Gian-Carlo Pascutto
bb409b10ab
Bug 1285293
- Add fstatfs to seccomp-bpf whitelist. r=tedd
...
For some reason libfontconfig really Needs To Know.
MozReview-Commit-ID: KSET8D5h9xf
--HG--
extra : rebase_source : 10c5df6a4b8b85be120a9828686d0c63e3fff5d4
2016-07-11 10:54:48 +02:00
Gian-Carlo Pascutto
c4c92abf28
Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd
...
MozReview-Commit-ID: 1yV0uqiMSru
--HG--
extra : rebase_source : cbc57f22fc4b5818b1ac9857446d2190eaa359c2
2016-07-11 10:15:31 +02:00
Julian Hector
2071bf3b6c
Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp
2016-07-08 17:59:41 +02:00
Gian-Carlo Pascutto
b3b0630046
Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector
...
MozReview-Commit-ID: 7UE6hyDiC6H
--HG--
extra : rebase_source : ef1fcbf9e2aefbf2b215e18a459ce72d4e0abc5c
extra : histedit_source : 02ba293c9af543f850c6ddeb2ca214f7527e3923
2016-07-08 17:12:30 +02:00
Julian Hector
aa5c174aa4
Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: JQAQAbHUObN
--HG--
extra : rebase_source : 42a14a28503b685125f27faa40ae4efc920c5c5d
2016-06-16 12:39:07 +02:00
Julian Hector
feca70c6cc
Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
...
MozReview-Commit-ID: HrBpcQ1BYFI
--HG--
extra : rebase_source : 0505ff9f9260627a0519e1f0ea536efd7af0210e
2016-07-05 03:07:00 +02:00
Julian Hector
3ab8691db7
Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp
...
MozReview-Commit-ID: 8CW916cJsUZ
2016-07-05 13:51:57 +02:00
Carsten "Tomcat" Book
30cb0bf87f
Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts
2016-07-05 12:25:55 +02:00
Carsten "Tomcat" Book
d90190d784
Backed out changeset 730fcdccb26e (bug 742434)
2016-07-05 12:25:41 +02:00
Julian Hector
a4e6059aeb
Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: HyNozlK5SAE
2016-06-16 12:39:07 +02:00
Julian Hector
21e153fc19
Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
...
MozReview-Commit-ID: HrBpcQ1BYFI
2016-07-05 03:07:00 +02:00
Gian-Carlo Pascutto
0a5cac2ffc
Backed out 2 changesets (bug 742434)
...
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)
MozReview-Commit-ID: 8Chchv4HUL
--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
2016-07-04 18:00:53 +02:00
Julian Hector
c50fb0578f
Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: CuSCwcwRiND
2016-06-16 12:39:07 +02:00
Gian-Carlo Pascutto
a7f65e7eac
Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
...
MozReview-Commit-ID: F9rVM0VKmUR
--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto
d270c42cdd
Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld
...
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.
See Linux kernel commit:
commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date: Tue Jul 14 15:24:24 2015 -0700
x86/entry/syscalls: Wire up 32-bit direct socket calls
MozReview-Commit-ID: I3GEvolGfsR
--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
2016-06-29 20:34:40 +02:00
Thomas Zimmermann
97a43c0b93
Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
...
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
2016-06-16 08:43:51 +01:00
Sebastian Hengst
bb691db120
Backed out changeset b6c190b08824 (bug 1276927)
2016-06-15 12:23:52 +02:00
Thomas Zimmermann
565a7b74dc
Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
...
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
2016-06-15 10:59:49 +01:00
Julian Hector
14d815c27e
Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
...
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto
d543e16807
Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
...
MozReview-Commit-ID: FsJ8ER9B9EY
--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
2016-05-18 14:39:20 +02:00
Julian Hector
d5bb492be4
Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld
2016-05-26 16:20:44 +02:00
Julian Hector
1f2003d5b1
Bug 1274873 - Part 1: Change search order for free signal r=jld
2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book
efa443d4d3
Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js
...
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book
1d324ed30a
Backed out changeset 62646bfa1f95 (bug 1274873)
...
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
2016-06-07 12:06:51 +02:00
Julian Hector
fd5c167bdc
Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld
2016-05-28 20:33:49 +02:00
Julian Hector
1b857c2f98
Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld
2016-05-26 16:20:44 +02:00
Julian Hector
1c0ad8ce67
Bug 1274873 - Part 1: Change search order for free signal r=jld
2016-05-26 16:19:28 +02:00
Julian Hector
d0f949dad4
Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector
cb6d29b0b7
Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162
Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Alexandre Lissy
c6be1d0d13
Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
...
MozReview-Commit-ID: 3TVdcY7aXvW
--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Gian-Carlo Pascutto
e8fd20fdcf
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: 6Un4yNzxGgg
--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
be11014a2b
Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE
2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: GtIPsRqq5hr
--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Julian Hector
5894681e14
Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld
...
MozReview-Commit-ID: IeFwQ2Gv21z
--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
2016-05-20 14:42:50 +02:00
Chris Peterson
353ee65255
Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium
2016-05-11 00:00:01 -07:00
Gian-Carlo Pascutto
6491a25e6f
Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
...
MozReview-Commit-ID: DvaHjOa5GOv
--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327
Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
...
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.
MozReview-Commit-ID: 1VS4Dney4WX
--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Julian Hector
4c291ae709
Bug 1176099 - Fix missing NULL check r=luke
...
MozReview-Commit-ID: ICNQNqJZzA8
2016-04-28 20:41:14 +02:00
Julian Hector
3871240519
Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium
2016-04-21 13:17:50 +00:00
Julian Hector
1942e09c83
Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
...
MozReview-Commit-ID: 4kFgfxhCMFl
--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
2016-04-21 15:59:53 +02:00
Julian Hector
d9a01beca2
Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld
2016-04-13 12:41:19 +00:00
Thomas Zimmermann
e1b5ef463a
Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
...
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
2016-04-14 10:12:39 +02:00
Chris Pearce
cb3b390405
Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
...
MozReview-Commit-ID: C6bpItv1qpi
2016-04-12 16:12:21 +12:00
Julian Hector
2d64db058c
Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
2016-04-06 19:48:23 +00:00
Boris Zbarsky
bc347a401b
Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:35 -04:00
Boris Zbarsky
42b3bbe27a
Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
54987c5cc1
Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
efa07c06d1
Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Sebastian Hengst
0e9bf1445a
Backed out changeset 6e95ee3cd4c6 (bug 1257919)
2016-03-22 21:10:21 +01:00