Harald van Dijk
2877a35271
Bug 1430274 - Define MOZ_ALSA for more source files. r=jld
2018-01-18 15:18:37 -07:00
Gian-Carlo Pascutto
e5687f9731
Bug 1430118 - Look for log file names in the passed environment. r=bobowen
...
MozReview-Commit-ID: HVUDYoEwjCd
--HG--
extra : rebase_source : 4121114558901489cd3954f433fe70bdea32a683
2018-01-17 09:54:48 +01:00
Chris Peterson
37efe4d0e6
Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj
...
MozReview-Commit-ID: DCPTnyBooIe
--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
2017-11-05 19:37:28 -08:00
Haik Aftandilian
68c0e33233
Bug 1429133 - Some FontExplorer managed fonts are not rendered. r=Alex_Gaynor
...
MozReview-Commit-ID: L5x3GNb3HGU
--HG--
extra : rebase_source : fd123e19142e98f4712db19d240b5c636aeb3ecf
2018-01-10 11:33:47 -08:00
Csoregi Natalia
d07dee65a2
Backed out 6 changesets (bug 1386404
) for failing /webdriver/test/ tests on Linux. r=backout on a CLOSED TREE
...
Backed out changeset be1441859e8b (bug 1386404
)
Backed out changeset 8dca7ef74c4a (bug 1386404
)
Backed out changeset b7ca6ae185f2 (bug 1386404
)
Backed out changeset 2c007d385ce4 (bug 1386404
)
Backed out changeset fbe717b9a664 (bug 1386404
)
Backed out changeset 14f1fbe5263a (bug 1386404
)
2018-01-10 14:08:51 +02:00
Gian-Carlo Pascutto
4f260fc76e
Bug 1386404
- Whitelist the prefix used by the XPCOM leak logs. r=haik
...
MozReview-Commit-ID: HI68lvyJIPQ
--HG--
extra : rebase_source : 75da730d240881928a6db230a85031e24cef23e0
2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto
874a243297
Bug 1386404
- Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : ec91614556601e32f2604c3fb9f7d08156f834f3
2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
9178b61a3d
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f331071eeba9fc0714a0df09ca102273b4ee7320
2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
57d5d1c52a
Bug 1386404
- Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3384cb599a6d7b1aeba64e552ec4778ddab03f39
2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
1a580a77b4
Bug 1386404
- Enable content-process specific tmpdir on Linux. r=haik,jld
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : 7ff43ffe52f32ebbc7c866428e0d1d64dd05cbcb
2018-01-09 16:29:40 +01:00
Gian-Carlo Pascutto
61cf15cc85
Bug 1297740. r=jld
2018-01-08 10:07:16 +01:00
Coroiu Cristina
ebae541f60
Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE
...
Backed out changeset e2501f2e295e (bug 1297740)
2018-01-06 00:59:25 +02:00
Gian-Carlo Pascutto
3178a4003d
Bug 1297740. r=jld
...
--HG--
extra : rebase_source : 1d7bd987eed365bf442ed7eb856d8413af3205dc
2018-01-04 15:37:33 +01:00
Haik Aftandilian
f6cdb35b8f
Bug 1421262 - [Mac] Add access to hw.cachelinesize sysctl, /Library/GPUBundles to content sandbox rules. r=Alex_Gaynor
...
MozReview-Commit-ID: LBWA8XD64h
--HG--
extra : rebase_source : dac2ea615fdcbbd4d029bbbb28e3d935a4416deb
2017-12-21 14:15:29 -08:00
Mark Banner
770685e15e
Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler
...
MozReview-Commit-ID: 4Kd9L8ExNGl
--HG--
extra : rebase_source : 02a5242629c7b597d7fd4e5e1373781fcbb82905
2017-12-16 13:10:40 -06:00
Cosmin Sabou
6c33dde6ca
Backed out 2 changesets (bug 1425688) on request from jorgk for breaking the Certificate Manager r=backout a=backout
...
Backed out changeset f73324a4d033 (bug 1425688)
Backed out changeset bd2bf7b7fead (bug 1425688)
2017-12-28 15:26:09 +02:00
Mark Banner
bed9b1d6c8
Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler
...
MozReview-Commit-ID: 4Kd9L8ExNGl
--HG--
extra : rebase_source : d8383ef464e9f0d19c7642a07967f3e2fa56d0dc
2017-12-16 13:10:40 -06:00
Jed Davis
eec54d4531
Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp
...
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.
Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.
MozReview-Commit-ID: CiHsA6rOCrQ
--HG--
extra : rebase_source : 176c156116a44fb8dff3a5f421499b7e61175047
2017-12-08 17:31:07 -07:00
Haik Aftandilian
4e95d558ac
Bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes. r=Alex_Gaynor
...
Allow read-metadata access to top-level directory entries.
MozReview-Commit-ID: 1Q7QXN2gX36
--HG--
extra : rebase_source : 86e3cc1906bb805e158c70c703ec204f11452199
2017-12-18 12:58:30 -08:00
Csoregi Natalia
0393c9235f
Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
2017-12-19 02:49:50 +02:00
Jed Davis
b99c2f8096
Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp
...
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.
Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.
MozReview-Commit-ID: CiHsA6rOCrQ
--HG--
extra : rebase_source : 43c52a1169d6f510c3dc83143736b9be7ed7141d
2017-12-08 17:31:07 -07:00
Jed Davis
7dcac56405
Bug 1422198 - Log about failure to send a sandbox broker reply. r=gcp
...
MozReview-Commit-ID: eDcoMHGFxo
--HG--
extra : rebase_source : 6033f39a290b7b3dcbcebfaa8712e838e63fc09e
2017-12-08 14:43:36 -07:00
Alex Gaynor
bf2d3984cb
Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r=haik
...
MozReview-Commit-ID: LCU4TWNMs8T
--HG--
extra : rebase_source : b01ba6c163da653717c9201cba70b89540676330
2017-12-12 14:58:46 -06:00
cku
07e7f9f727
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
Gurzau Raul
0fcc1a37e6
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-12-09 00:57:59 +02:00
Bob Owen
e19c11cd2a
Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm
2017-12-08 19:00:54 +00:00
Jed Davis
7e9b75f531
Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp
...
getcwd won't do anything useful once we start chroot()ing to remove
filesystem access; with this patch it will at least fail the same way
regardless of whether user namespaces are available or if other factors
prevent complete FS isolation.
Bonus fix: improve the comments for this group of syscalls.
MozReview-Commit-ID: KueZzly2mlO
--HG--
extra : rebase_source : a6b5dbebbc4d2477909d46085499f2648091b94c
2017-11-20 10:47:54 -07:00
Sylvestre Ledru
a9961096c0
Bug 1394734 - Simplify various corner cases r=glandium
...
MozReview-Commit-ID: 4s4JdXZPvmv
--HG--
extra : rebase_source : c8f663c99442d41db5f81ac5fe1aa1f47fd5ed82
2017-12-07 22:10:19 +01:00
Sylvestre Ledru
4591d82b23
Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: HbF5oT5HW6f
--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
2017-12-07 22:09:38 +01:00
Sylvestre Ledru
5de63ef061
Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 5orfnoude7h
--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
2017-12-08 13:46:13 +01:00
Sylvestre Ledru
9bfe27d903
Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 7duJk2gSd4m
--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
Cosmin Sabou
79d933ec34
Backed out 22 changesets (bug 1399787) for shutdown leaks on windows 7 debug tc-M without e10s r=backout on a CLOSED TREE
...
Backed out changeset 463d676df5da (bug 1399787)
Backed out changeset fc9776a2605d (bug 1399787)
Backed out changeset 2e91a90dfbc3 (bug 1399787)
Backed out changeset e82ab72f71ee (bug 1399787)
Backed out changeset d7fef200e8b9 (bug 1399787)
Backed out changeset a7d70f7f3335 (bug 1399787)
Backed out changeset 2800f9d20d96 (bug 1399787)
Backed out changeset 9dfa404abf9d (bug 1399787)
Backed out changeset 09b3c172a01e (bug 1399787)
Backed out changeset f9fd3e750636 (bug 1399787)
Backed out changeset 01284c55bf8a (bug 1399787)
Backed out changeset c2ab1b454283 (bug 1399787)
Backed out changeset e7bfa51404c5 (bug 1399787)
Backed out changeset 3fd2a734f887 (bug 1399787)
Backed out changeset ef21f295db3f (bug 1399787)
Backed out changeset c186893ce0fc (bug 1399787)
Backed out changeset 323da3bddaaa (bug 1399787)
Backed out changeset 3b89f189edff (bug 1399787)
Backed out changeset a47bd86c35ee (bug 1399787)
Backed out changeset 558526301a4c (bug 1399787)
Backed out changeset baa99fb50ba9 (bug 1399787)
Backed out changeset 6d82ed0ba805 (bug 1399787)
2017-12-08 13:09:56 +02:00
cku
d70af3d034
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : 60e6d103573436d923f8b2b00c70cb2a4a7986df
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
Bob Owen
cd83addd77
Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm
2017-12-07 10:24:38 +00:00
Bob Owen
8ba04e79f9
Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz
2017-12-07 09:07:43 +00:00
Alex Gaynor
52d69a63ca
Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik
...
MozReview-Commit-ID: GJukCOAyE10
--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
2017-11-28 14:06:06 -05:00
Gabriele Svelto
80fbb39861
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
...
MozReview-Commit-ID: CfPBvffjEhq
--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
2017-10-10 15:25:39 +02:00
Jed Davis
db9ae514d1
Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp
...
Guest sessions on Ubuntu (and maybe other distributions that use
LightDM?) apply an AppArmor policy that allows CLONE_NEWUSER but doesn't
allow using any of the capabilities it grants, or even configuring the
new user namespace.
This patch causes those environments to be detected as not supporting
unprivileged user namespaces, because for all practical purposes they
don't.
MozReview-Commit-ID: HVkoBakRwaA
--HG--
extra : rebase_source : 4028eff177de30acc58f7f0c32989265dfcad9fd
2018-02-08 17:46:42 -07:00
Jared Wein
9788800512
Bug 1436575 - Manually fix the errors from no-compare-against-boolean-literal that the autofix couldn't change. r=standard8
...
MozReview-Commit-ID: 6NtfU76sPKv
--HG--
extra : rebase_source : 143891b98995658a5683e01631eba9f6a2bb7b6f
2018-02-08 13:35:53 -05:00
Bob Owen
ef5af7b0b1
Bug 1366701 Part 2: Roll-up patch to apply remaining mozilla changes to chromium sandbox. r=tabraldes,aklotz,jimm,bobowen
...
Patches re-applied from security/sandbox/chromium-shim/patches/after_update/.
See patch files for additional commit comments.
2014-11-29 17:12:18 +00:00
Bob Owen
6bd2ddcccd
Bug 1366701 Part 1: Roll-up of chromium sandbox update and mozilla patches to get a running browser. r=jld,aklotz,jimm,bobowen
...
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.
Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
2017-10-26 15:10:41 +01:00
Alex Gaynor
de761e28e1
Bug 1419811 - allow file content processes to access the com.apple.iconservices service; r=Gijs,haik
...
Directory listing for file URLs needs access to draw icons for files.
MozReview-Commit-ID: KIEx00gB5ia
--HG--
extra : rebase_source : 16aadb2f008f40233a2147dea384d9ed33310cb7
2017-11-22 11:51:32 -06:00
Gian-Carlo Pascutto
34be833347
Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
...
MozReview-Commit-ID: KahivmVJR1l
--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto
c979b7a21f
Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
...
MozReview-Commit-ID: DwwltKQg8x4
--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
2017-11-17 15:45:11 +01:00
Bob Owen
5a64c2aeb7
Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm
2017-11-16 18:10:00 +00:00
Jonathan Kew
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
Jed Davis
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
Alex Gaynor
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
shindli
897ae925f7
Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE
...
Backed out changeset 00edc1ac58f9 (bug 1365257)
--HG--
extra : rebase_source : d33f3bba71d1899e0f4a5051369c240e00ea42fe
2017-11-10 19:23:58 +02:00
Alex Gaynor
31e67fc86a
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : 10234bd7d837eae8dc915e4a0c0a37040fd0a280
2017-06-01 10:38:22 -04:00
Bob Owen
cd430d0c58
Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm
2017-11-08 08:06:14 +00:00
Jed Davis
0b91cda795
Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp
...
MozReview-Commit-ID: Bz4EWU13HAJ
--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
2017-10-31 18:12:43 -06:00
Jed Davis
de1cbf125f
Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
...
MozReview-Commit-ID: DY0qdGYGNdL
--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
2017-10-30 19:45:39 -06:00
Jed Davis
a2451f13e5
Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
...
See the previous patch for an explanation of the mistake that this is
meant to catch.
Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument. The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.
Therefore, this patch rejects any argument types larger than a word.
MozReview-Commit-ID: FVhpri4zcWk
--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
2017-10-27 19:51:26 -06:00
Jed Davis
6d4b2907e1
Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
...
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.
MozReview-Commit-ID: 5ldv6WbL2Z3
--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
2017-10-27 20:51:25 -06:00
Sebastian Hengst
1133016f04
Backed out 6 changesets (bug 1386404
) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE
...
Backed out changeset c80acdea24c1 (bug 1386404
)
Backed out changeset 6224ffae752a (bug 1386404
)
Backed out changeset 9eba087cf64a (bug 1386404
)
Backed out changeset eac6eb517096 (bug 1386404
)
Backed out changeset 802a00ea50e7 (bug 1386404
)
Backed out changeset d7f697bac6ef (bug 1386404
)
2017-11-03 20:28:00 +01:00
Gian-Carlo Pascutto
859dfba3ed
Bug 1386404
- Whitelist the prefix used by the XPCOM leak logs. r=haik
...
MozReview-Commit-ID: HI68lvyJIPQ
--HG--
extra : rebase_source : 95804e003ae2cde2b4baa1f5d1bba43d2d0830b5
2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto
9dd0bca893
Bug 1386404
- Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : b7fe3ad6317fafa382a2ad38c7d9d5338aeafc9b
2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
12fb914457
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : 821381f48b822415ae3d477341071099e7c1db54
2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
88fc2f8563
Bug 1386404
- Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 38bd2a2ffc593bf94b3c16f0c755d169d5998f7f
2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
fff36a228d
Bug 1386404
- Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : 083bf3d52e228ce953d31ef997f969a0e4a562ec
2017-10-12 11:18:25 +02:00
Haik Aftandilian
a6836496b3
Bug 1403260 - [Mac] Remove access to print server from content process sandbox. r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 8a6859d411b332aca404bb6a78b91cdae6b498c0
2017-10-30 11:14:08 -07:00
Sebastian Hengst
6979ea37b4
merge mozilla-central to autoland. r=merge a=merge
2017-10-30 23:58:16 +01:00
Bob Owen
e67fce9b1f
Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm
...
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
2017-10-30 16:28:26 +00:00
Jed Davis
6557099666
Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: ARc7EpfN73o
--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4
Backed out 4 changesets (bug 1386404
) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
...
Backed out changeset 36556e1a5ac7 (bug 1386404
)
Backed out changeset b136f90dc49f (bug 1386404
)
Backed out changeset 4600c2d575f9 (bug 1386404
)
Backed out changeset c2c40e4d9815 (bug 1386404
)
2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1
Bug 1386404
- Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d
Bug 1386404
- Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395
Bug 1386404
- Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
2017-10-12 11:18:25 +02:00
Attila Craciun
21363323fd
Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout.
...
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
2017-10-27 16:15:47 +03:00
Jed Davis
76b1bdf7de
Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: nKyIvMNQAt
--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0
Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp
...
MozReview-Commit-ID: JX81xpNBMIm
--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9
Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp
...
MozReview-Commit-ID: LAgORUSvDh9
--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa
Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp
...
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.
MozReview-Commit-ID: 6jAM65V32vK
--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
2017-10-25 11:04:34 -06:00
Phil Ringnalda
a173b09db6
Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests
...
MozReview-Commit-ID: IZNT5Jh8nzB
2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f
Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
2017-10-22 23:02:58 -07:00
Jed Davis
9bac6e88bd
Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: BDBTwlT82mf
--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
2017-07-24 17:33:07 -06:00
Haik Aftandilian
90adeb05d8
Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor
...
MozReview-Commit-ID: 5UaqiHBKd90
--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
2017-10-12 18:29:42 -07:00
Sebastian Hengst
32f7c8fec3
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 1h3kZyrtqSt
2017-10-17 11:45:16 +02:00
Matthew Gregan
28e8f43756
Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
...
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
2017-10-16 14:54:46 +13:00
Sebastian Hengst
f7efb5fc2c
Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-10-12 12:03:15 +02:00
Jim Mathies
17a6cb2cbf
Bug 1407766 - Remove symantec dlls from the content process dll blocklist due to process startup issues associated with symantec av products. r=bobowen
...
MozReview-Commit-ID: JMOIptO2y7F
2017-10-11 18:00:18 -05:00
Jed Davis
a9b7865141
Bug 1316153 - Remove base::ChildPrivileges from IPC. r=billm,bobowen
...
ChildPrivileges is a leftover from the B2G process model; it's now
mostly unused, except for the Windows sandbox using it to carry whether
a content process has file:/// access.
In general, when sandboxing needs to interact with process launch, the
inputs are some subset of: the GeckoProcessType, the subtype if content,
various prefs and even GPU configuration; and the resulting launch
adjustments are platform-specific. And on some platforms (e.g., OS X)
it's all done after launch. So a simple enum used cross-platform isn't
a good fit.
MozReview-Commit-ID: K31OHOpJzla
--HG--
extra : rebase_source : 3928b44eb86cd076bcac7897536590555237b76b
2017-09-08 16:16:50 -06:00
Gian-Carlo Pascutto
433feb3f7e
Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld
...
MozReview-Commit-ID: S5vq6suTU4
--HG--
extra : rebase_source : b82f3ff902ca6e4929a8458aa952f409e30356b5
2017-10-06 12:35:35 +02:00
Jed Davis
55a0096f3c
Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp
...
This removes the allow-all override in the content policy, which means it will
fall back to the more restrictive prctl policy in SandboxPolicyCommon.
MozReview-Commit-ID: CncoGi0HLxR
--HG--
extra : rebase_source : 6cb1834c56a1781f1512b7b078ba3469c3dd8537
2017-04-12 18:41:20 -06:00
Jed Davis
2a020d2e77
Bug 1408493 - Don't restrict ioctl() in sandboxed content if ALSA might be used. r=gcp
...
MozReview-Commit-ID: 61AmLLcPaWw
--HG--
extra : rebase_source : ba3ad2886b871a8753e9ac30c46fc3356f4fb1c4
2017-10-13 14:34:10 -06:00
Jed Davis
b61d9d2cbe
Bug 1408498 - Allow FIONREAD in sandboxed content processes, for libgio. r=gcp
...
MozReview-Commit-ID: 23mO3vCb7Gu
--HG--
extra : rebase_source : b0183cb4d8d6a5e6ab03e9d4e1db1a3bb76a3569
2017-10-13 14:32:43 -06:00
Jed Davis
df2e63a6ff
Bug 1408568 - Handle SandboxReport::ProcType::FILE correctly in XPCOM bindings. r=gcp
...
MozReview-Commit-ID: EwNTeG4cbZG
--HG--
extra : rebase_source : feed835fd56053644c5fa390d95884fc9b17439b
2017-10-13 17:33:01 -06:00
Bob Owen
ff9470afb1
Bug 1406068: Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm
...
I think that trying to slice this up by feature is just going to lead to complications down the line,
so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the
Alternate Desktop is enabled.
This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
2017-10-10 10:42:22 +01:00
Sebastian Hengst
c2d6023454
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 36L7JL73CzG
2017-10-09 23:52:04 +02:00
David Keeler
2a15781174
Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj
2017-09-15 14:47:54 -07:00
Jed Davis
3709f8d1e4
Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp
...
MozReview-Commit-ID: G1D4yxLAAqg
--HG--
extra : rebase_source : 2b13a20e324a3160ce393f7eb7913d78cc274419
2017-10-05 18:10:49 -06:00
Jed Davis
860bc842e2
Bug 1405891 - Block tty-related ioctl()s in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: KiBfibjLSfK
--HG--
extra : rebase_source : e0cdbb5026c03d2b5a12fb49161aee392efb4189
2017-10-05 19:53:31 -06:00
Haik Aftandilian
9d77bd9d20
Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : 092f1046a3f6b44c807f7632275615a6bdd674dd
2017-09-27 16:01:57 -07:00
Haik Aftandilian
1e86039b0d
Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
...
MozReview-Commit-ID: 2eTx1eM1fCM
--HG--
extra : rebase_source : c9c40b552b65a36b1ddb94e31ab04d84571e8d87
2017-10-04 10:50:48 -07:00
Haik Aftandilian
35249752a0
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 0f5a47e8504a38939a1c34a4bc4073bcdc1545d3
2017-10-02 15:17:15 -07:00
Haik Aftandilian
c0bfbc91e0
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 02db543e05109e764228862ef5c760a0132eb4c2
2017-10-05 16:06:36 -07:00
Sylvestre Ledru
e0ca72f574
Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp
...
MozReview-Commit-ID: 3ul84cttRAF
--HG--
extra : rebase_source : 6d5306ef859f2db6101c08fb6aad405ffce30696
2017-10-09 09:29:29 +02:00
Sebastian Hengst
6c211079d0
Backed out changeset 8198bc4c7e3c (bug 1393805)
2017-10-05 00:20:11 +02:00
Sebastian Hengst
d60d5571f3
Backed out changeset 45695eda1c1c (bug 1393805)
2017-10-05 00:20:06 +02:00
Sebastian Hengst
072e34c960
Backed out changeset 1ba3220d84fa (bug 1393805)
2017-10-05 00:20:00 +02:00
Sebastian Hengst
e8b4c9dc97
Backed out changeset 4fe99f70e199 (bug 1393805)
2017-10-05 00:19:55 +02:00
Haik Aftandilian
9a88df4221
Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : 01e3fe0acb051723219d9d5de5b1fd19d9751c34
2017-09-27 16:01:57 -07:00
Haik Aftandilian
e1dd4bac03
Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
...
MozReview-Commit-ID: 2eTx1eM1fCM
--HG--
extra : rebase_source : 25cff10f2887795ce954b5fbca74df41fefa5c3e
2017-10-04 10:50:48 -07:00
Haik Aftandilian
213bec3e84
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 33b71d3ab20c0fdf24bcee39d4395757031213be
2017-10-02 15:17:15 -07:00
Haik Aftandilian
165980edfa
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 492194ea7914d6f09b349f95b3eeea0bd003256a
2017-09-27 13:27:39 -07:00
Jed Davis
ae5c1fb5c6
Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp
...
MozReview-Commit-ID: JRRI9nd83TP
--HG--
extra : rebase_source : 3c5e3edd6606f33468120100f2a63533f1757935
2017-10-03 20:35:28 -06:00
Alex Gaynor
535c9e8dc3
Bug 1380674 - remove the ability to create directories in the content temp directory on macOS; r=haik
...
MozReview-Commit-ID: 8SDcDTqp2F5
--HG--
extra : rebase_source : e8094606e5a302db41f7d7fd22656b7e8697d549
2017-10-03 09:49:44 -04:00
Wes Kocher
83fd890d27
Merge m-c to autoland, a=merge CLOSED TREE
...
MozReview-Commit-ID: HeJwJwwTzhQ
2017-10-02 16:26:42 -07:00
Wes Kocher
382a7d90d6
Merge inbound to central, a=merge
...
MozReview-Commit-ID: CvJ9hmTQBcR
2017-10-02 16:22:37 -07:00
Gian-Carlo Pascutto
4ebb238032
Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld
...
MozReview-Commit-ID: LLwmPVtj0PE
--HG--
extra : rebase_source : 13d3a0cfce2ffc05280ce80d5d84e37b48f242e9
extra : histedit_source : e4e63c8a90c7b7ef16078d6ad9228b685e681c7e
2017-09-28 16:19:02 +02:00
Alex Gaynor
d755224ded
Bug 1403567 - Remove unused access to AppleGraphicsPolicyClient iokit from content process; r=haik
...
MozReview-Commit-ID: 9yTMgo2FNKm
--HG--
extra : rebase_source : 72cc3a295d8823460aae21ebe149ece2df69d087
2017-09-26 13:05:18 -04:00
Haik Aftandilian
414270b14a
Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor
...
MozReview-Commit-ID: L9vNruzMEez
--HG--
extra : rebase_source : 8530cbf1baef919a5a379564d190fb08674aa28d
2017-09-27 11:48:39 -07:00
Alex Gaynor
d1aef777b6
Bug 1404426 - Simplify the macOS content sandbox policy; r=haik
...
This does two things:
1) Move the level 3 rules to always be applicable, and simplifies level 2 accordingly
2) Consistently uses the raw string literal syntax for regexes
MozReview-Commit-ID: 6iwjOvRVMM7
--HG--
extra : rebase_source : 3ac59219ad0793a98bdb203fb3d247561216a560
2017-09-29 13:13:49 -04:00
Sebastian Hengst
5a95ac34b4
merge mozilla-central to autoland. r=merge a=merge
2017-09-29 11:49:46 +02:00
Haik Aftandilian
f39cc5cc25
Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r=Alex_Gaynor
...
MozReview-Commit-ID: JsgBzNJC4zF
--HG--
extra : rebase_source : deffeff5e6d39318c55bf3d487071139abaf3c92
2017-09-20 14:05:27 -07:00
David Parks
29d5db60ba
Bug 1403707 - Change content sandbox job level to JOB_LOCKDOWN. r=bobowen
...
Changing definition of Windows content sandbox level 4 (the current Nightly default) to increase the job level from JOB_RESTRICTED to JOB_LOCKDOWN.
2017-09-27 13:36:06 -07:00
Haik Aftandilian
fa37753064
Bug 1403744 - Part 2 - Test that the per-user extensions dir is readable from content on Windows. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : c86998b1738ee1f4d24562105acf63c20811b8a1
2017-09-29 12:44:22 -07:00
Haik Aftandilian
d54db04ac2
Bug 1403744 - Part 1 - Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR on Windows. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 00f91b3e1112766731119c1cbe14a08387202f60
2017-09-27 16:14:30 -07:00
Wes Kocher
9d9610f6a3
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: Kjjgw1Pdb3U
2017-09-26 17:15:46 -07:00
Bob Owen
8cf423ff54
Bug 1403230: Block WRusr.dll in child processes when using Alternate Desktop. r=jimm
2017-09-26 19:23:39 +01:00
Alex Gaynor
79cf374320
Bug 1403210 - Remove unused access to AppleSNBFBUserClient iokit from content process; r=haik
...
MozReview-Commit-ID: K4Z48UFfq2w
--HG--
extra : rebase_source : 8664f3e04503ecc48813d45d26b5433afcc65251
2017-09-26 11:32:01 -04:00
Jed Davis
d64e9b800d
Bug 1396542 - Let sandboxed content processes read /var/lib/dbus/machine-id. r=gcp
...
PulseAudio is the only thing that's known to need this. Note that the
same file often exists as /etc/machine-id, and we currently allow reading
all of /etc (which includes other fingerprinting hazards as well).
MozReview-Commit-ID: FoyKQzhAV6M
--HG--
extra : rebase_source : 593ee0b94cf507681a034d22cd06a9050d56b86a
2017-09-19 19:54:41 -06:00
Gian-Carlo Pascutto
38ecd4cad0
Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r=jld
...
MozReview-Commit-ID: 30j9VbHUjFn
--HG--
extra : rebase_source : f36d5ff8d54215899862621908d48b57ffa78af3
2017-09-13 15:55:07 +02:00
Jed Davis
bb7bbfa321
Bug 1363378 - Set close-on-exec in sandbox-related sockets held by parent process. r=gcp
...
If these aren't close-on-exec, they can be inherited by the crash
reporter process after the parent process has crashed and exited,
causing child processes to continue running when the IPC I/O thread blocks
in the file broker trying to open a GeckoChildCrash temp file.
(Empirically, the main thread then blocks waiting for the I/O thread.)
Operations that run on dedicated threads, like playing media, may
continue even though the main and IPC threads are locked up, resulting in
videos that keep playing sound even though the browser seems to no longer
exist.
If the broker socket is closed as expected when the parent process
exits, the child will return failure from the brokered file operation
and then go on to get an IPC error due to the parent process's
nonexistence, and will exit as normal.
This patch makes the same change to rejected syscall reporting, even
though that's a one-way asynchronous message with no response to wait
for, just in case something goes wrong enough to fill the entire socket
buffer but not so badly broken that it would wind up in an infinite loop
anyway.
SOCK_CLOEXEC has been present since Linux 2.6.26, and it would be used
only if seccomp-bpf is available, so it should be safe to use
unconditionally.
MozReview-Commit-ID: 7tDPBJILzlj
--HG--
extra : rebase_source : b797655dff2eea88c406d83dcee4a859f2a038b7
2017-09-13 12:25:35 -06:00
Sebastian Hengst
45bab258b7
merge mozilla-central to autoland. r=merge a=merge
2017-09-14 00:11:28 +02:00
Gian-Carlo Pascutto
bda88cac9f
Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r=jld
...
Also clean up the order of paths a bit.
MozReview-Commit-ID: GM62r4N9wL7
--HG--
extra : rebase_source : 7cf620e020808d01a38f38be1fcf2a841df26367
2017-09-13 13:41:21 +02:00
Bob Owen
2e66e542ea
Bug 1314801 Part 2: Enable MITIGATION_IMAGE_LOAD_NO_LOW_LABEL and MITIGATION_IMAGE_LOAD_NO_REMOTE on Windows content sandbox. r=jimm
2017-09-13 11:19:41 +01:00
Bob Owen
5e9dff873e
Bug 1314801 Part 1: Compile chromium sandbox features that require at least UCRT SDK version 10.0.10586.0. r=jimm
2017-09-13 11:19:41 +01:00
Jed Davis
e6cee20f4d
Bug 1397753 - Disallow kill() in sandboxed content processes. r=gcp
...
As a special case to deal with PulseAudio, testing for a process's
existence with kill(pid, 0) quietly fails with EPERM instead.
(I also added some commentary on umask, since I was touching that part of
the code anyway.)
MozReview-Commit-ID: CM0Aqii13j4
--HG--
extra : rebase_source : 44ef05e9a39a9eea4a649399c63b865f5523d43b
2017-09-07 08:29:02 -06:00
Jed Davis
db2eef4339
Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 7Qjcnrd7KqK
--HG--
extra : rebase_source : 98e9bcb247edad657d8e45e30901861a9193f249
2017-09-07 08:27:32 -06:00
Sebastian Hengst
ecf716b8bb
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: CmMBcpJapLy
2017-09-12 11:35:15 +02:00
Bob Owen
6b4635da55
Bug 1395952: Enhance telemetry for failed launch of Windows sandboxed process by process type/error code key. r=jimm, data-r=rweiss
...
Only one telemetry accumlation will occur for each key per session.
2017-09-12 07:53:52 +01:00
Chris Manchester
c0a229d4c3
Bug 1386876
- Replace all uses of DISABLE_STL_WRAPPING with a template, remove DISABLE_STL_WRAPPING. r=glandium
...
MozReview-Commit-ID: FMEtb5PY7iP
--HG--
extra : rebase_source : 3cdee7528846462c758e623d6bcd2e6e17dbabff
2017-09-11 11:33:26 -07:00
Eric Rahm
0617c21c24
Bug 1393230 - Part 2: Fix more improper string usages. r=njn
...
This fixes improper usages of Find where an offset was actually being use for
the boolean ignore case flag. It also fixes a few instances of passing in a
literal wchar_t to our functions where a NS_LITERAL_STRING or char16_t should
be used instead.
--HG--
extra : rebase_source : 5de1e9335895d65e6db06c510e8887d27be3390f
extra : source : f762f605dd83fc6331161a33e1ef5d54cafbd08d
2017-08-31 15:52:30 -07:00
Alex Gaynor
f7ab109d5e
Bug 1229829 - Part 2 - Use an alternate desktop on the local winstation for content processes; r=bobowen
...
MozReview-Commit-ID: ES52FwM5oFZ
--HG--
extra : rebase_source : 3893d3022f203eb0962f3bcc3490b35514285781
2017-08-16 09:55:19 -04:00
Alex Gaynor
dc31e19e84
Bug 1229829 - Part 1 - Apply chromium sandbox patches from upstream which improves alternate desktop support; r=bobowen
...
This is 0cb5dadc2b1f84fbbd9c6f75056e38d05a5b07d3 and
db4c64b63d6098294ed255e962700fd2d465575e in the chromium repository.
This allows a single process to create sandboxed children with alternate
desktops on both an alternate winstation and the local winstation.
MozReview-Commit-ID: 8sS7LjoveOk
--HG--
extra : rebase_source : 6915af73743f87ed74ddefe04210dbdd95bb56ed
2017-08-16 09:54:31 -04:00
Jed Davis
d7992cb0de
Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink(). r=gcp
...
MozReview-Commit-ID: 3VLXp7AJePQ
--HG--
extra : rebase_source : f0116599e133d3f7cc079ecdbf0dfaee7168be2d
2017-07-27 17:22:23 -06:00
Bob Owen
60cdfbd0a2
Bug 1392570: On Windows 7 don't attempt to use a job object for the sandbox when it will fail. r=jimm, data-r=rweiss
...
This patch also adds telemetry for when this occurs, breaking it down for local and remote sessions.
2017-09-01 14:05:49 +01:00
Gian-Carlo Pascutto
180dfb1325
Bug 1391494 - Enforce use of our own copy of strlcpy. r=jld
...
MozReview-Commit-ID: GQgGJBj1Hjc
--HG--
extra : rebase_source : ac110f76f199e8739b6eebaf123c7e6b58f77135
2017-08-24 19:12:14 +02:00
Haik Aftandilian
2cce1be1b0
Bug 1392988 - Firefox 55.02 on macOS High Sierra cannot play AES encrypted video. r=Alex_Gaynor
...
Adds access to video encoding/decoding services when running on macOS 10.13 High Sierra.
MozReview-Commit-ID: 6h4dZ6gkFtp
--HG--
extra : rebase_source : 8c5078b336631e3254fcaaf6727dff281c840159
2017-08-28 19:06:07 -07:00
James Forshaw
0b3b189961
Bug 1385928: Take new implementation of GetProcessBaseAddress from chromium commit f398005bc4ca0cc2dab2198faa99d4ee8f4da60d. r=jimm
...
This should fix issues we have seen with running Firefox from short name paths or moved binaries.
2017-08-15 09:29:46 +00:00
Jed Davis
11d8d1c88e
Backed out 3 changesets (bug 1380701, bug 1384804)
...
Backed out changeset afdd35ed8902 (bug 1384804)
Backed out changeset 9fb892c41a9e (bug 1380701)
Backed out changeset 0d56979a6efa (bug 1380701)
2017-08-24 15:02:48 -06:00
Haik Aftandilian
3fbdb1b349
Bug 1382260 - Patch 2 - [Mac] Allow reading of font files from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 9W5aqQweFmd
--HG--
extra : rebase_source : 9aa778bc08bee206e7f3340eac32ca2f46a4f81b
2017-08-18 16:12:07 -07:00
Haik Aftandilian
c90d8c6594
Bug 1382260 - Patch 1 - Fix file access test bug. r=Alex_Gaynor
...
Fix the file access check by adding missing parentheses to isDirectory method call.
Don't run the cookies file check on Linux because the test profile is read accessible due to being in /tmp.
MozReview-Commit-ID: lps2hk8f5U
--HG--
extra : rebase_source : 5fba75d65081e56df5a0d171c41689c489a3aace
2017-08-22 10:11:01 -07:00