This commit does:
- Sync files under security/sandbox/chromium/ with Chromium 81.0.4044.138
- Update files under security/sandbox/chromium-shim/
- Apply patches under security/sandbox/chromium-shim/patches/with_update/
- Apply a workaround for Clang's bug to compile *_interception.cc
- Add mozilla::AddWin32kLockdownPolicy to apply MITIGATION_WIN32K_DISABLE before SUBSYS_WIN32K_LOCKDOWN
Differential Revision: https://phabricator.services.mozilla.com/D79560
This commit updates files under security/sandbox/chromium-shim/patches/
to prepare our codebase for Chromium sandbox update. See patch files for
the details of each patch.
This also removes the following patches from with_update no longer needed.
1) update_chromium_linux_x86_syscalls.patch is included in
b4f3df4e77
2) ifdef_out_ApplyMitigationsToCurrentThread.patch cannot be used because
we use ApplyMitigationsToCurrentThread since the following commit.
4bed2eb502
3) mingw_base_win_get_caller.patch is included in
d8b73eb8f0
4) fix_incorrect_int_use_in_Kernel32BaseVersion.patch is fixed by
https://hg.mozilla.org/mozilla-central/rev/dc9d71fb3bac807a37dbfba35d609ac4ffff1980
5) revert_removal_of_AlterEnvironment_on_Windows.patch is altered by adding
environment_internal.h/cc as a different commit.
6) mingw_undefine_MemoryBarrier.patch is no longer needed as
base::subtle::MemoryBarrier was removed by
bdbaaf4e7e
7) public_siginfo_fields.patch is included in
6bd491daaf
Differential Revision: https://phabricator.services.mozilla.com/D79558
This commit does:
- Sync files under security/sandbox/chromium/ with Chromium 81.0.4044.138
- Update files under security/sandbox/chromium-shim/
- Apply patches under security/sandbox/chromium-shim/patches/with_update/
- Apply a workaround for Clang's bug to compile *_interception.cc
- Add mozilla::AddWin32kLockdownPolicy to apply MITIGATION_WIN32K_DISABLE before SUBSYS_WIN32K_LOCKDOWN
Differential Revision: https://phabricator.services.mozilla.com/D79560
This commit updates files under security/sandbox/chromium-shim/patches/
to prepare our codebase for Chromium sandbox update. See patch files for
the details of each patch.
This also removes the following patches from with_update no longer needed.
1) update_chromium_linux_x86_syscalls.patch is included in
b4f3df4e77
2) ifdef_out_ApplyMitigationsToCurrentThread.patch cannot be used because
we use ApplyMitigationsToCurrentThread since the following commit.
4bed2eb502
3) mingw_base_win_get_caller.patch is included in
d8b73eb8f0
4) fix_incorrect_int_use_in_Kernel32BaseVersion.patch is fixed by
https://hg.mozilla.org/mozilla-central/rev/dc9d71fb3bac807a37dbfba35d609ac4ffff1980
5) revert_removal_of_AlterEnvironment_on_Windows.patch is altered by adding
environment_internal.h/cc as a different commit.
6) mingw_undefine_MemoryBarrier.patch is no longer needed as
base::subtle::MemoryBarrier was removed by
bdbaaf4e7e
7) public_siginfo_fields.patch is included in
6bd491daaf
Differential Revision: https://phabricator.services.mozilla.com/D79558
The current taskqueue is blocked until the current function has finished; Running the event loop would only process events on the running thread.
Additionally, we make mIPCLaunchThread an nsISerialEventTarget to guarantee that at shutdown the tasks are run in order regardless of the IPC Launch Thread type.
Differential Revision: https://phabricator.services.mozilla.com/D81511
This adds the boolean pref security.sandbox.content.headless (on Linux
only) which does two things:
1. Sets the MOZ_HEADLESS env var for content processes, so that they
don't initialize GTK and don't connect to the X server.
2. Disallows brokered access to parts of the filesystem used only for
graphics -- most critically connecting to the X11 socket itself, but
also opening GPU device nodes and the parts of sysfs used by Mesa, for
example.
This is experimental; use at your own risk.
Setting this pref will break native widgets, so it's also necessary to
set widget.disable-native-theme-for-content
Additionally, it breaks Flash and WebGL; see bug 1638466 for the latter.
Differential Revision: https://phabricator.services.mozilla.com/D81425
Now that filesystem broker policy entries that depend on prefs can be
cached in the "common" policy object, let's do this wherever possible.
Should also fix bug 1621231.
Differential Revision: https://phabricator.services.mozilla.com/D81424
When the SandboxBrokerPolicyFactory is constructed, prefs aren't
available, which constrains the cached subset of the content process
policy to entries that don't depend on prefs. Delaying the computation
until a content process is started removes that restriction.
Differential Revision: https://phabricator.services.mozilla.com/D81423
Not strictly necessary, but I noticed this while I was making changes:
AddDynamicPathList can be a simple static function instead of a private
static method, and doesn't need to be in the header.
Differential Revision: https://phabricator.services.mozilla.com/D81422
Fix the content and Flash sandbox policies to use the major and minor number for OS version checks allowing video playback to work properly on macOS 11 Big Sur.
Pass the macOS major and minor version to sandbox policies as a combined string.
Remove unused OSXVersion methods and members and more minor cleanup in Sandbox.mm.
Leave in the checks for unsupported versions (macOS 10.9 - 10.11) for now in case this fix needs to be uplifted.
Differential Revision: https://phabricator.services.mozilla.com/D81385
This just spins the event loop during fast shutdown until all queued
cert_storage tasks have completed. The patch achieves this by simply
adding a counter which will be incremented and decremented on the
main thread via tying into the tasks' `new` and `done` methods. A
slightly more performant solution would use a condvar and sleep the
main thread waiting on pending operations to complete, but given the
low frequency of these occuring during shutdown, such an approach
would be overkill.
Differential Revision: https://phabricator.services.mozilla.com/D80906
