Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-27 04:05:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
590,902 Commits 615 Branches 98 Tags 5.9 GiB
df78972f84
Commit Graph

998 Commits

Author SHA1 Message Date
Harald van Dijk
2877a35271 Bug 1430274 - Define MOZ_ALSA for more source files. r=jld 2018-01-18 15:18:37 -07:00
Gian-Carlo Pascutto
e5687f9731 Bug 1430118 - Look for log file names in the passed environment. r=bobowen 
MozReview-Commit-ID: HVUDYoEwjCd

--HG--
extra : rebase_source : 4121114558901489cd3954f433fe70bdea32a683
 2018-01-17 09:54:48 +01:00
Chris Peterson
37efe4d0e6 Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj 
MozReview-Commit-ID: DCPTnyBooIe

--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
 2017-11-05 19:37:28 -08:00
Haik Aftandilian
68c0e33233 Bug 1429133 - Some FontExplorer managed fonts are not rendered. r=Alex_Gaynor 
MozReview-Commit-ID: L5x3GNb3HGU

--HG--
extra : rebase_source : fd123e19142e98f4712db19d240b5c636aeb3ecf
 2018-01-10 11:33:47 -08:00
Csoregi Natalia
d07dee65a2 Backed out 6 changesets (bug 1386404) for failing /webdriver/test/ tests on Linux. r=backout on a CLOSED TREE 
Backed out changeset be1441859e8b (bug 1386404)
Backed out changeset 8dca7ef74c4a (bug 1386404)
Backed out changeset b7ca6ae185f2 (bug 1386404)
Backed out changeset 2c007d385ce4 (bug 1386404)
Backed out changeset fbe717b9a664 (bug 1386404)
Backed out changeset 14f1fbe5263a (bug 1386404)
 2018-01-10 14:08:51 +02:00
Gian-Carlo Pascutto
4f260fc76e Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik 
MozReview-Commit-ID: HI68lvyJIPQ

--HG--
extra : rebase_source : 75da730d240881928a6db230a85031e24cef23e0
 2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto
874a243297 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : ec91614556601e32f2604c3fb9f7d08156f834f3
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
9178b61a3d Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f331071eeba9fc0714a0df09ca102273b4ee7320
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
57d5d1c52a Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3384cb599a6d7b1aeba64e552ec4778ddab03f39
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
1a580a77b4 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik,jld 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : 7ff43ffe52f32ebbc7c866428e0d1d64dd05cbcb
 2018-01-09 16:29:40 +01:00
Gian-Carlo Pascutto
61cf15cc85 Bug 1297740. r=jld 2018-01-08 10:07:16 +01:00
Coroiu Cristina
ebae541f60 Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE 
Backed out changeset e2501f2e295e (bug 1297740)
 2018-01-06 00:59:25 +02:00
Gian-Carlo Pascutto
3178a4003d Bug 1297740. r=jld 
--HG--
extra : rebase_source : 1d7bd987eed365bf442ed7eb856d8413af3205dc
 2018-01-04 15:37:33 +01:00
Haik Aftandilian
f6cdb35b8f Bug 1421262 - [Mac] Add access to hw.cachelinesize sysctl, /Library/GPUBundles to content sandbox rules. r=Alex_Gaynor 
MozReview-Commit-ID: LBWA8XD64h

--HG--
extra : rebase_source : dac2ea615fdcbbd4d029bbbb28e3d935a4416deb
 2017-12-21 14:15:29 -08:00
Mark Banner
770685e15e Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler 
MozReview-Commit-ID: 4Kd9L8ExNGl

--HG--
extra : rebase_source : 02a5242629c7b597d7fd4e5e1373781fcbb82905
 2017-12-16 13:10:40 -06:00
Cosmin Sabou
6c33dde6ca Backed out 2 changesets (bug 1425688) on request from jorgk for breaking the Certificate Manager r=backout a=backout 
Backed out changeset f73324a4d033 (bug 1425688)
Backed out changeset bd2bf7b7fead (bug 1425688)
 2017-12-28 15:26:09 +02:00
Mark Banner
bed9b1d6c8 Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler 
MozReview-Commit-ID: 4Kd9L8ExNGl

--HG--
extra : rebase_source : d8383ef464e9f0d19c7642a07967f3e2fa56d0dc
 2017-12-16 13:10:40 -06:00
Jed Davis
eec54d4531 Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp 
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.

Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.

MozReview-Commit-ID: CiHsA6rOCrQ

--HG--
extra : rebase_source : 176c156116a44fb8dff3a5f421499b7e61175047
 2017-12-08 17:31:07 -07:00
Haik Aftandilian
4e95d558ac Bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes. r=Alex_Gaynor 
Allow read-metadata access to top-level directory entries.

MozReview-Commit-ID: 1Q7QXN2gX36

--HG--
extra : rebase_source : 86e3cc1906bb805e158c70c703ec204f11452199
 2017-12-18 12:58:30 -08:00
Csoregi Natalia
0393c9235f Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE 2017-12-19 02:49:50 +02:00
Jed Davis
b99c2f8096 Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp 
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.

Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.

MozReview-Commit-ID: CiHsA6rOCrQ

--HG--
extra : rebase_source : 43c52a1169d6f510c3dc83143736b9be7ed7141d
 2017-12-08 17:31:07 -07:00
Jed Davis
7dcac56405 Bug 1422198 - Log about failure to send a sandbox broker reply. r=gcp 
MozReview-Commit-ID: eDcoMHGFxo

--HG--
extra : rebase_source : 6033f39a290b7b3dcbcebfaa8712e838e63fc09e
 2017-12-08 14:43:36 -07:00
Alex Gaynor
bf2d3984cb Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r=haik 
MozReview-Commit-ID: LCU4TWNMs8T

--HG--
extra : rebase_source : b01ba6c163da653717c9201cba70b89540676330
 2017-12-12 14:58:46 -06:00
cku
07e7f9f727 Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt 
MozReview-Commit-ID: 6ED7EPZvOMR

--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
 2017-10-18 20:52:45 +08:00
Gurzau Raul
0fcc1a37e6 Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE 2017-12-09 00:57:59 +02:00
Bob Owen
e19c11cd2a Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm 2017-12-08 19:00:54 +00:00
Jed Davis
7e9b75f531 Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp 
getcwd won't do anything useful once we start chroot()ing to remove
filesystem access; with this patch it will at least fail the same way
regardless of whether user namespaces are available or if other factors
prevent complete FS isolation.

Bonus fix: improve the comments for this group of syscalls.

MozReview-Commit-ID: KueZzly2mlO

--HG--
extra : rebase_source : a6b5dbebbc4d2477909d46085499f2648091b94c
 2017-11-20 10:47:54 -07:00
Sylvestre Ledru
a9961096c0 Bug 1394734 - Simplify various corner cases r=glandium 
MozReview-Commit-ID: 4s4JdXZPvmv

--HG--
extra : rebase_source : c8f663c99442d41db5f81ac5fe1aa1f47fd5ed82
 2017-12-07 22:10:19 +01:00
Sylvestre Ledru
4591d82b23 Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium 
MozReview-Commit-ID: HbF5oT5HW6f

--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
 2017-12-07 22:09:38 +01:00
Sylvestre Ledru
5de63ef061 Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium 
MozReview-Commit-ID: 5orfnoude7h

--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
 2017-12-08 13:46:13 +01:00
Sylvestre Ledru
9bfe27d903 Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium 
MozReview-Commit-ID: 7duJk2gSd4m

--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
 2017-12-07 22:09:15 +01:00
Cosmin Sabou
79d933ec34 Backed out 22 changesets (bug 1399787) for shutdown leaks on windows 7 debug tc-M without e10s r=backout on a CLOSED TREE 
Backed out changeset 463d676df5da (bug 1399787)
Backed out changeset fc9776a2605d (bug 1399787)
Backed out changeset 2e91a90dfbc3 (bug 1399787)
Backed out changeset e82ab72f71ee (bug 1399787)
Backed out changeset d7fef200e8b9 (bug 1399787)
Backed out changeset a7d70f7f3335 (bug 1399787)
Backed out changeset 2800f9d20d96 (bug 1399787)
Backed out changeset 9dfa404abf9d (bug 1399787)
Backed out changeset 09b3c172a01e (bug 1399787)
Backed out changeset f9fd3e750636 (bug 1399787)
Backed out changeset 01284c55bf8a (bug 1399787)
Backed out changeset c2ab1b454283 (bug 1399787)
Backed out changeset e7bfa51404c5 (bug 1399787)
Backed out changeset 3fd2a734f887 (bug 1399787)
Backed out changeset ef21f295db3f (bug 1399787)
Backed out changeset c186893ce0fc (bug 1399787)
Backed out changeset 323da3bddaaa (bug 1399787)
Backed out changeset 3b89f189edff (bug 1399787)
Backed out changeset a47bd86c35ee (bug 1399787)
Backed out changeset 558526301a4c (bug 1399787)
Backed out changeset baa99fb50ba9 (bug 1399787)
Backed out changeset 6d82ed0ba805 (bug 1399787)
 2017-12-08 13:09:56 +02:00
cku
d70af3d034 Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt 
MozReview-Commit-ID: 6ED7EPZvOMR

--HG--
extra : rebase_source : 60e6d103573436d923f8b2b00c70cb2a4a7986df
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
 2017-10-18 20:52:45 +08:00
Bob Owen
cd83addd77 Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm 2017-12-07 10:24:38 +00:00
Bob Owen
8ba04e79f9 Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz 2017-12-07 09:07:43 +00:00
Alex Gaynor
52d69a63ca Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik 
MozReview-Commit-ID: GJukCOAyE10

--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
 2017-11-28 14:06:06 -05:00
Gabriele Svelto
80fbb39861 Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert 
MozReview-Commit-ID: CfPBvffjEhq

--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
 2017-10-10 15:25:39 +02:00
Jed Davis
db9ae514d1 Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp 
Guest sessions on Ubuntu (and maybe other distributions that use
LightDM?) apply an AppArmor policy that allows CLONE_NEWUSER but doesn't
allow using any of the capabilities it grants, or even configuring the
new user namespace.

This patch causes those environments to be detected as not supporting
unprivileged user namespaces, because for all practical purposes they
don't.

MozReview-Commit-ID: HVkoBakRwaA

--HG--
extra : rebase_source : 4028eff177de30acc58f7f0c32989265dfcad9fd
 2018-02-08 17:46:42 -07:00
Jared Wein
9788800512 Bug 1436575 - Manually fix the errors from no-compare-against-boolean-literal that the autofix couldn't change. r=standard8 
MozReview-Commit-ID: 6NtfU76sPKv

--HG--
extra : rebase_source : 143891b98995658a5683e01631eba9f6a2bb7b6f
 2018-02-08 13:35:53 -05:00
Bob Owen
ef5af7b0b1 Bug 1366701 Part 2: Roll-up patch to apply remaining mozilla changes to chromium sandbox. r=tabraldes,aklotz,jimm,bobowen 
Patches re-applied from security/sandbox/chromium-shim/patches/after_update/.
See patch files for additional commit comments.
 2014-11-29 17:12:18 +00:00
Bob Owen
6bd2ddcccd Bug 1366701 Part 1: Roll-up of chromium sandbox update and mozilla patches to get a running browser. r=jld,aklotz,jimm,bobowen 
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.

Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
 2017-10-26 15:10:41 +01:00
Alex Gaynor
de761e28e1 Bug 1419811 - allow file content processes to access the com.apple.iconservices service; r=Gijs,haik 
Directory listing for file URLs needs access to draw icons for files.

MozReview-Commit-ID: KIEx00gB5ia

--HG--
extra : rebase_source : 16aadb2f008f40233a2147dea384d9ed33310cb7
 2017-11-22 11:51:32 -06:00
Gian-Carlo Pascutto
34be833347 Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld 
MozReview-Commit-ID: KahivmVJR1l

--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
 2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto
c979b7a21f Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld 
MozReview-Commit-ID: DwwltKQg8x4

--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
 2017-11-17 15:45:11 +01:00
Bob Owen
5a64c2aeb7 Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm 2017-11-16 18:10:00 +00:00
Jonathan Kew
304ec4c15e Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik 2017-11-15 17:59:44 +00:00
Jed Davis
873f611a48 Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp 
MozReview-Commit-ID: JknJhF5umZc

--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
 2017-10-06 17:15:46 -06:00
Alex Gaynor
af821e1fe3 Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp 
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.

MozReview-Commit-ID: 4CsOf89vlRB

--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
 2017-06-01 10:38:22 -04:00
shindli
897ae925f7 Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE 
Backed out changeset 00edc1ac58f9 (bug 1365257)

--HG--
extra : rebase_source : d33f3bba71d1899e0f4a5051369c240e00ea42fe
 2017-11-10 19:23:58 +02:00
Alex Gaynor
31e67fc86a Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp 
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.

MozReview-Commit-ID: 4CsOf89vlRB

--HG--
extra : rebase_source : 10234bd7d837eae8dc915e4a0c0a37040fd0a280
 2017-06-01 10:38:22 -04:00
Bob Owen
cd430d0c58 Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm 2017-11-08 08:06:14 +00:00
Jed Davis
0b91cda795 Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp 
MozReview-Commit-ID: Bz4EWU13HAJ

--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
 2017-10-31 18:12:43 -06:00
Jed Davis
de1cbf125f Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp 
MozReview-Commit-ID: DY0qdGYGNdL

--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
 2017-10-30 19:45:39 -06:00
Jed Davis
a2451f13e5 Bug 1412480 - Statically check for overly large syscall arguments. r=gcp 
See the previous patch for an explanation of the mistake that this is
meant to catch.

Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument.  The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.

Therefore, this patch rejects any argument types larger than a word.

MozReview-Commit-ID: FVhpri4zcWk

--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
 2017-10-27 19:51:26 -06:00
Jed Davis
6d4b2907e1 Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp 
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.

MozReview-Commit-ID: 5ldv6WbL2Z3

--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
 2017-10-27 20:51:25 -06:00
Sebastian Hengst
1133016f04 Backed out 6 changesets (bug 1386404) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE 
Backed out changeset c80acdea24c1 (bug 1386404)
Backed out changeset 6224ffae752a (bug 1386404)
Backed out changeset 9eba087cf64a (bug 1386404)
Backed out changeset eac6eb517096 (bug 1386404)
Backed out changeset 802a00ea50e7 (bug 1386404)
Backed out changeset d7f697bac6ef (bug 1386404)
 2017-11-03 20:28:00 +01:00
Gian-Carlo Pascutto
859dfba3ed Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik 
MozReview-Commit-ID: HI68lvyJIPQ

--HG--
extra : rebase_source : 95804e003ae2cde2b4baa1f5d1bba43d2d0830b5
 2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto
9dd0bca893 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : b7fe3ad6317fafa382a2ad38c7d9d5338aeafc9b
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
12fb914457 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : 821381f48b822415ae3d477341071099e7c1db54
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
88fc2f8563 Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 38bd2a2ffc593bf94b3c16f0c755d169d5998f7f
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
fff36a228d Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : 083bf3d52e228ce953d31ef997f969a0e4a562ec
 2017-10-12 11:18:25 +02:00
Haik Aftandilian
a6836496b3 Bug 1403260 - [Mac] Remove access to print server from content process sandbox. r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 8a6859d411b332aca404bb6a78b91cdae6b498c0
 2017-10-30 11:14:08 -07:00
Sebastian Hengst
6979ea37b4 merge mozilla-central to autoland. r=merge a=merge 2017-10-30 23:58:16 +01:00
Bob Owen
e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Jed Davis
6557099666 Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: ARc7EpfN73o

--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
 2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
 2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
 2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4 Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE 
Backed out changeset 36556e1a5ac7 (bug 1386404)
Backed out changeset b136f90dc49f (bug 1386404)
Backed out changeset 4600c2d575f9 (bug 1386404)
Backed out changeset c2c40e4d9815 (bug 1386404)
 2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
 2017-10-12 11:18:25 +02:00
Attila Craciun
21363323fd Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout. 
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
 2017-10-27 16:15:47 +03:00
Jed Davis
76b1bdf7de Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp 
MozReview-Commit-ID: nKyIvMNQAt

--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
 2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416 Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
 2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
 2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9 Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp 
MozReview-Commit-ID: LAgORUSvDh9

--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
 2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp 
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.

MozReview-Commit-ID: 6jAM65V32vK

--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
 2017-10-25 11:04:34 -06:00
Phil Ringnalda
a173b09db6 Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests 
MozReview-Commit-ID: IZNT5Jh8nzB
 2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
 2017-10-22 23:02:58 -07:00
Jed Davis
9bac6e88bd Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp 
MozReview-Commit-ID: BDBTwlT82mf

--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
 2017-07-24 17:33:07 -06:00
Haik Aftandilian
90adeb05d8 Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor 
MozReview-Commit-ID: 5UaqiHBKd90

--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
 2017-10-12 18:29:42 -07:00
Sebastian Hengst
32f7c8fec3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 1h3kZyrtqSt
 2017-10-17 11:45:16 +02:00
Matthew Gregan
28e8f43756 Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld 
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
 2017-10-16 14:54:46 +13:00
Sebastian Hengst
f7efb5fc2c Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE 2017-10-12 12:03:15 +02:00
Jim Mathies
17a6cb2cbf Bug 1407766 - Remove symantec dlls from the content process dll blocklist due to process startup issues associated with symantec av products. r=bobowen 
MozReview-Commit-ID: JMOIptO2y7F
 2017-10-11 18:00:18 -05:00
Jed Davis
a9b7865141 Bug 1316153 - Remove base::ChildPrivileges from IPC. r=billm,bobowen 
ChildPrivileges is a leftover from the B2G process model; it's now
mostly unused, except for the Windows sandbox using it to carry whether
a content process has file:/// access.

In general, when sandboxing needs to interact with process launch, the
inputs are some subset of: the GeckoProcessType, the subtype if content,
various prefs and even GPU configuration; and the resulting launch
adjustments are platform-specific.  And on some platforms (e.g., OS X)
it's all done after launch.  So a simple enum used cross-platform isn't
a good fit.

MozReview-Commit-ID: K31OHOpJzla

--HG--
extra : rebase_source : 3928b44eb86cd076bcac7897536590555237b76b
 2017-09-08 16:16:50 -06:00
Gian-Carlo Pascutto
433feb3f7e Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld 
MozReview-Commit-ID: S5vq6suTU4

--HG--
extra : rebase_source : b82f3ff902ca6e4929a8458aa952f409e30356b5
 2017-10-06 12:35:35 +02:00
Jed Davis
55a0096f3c Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp 
This removes the allow-all override in the content policy, which means it will
fall back to the more restrictive prctl policy in SandboxPolicyCommon.

MozReview-Commit-ID: CncoGi0HLxR

--HG--
extra : rebase_source : 6cb1834c56a1781f1512b7b078ba3469c3dd8537
 2017-04-12 18:41:20 -06:00
Jed Davis
2a020d2e77 Bug 1408493 - Don't restrict ioctl() in sandboxed content if ALSA might be used. r=gcp 
MozReview-Commit-ID: 61AmLLcPaWw

--HG--
extra : rebase_source : ba3ad2886b871a8753e9ac30c46fc3356f4fb1c4
 2017-10-13 14:34:10 -06:00
Jed Davis
b61d9d2cbe Bug 1408498 - Allow FIONREAD in sandboxed content processes, for libgio. r=gcp 
MozReview-Commit-ID: 23mO3vCb7Gu

--HG--
extra : rebase_source : b0183cb4d8d6a5e6ab03e9d4e1db1a3bb76a3569
 2017-10-13 14:32:43 -06:00
Jed Davis
df2e63a6ff Bug 1408568 - Handle SandboxReport::ProcType::FILE correctly in XPCOM bindings. r=gcp 
MozReview-Commit-ID: EwNTeG4cbZG

--HG--
extra : rebase_source : feed835fd56053644c5fa390d95884fc9b17439b
 2017-10-13 17:33:01 -06:00
Bob Owen
ff9470afb1 Bug 1406068: Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm 
I think that trying to slice this up by feature is just going to lead to complications down the line,
so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the
Alternate Desktop is enabled.
This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
 2017-10-10 10:42:22 +01:00
Sebastian Hengst
c2d6023454 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 36L7JL73CzG
 2017-10-09 23:52:04 +02:00
David Keeler
2a15781174 Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj 2017-09-15 14:47:54 -07:00
Jed Davis
3709f8d1e4 Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp 
MozReview-Commit-ID: G1D4yxLAAqg

--HG--
extra : rebase_source : 2b13a20e324a3160ce393f7eb7913d78cc274419
 2017-10-05 18:10:49 -06:00
Jed Davis
860bc842e2 Bug 1405891 - Block tty-related ioctl()s in sandboxed content processes. r=gcp 
MozReview-Commit-ID: KiBfibjLSfK

--HG--
extra : rebase_source : e0cdbb5026c03d2b5a12fb49161aee392efb4189
 2017-10-05 19:53:31 -06:00
Haik Aftandilian
9d77bd9d20 Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : 092f1046a3f6b44c807f7632275615a6bdd674dd
 2017-09-27 16:01:57 -07:00
Haik Aftandilian
1e86039b0d Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp 
MozReview-Commit-ID: 2eTx1eM1fCM

--HG--
extra : rebase_source : c9c40b552b65a36b1ddb94e31ab04d84571e8d87
 2017-10-04 10:50:48 -07:00
Haik Aftandilian
35249752a0 Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 0f5a47e8504a38939a1c34a4bc4073bcdc1545d3
 2017-10-02 15:17:15 -07:00
Haik Aftandilian
c0bfbc91e0 Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor 
MozReview-Commit-ID: ADkcqFAsKaY

--HG--
extra : rebase_source : 02db543e05109e764228862ef5c760a0132eb4c2
 2017-10-05 16:06:36 -07:00
Sylvestre Ledru
e0ca72f574 Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp 
MozReview-Commit-ID: 3ul84cttRAF

--HG--
extra : rebase_source : 6d5306ef859f2db6101c08fb6aad405ffce30696
 2017-10-09 09:29:29 +02:00
Sebastian Hengst
6c211079d0 Backed out changeset 8198bc4c7e3c (bug 1393805) 2017-10-05 00:20:11 +02:00
Sebastian Hengst
d60d5571f3 Backed out changeset 45695eda1c1c (bug 1393805) 2017-10-05 00:20:06 +02:00
Sebastian Hengst
072e34c960 Backed out changeset 1ba3220d84fa (bug 1393805) 2017-10-05 00:20:00 +02:00
Sebastian Hengst
e8b4c9dc97 Backed out changeset 4fe99f70e199 (bug 1393805) 2017-10-05 00:19:55 +02:00
Haik Aftandilian
9a88df4221 Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : 01e3fe0acb051723219d9d5de5b1fd19d9751c34
 2017-09-27 16:01:57 -07:00
Haik Aftandilian
e1dd4bac03 Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp 
MozReview-Commit-ID: 2eTx1eM1fCM

--HG--
extra : rebase_source : 25cff10f2887795ce954b5fbca74df41fefa5c3e
 2017-10-04 10:50:48 -07:00
Haik Aftandilian
213bec3e84 Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 33b71d3ab20c0fdf24bcee39d4395757031213be
 2017-10-02 15:17:15 -07:00
Haik Aftandilian
165980edfa Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor 
MozReview-Commit-ID: ADkcqFAsKaY

--HG--
extra : rebase_source : 492194ea7914d6f09b349f95b3eeea0bd003256a
 2017-09-27 13:27:39 -07:00
Jed Davis
ae5c1fb5c6 Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp 
MozReview-Commit-ID: JRRI9nd83TP

--HG--
extra : rebase_source : 3c5e3edd6606f33468120100f2a63533f1757935
 2017-10-03 20:35:28 -06:00
Alex Gaynor
535c9e8dc3 Bug 1380674 - remove the ability to create directories in the content temp directory on macOS; r=haik 
MozReview-Commit-ID: 8SDcDTqp2F5

--HG--
extra : rebase_source : e8094606e5a302db41f7d7fd22656b7e8697d549
 2017-10-03 09:49:44 -04:00
Wes Kocher
83fd890d27 Merge m-c to autoland, a=merge CLOSED TREE 
MozReview-Commit-ID: HeJwJwwTzhQ
 2017-10-02 16:26:42 -07:00
Wes Kocher
382a7d90d6 Merge inbound to central, a=merge 
MozReview-Commit-ID: CvJ9hmTQBcR
 2017-10-02 16:22:37 -07:00
Gian-Carlo Pascutto
4ebb238032 Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld 
MozReview-Commit-ID: LLwmPVtj0PE

--HG--
extra : rebase_source : 13d3a0cfce2ffc05280ce80d5d84e37b48f242e9
extra : histedit_source : e4e63c8a90c7b7ef16078d6ad9228b685e681c7e
 2017-09-28 16:19:02 +02:00
Alex Gaynor
d755224ded Bug 1403567 - Remove unused access to AppleGraphicsPolicyClient iokit from content process; r=haik 
MozReview-Commit-ID: 9yTMgo2FNKm

--HG--
extra : rebase_source : 72cc3a295d8823460aae21ebe149ece2df69d087
 2017-09-26 13:05:18 -04:00
Haik Aftandilian
414270b14a Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor 
MozReview-Commit-ID: L9vNruzMEez

--HG--
extra : rebase_source : 8530cbf1baef919a5a379564d190fb08674aa28d
 2017-09-27 11:48:39 -07:00
Alex Gaynor
d1aef777b6 Bug 1404426 - Simplify the macOS content sandbox policy; r=haik 
This does two things:

1) Move the level 3 rules to always be applicable, and simplifies level 2 accordingly
2) Consistently uses the raw string literal syntax for regexes

MozReview-Commit-ID: 6iwjOvRVMM7

--HG--
extra : rebase_source : 3ac59219ad0793a98bdb203fb3d247561216a560
 2017-09-29 13:13:49 -04:00
Sebastian Hengst
5a95ac34b4 merge mozilla-central to autoland. r=merge a=merge 2017-09-29 11:49:46 +02:00
Haik Aftandilian
f39cc5cc25 Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r=Alex_Gaynor 
MozReview-Commit-ID: JsgBzNJC4zF

--HG--
extra : rebase_source : deffeff5e6d39318c55bf3d487071139abaf3c92
 2017-09-20 14:05:27 -07:00
David Parks
29d5db60ba Bug 1403707 - Change content sandbox job level to JOB_LOCKDOWN. r=bobowen 
Changing definition of Windows content sandbox level 4 (the current Nightly default) to increase the job level from JOB_RESTRICTED to JOB_LOCKDOWN.
 2017-09-27 13:36:06 -07:00
Haik Aftandilian
fa37753064 Bug 1403744 - Part 2 - Test that the per-user extensions dir is readable from content on Windows. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : c86998b1738ee1f4d24562105acf63c20811b8a1
 2017-09-29 12:44:22 -07:00
Haik Aftandilian
d54db04ac2 Bug 1403744 - Part 1 - Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR on Windows. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 00f91b3e1112766731119c1cbe14a08387202f60
 2017-09-27 16:14:30 -07:00
Wes Kocher
9d9610f6a3 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: Kjjgw1Pdb3U
 2017-09-26 17:15:46 -07:00
Bob Owen
8cf423ff54 Bug 1403230: Block WRusr.dll in child processes when using Alternate Desktop. r=jimm 2017-09-26 19:23:39 +01:00
Alex Gaynor
79cf374320 Bug 1403210 - Remove unused access to AppleSNBFBUserClient iokit from content process; r=haik 
MozReview-Commit-ID: K4Z48UFfq2w

--HG--
extra : rebase_source : 8664f3e04503ecc48813d45d26b5433afcc65251
 2017-09-26 11:32:01 -04:00
Jed Davis
d64e9b800d Bug 1396542 - Let sandboxed content processes read /var/lib/dbus/machine-id. r=gcp 
PulseAudio is the only thing that's known to need this.  Note that the
same file often exists as /etc/machine-id, and we currently allow reading
all of /etc (which includes other fingerprinting hazards as well).

MozReview-Commit-ID: FoyKQzhAV6M

--HG--
extra : rebase_source : 593ee0b94cf507681a034d22cd06a9050d56b86a
 2017-09-19 19:54:41 -06:00
Gian-Carlo Pascutto
38ecd4cad0 Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r=jld 
MozReview-Commit-ID: 30j9VbHUjFn

--HG--
extra : rebase_source : f36d5ff8d54215899862621908d48b57ffa78af3
 2017-09-13 15:55:07 +02:00
Jed Davis
bb7bbfa321 Bug 1363378 - Set close-on-exec in sandbox-related sockets held by parent process. r=gcp 
If these aren't close-on-exec, they can be inherited by the crash
reporter process after the parent process has crashed and exited,
causing child processes to continue running when the IPC I/O thread blocks
in the file broker trying to open a GeckoChildCrash temp file.
(Empirically, the main thread then blocks waiting for the I/O thread.)

Operations that run on dedicated threads, like playing media, may
continue even though the main and IPC threads are locked up, resulting in
videos that keep playing sound even though the browser seems to no longer
exist.

If the broker socket is closed as expected when the parent process
exits, the child will return failure from the brokered file operation
and then go on to get an IPC error due to the parent process's
nonexistence, and will exit as normal.

This patch makes the same change to rejected syscall reporting, even
though that's a one-way asynchronous message with no response to wait
for, just in case something goes wrong enough to fill the entire socket
buffer but not so badly broken that it would wind up in an infinite loop
anyway.

SOCK_CLOEXEC has been present since Linux 2.6.26, and it would be used
only if seccomp-bpf is available, so it should be safe to use
unconditionally.

MozReview-Commit-ID: 7tDPBJILzlj

--HG--
extra : rebase_source : b797655dff2eea88c406d83dcee4a859f2a038b7
 2017-09-13 12:25:35 -06:00
Sebastian Hengst
45bab258b7 merge mozilla-central to autoland. r=merge a=merge 2017-09-14 00:11:28 +02:00
Gian-Carlo Pascutto
bda88cac9f Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r=jld 
Also clean up the order of paths a bit.

MozReview-Commit-ID: GM62r4N9wL7

--HG--
extra : rebase_source : 7cf620e020808d01a38f38be1fcf2a841df26367
 2017-09-13 13:41:21 +02:00
Bob Owen
2e66e542ea Bug 1314801 Part 2: Enable MITIGATION_IMAGE_LOAD_NO_LOW_LABEL and MITIGATION_IMAGE_LOAD_NO_REMOTE on Windows content sandbox. r=jimm 2017-09-13 11:19:41 +01:00
Bob Owen
5e9dff873e Bug 1314801 Part 1: Compile chromium sandbox features that require at least UCRT SDK version 10.0.10586.0. r=jimm 2017-09-13 11:19:41 +01:00
Jed Davis
e6cee20f4d Bug 1397753 - Disallow kill() in sandboxed content processes. r=gcp 
As a special case to deal with PulseAudio, testing for a process's
existence with kill(pid, 0) quietly fails with EPERM instead.

(I also added some commentary on umask, since I was touching that part of
the code anyway.)

MozReview-Commit-ID: CM0Aqii13j4

--HG--
extra : rebase_source : 44ef05e9a39a9eea4a649399c63b865f5523d43b
 2017-09-07 08:29:02 -06:00
Jed Davis
db2eef4339 Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 7Qjcnrd7KqK

--HG--
extra : rebase_source : 98e9bcb247edad657d8e45e30901861a9193f249
 2017-09-07 08:27:32 -06:00
Sebastian Hengst
ecf716b8bb merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: CmMBcpJapLy
 2017-09-12 11:35:15 +02:00
Bob Owen
6b4635da55 Bug 1395952: Enhance telemetry for failed launch of Windows sandboxed process by process type/error code key. r=jimm, data-r=rweiss 
Only one telemetry accumlation will occur for each key per session.
 2017-09-12 07:53:52 +01:00
Chris Manchester
c0a229d4c3 Bug 1386876 - Replace all uses of DISABLE_STL_WRAPPING with a template, remove DISABLE_STL_WRAPPING. r=glandium 
MozReview-Commit-ID: FMEtb5PY7iP

--HG--
extra : rebase_source : 3cdee7528846462c758e623d6bcd2e6e17dbabff
 2017-09-11 11:33:26 -07:00
Eric Rahm
0617c21c24 Bug 1393230 - Part 2: Fix more improper string usages. r=njn 
This fixes improper usages of Find where an offset was actually being use for
the boolean ignore case flag. It also fixes a few instances of passing in a
literal wchar_t to our functions where a NS_LITERAL_STRING or char16_t should
be used instead.

--HG--
extra : rebase_source : 5de1e9335895d65e6db06c510e8887d27be3390f
extra : source : f762f605dd83fc6331161a33e1ef5d54cafbd08d
 2017-08-31 15:52:30 -07:00
Alex Gaynor
f7ab109d5e Bug 1229829 - Part 2 - Use an alternate desktop on the local winstation for content processes; r=bobowen 
MozReview-Commit-ID: ES52FwM5oFZ

--HG--
extra : rebase_source : 3893d3022f203eb0962f3bcc3490b35514285781
 2017-08-16 09:55:19 -04:00
Alex Gaynor
dc31e19e84 Bug 1229829 - Part 1 - Apply chromium sandbox patches from upstream which improves alternate desktop support; r=bobowen 
This is 0cb5dadc2b1f84fbbd9c6f75056e38d05a5b07d3 and
db4c64b63d6098294ed255e962700fd2d465575e in the chromium repository.

This allows a single process to create sandboxed children with alternate
desktops on both an alternate winstation and the local winstation.

MozReview-Commit-ID: 8sS7LjoveOk

--HG--
extra : rebase_source : 6915af73743f87ed74ddefe04210dbdd95bb56ed
 2017-08-16 09:54:31 -04:00
Jed Davis
d7992cb0de Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink(). r=gcp 
MozReview-Commit-ID: 3VLXp7AJePQ

--HG--
extra : rebase_source : f0116599e133d3f7cc079ecdbf0dfaee7168be2d
 2017-07-27 17:22:23 -06:00
Bob Owen
60cdfbd0a2 Bug 1392570: On Windows 7 don't attempt to use a job object for the sandbox when it will fail. r=jimm, data-r=rweiss 
This patch also adds telemetry for when this occurs, breaking it down for local and remote sessions.
 2017-09-01 14:05:49 +01:00
Gian-Carlo Pascutto
180dfb1325 Bug 1391494 - Enforce use of our own copy of strlcpy. r=jld 
MozReview-Commit-ID: GQgGJBj1Hjc

--HG--
extra : rebase_source : ac110f76f199e8739b6eebaf123c7e6b58f77135
 2017-08-24 19:12:14 +02:00
Haik Aftandilian
2cce1be1b0 Bug 1392988 - Firefox 55.02 on macOS High Sierra cannot play AES encrypted video. r=Alex_Gaynor 
Adds access to video encoding/decoding services when running on macOS 10.13 High Sierra.

MozReview-Commit-ID: 6h4dZ6gkFtp

--HG--
extra : rebase_source : 8c5078b336631e3254fcaaf6727dff281c840159
 2017-08-28 19:06:07 -07:00
James Forshaw
0b3b189961 Bug 1385928: Take new implementation of GetProcessBaseAddress from chromium commit f398005bc4ca0cc2dab2198faa99d4ee8f4da60d. r=jimm 
This should fix issues we have seen with running Firefox from short name paths or moved binaries.
 2017-08-15 09:29:46 +00:00
Jed Davis
11d8d1c88e Backed out 3 changesets (bug 1380701, bug 1384804) 
Backed out changeset afdd35ed8902 (bug 1384804)
Backed out changeset 9fb892c41a9e (bug 1380701)
Backed out changeset 0d56979a6efa (bug 1380701)
 2017-08-24 15:02:48 -06:00
Haik Aftandilian
3fbdb1b349 Bug 1382260 - Patch 2 - [Mac] Allow reading of font files from the content sandbox. r=Alex_Gaynor 
MozReview-Commit-ID: 9W5aqQweFmd

--HG--
extra : rebase_source : 9aa778bc08bee206e7f3340eac32ca2f46a4f81b
 2017-08-18 16:12:07 -07:00
Haik Aftandilian
c90d8c6594 Bug 1382260 - Patch 1 - Fix file access test bug. r=Alex_Gaynor 
Fix the file access check by adding missing parentheses to isDirectory method call.

Don't run the cookies file check on Linux because the test profile is read accessible due to being in /tmp.

MozReview-Commit-ID: lps2hk8f5U

--HG--
extra : rebase_source : 5fba75d65081e56df5a0d171c41689c489a3aace
 2017-08-22 10:11:01 -07:00