeset b6c190b08824 (bug 1276927) 2016-06-15 12:23:52 +02:00
Thomas Zimmermann
565a7b74dc Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice 
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
 2016-06-15 10:59:49 +01:00
Julian Hector
14d815c27e Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld 
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
 2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto
d543e16807 Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld 
MozReview-Commit-ID: FsJ8ER9B9EY

--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
 2016-05-18 14:39:20 +02:00
Julian Hector
d5bb492be4 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector
1f2003d5b1 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book
efa443d4d3 Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js 
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
 2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book
1d324ed30a Backed out changeset 62646bfa1f95 (bug 1274873) 
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
 2016-06-07 12:06:51 +02:00
Julian Hector
fd5c167bdc Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld 2016-05-28 20:33:49 +02:00
Julian Hector
1b857c2f98 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector
1c0ad8ce67 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Julian Hector
d0f949dad4 Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
 2016-05-27 16:00:50 +02:00
Julian Hector
cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
 2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
 2016-05-27 15:56:35 +02:00
Alexandre Lissy
c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld 
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
 2016-05-26 01:02:25 +02:00
Gian-Carlo Pascutto
e8fd20fdcf Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche 
MozReview-Commit-ID: 6Un4yNzxGgg

--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
 2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
be11014a2b Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE 2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65 Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche 
MozReview-Commit-ID: GtIPsRqq5hr

--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
 2016-05-18 18:37:44 +02:00
Julian Hector
5894681e14 Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld 
MozReview-Commit-ID: IeFwQ2Gv21z

--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
 2016-05-20 14:42:50 +02:00
Chris Peterson
353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Gian-Carlo Pascutto
6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld 
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
 2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj. 
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
 2016-04-27 14:16:50 +10:00
Julian Hector
4c291ae709 Bug 1176099 - Fix missing NULL check r=luke 
MozReview-Commit-ID: ICNQNqJZzA8
 2016-04-28 20:41:14 +02:00
Julian Hector
3871240519 Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium 2016-04-21 13:17:50 +00:00
Julian Hector
1942e09c83 Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld 
MozReview-Commit-ID: 4kFgfxhCMFl

--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
 2016-04-21 15:59:53 +02:00
Julian Hector
d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
Thomas Zimmermann
e1b5ef463a Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld 
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
 2016-04-14 10:12:39 +02:00
Chris Pearce
cb3b390405 Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed 
MozReview-Commit-ID: C6bpItv1qpi
 2016-04-12 16:12:21 +12:00
Julian Hector
2d64db058c Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld 2016-04-06 19:48:23 +00:00
Boris Zbarsky
bc347a401b Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky
42b3bbe27a Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky
54987c5cc1 Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky
efa07c06d1 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Sebastian Hengst
0e9bf1445a Backed out changeset 6e95ee3cd4c6 (bug 1257919) 2016-03-22 21:10:21 +01:00