зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1369670 Part 2: On Windows resolve junction points and symlinks in any paths that are used for sandbox policy rules. r=jimm
This commit is contained in:
Родитель
066ccbd3da
Коммит
0179001ce3
|
@ -51,6 +51,7 @@
|
|||
#if defined(MOZ_SANDBOX)
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
#include "WinUtils.h"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -501,7 +502,17 @@ GeckoChildProcessHost::SetChildLogName(const char* varName, const char* origLogN
|
|||
// the path against the sanboxing rules as passed to fopen (left relative).
|
||||
char absPath[MAX_PATH + 2];
|
||||
if (_fullpath(absPath, origLogName, sizeof(absPath))) {
|
||||
buffer.Append(absPath);
|
||||
#ifdef MOZ_SANDBOX
|
||||
// We need to make sure the child log name doesn't contain any junction
|
||||
// points or symlinks or the sandbox will reject rules to allow writing.
|
||||
std::wstring resolvedPath(NS_ConvertUTF8toUTF16(absPath).get());
|
||||
if (widget::WinUtils::ResolveJunctionPointsAndSymLinks(resolvedPath)) {
|
||||
AppendUTF16toUTF8(resolvedPath.c_str(), buffer);
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
buffer.Append(absPath);
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
|
|
|
@ -68,6 +68,9 @@
|
|||
#if (defined(XP_WIN) || defined(XP_MACOSX))
|
||||
#include "nsIUUIDGenerator.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#if defined(XP_WIN)
|
||||
#include "WinUtils.h"
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -119,6 +122,20 @@ nsXREDirProvider::Initialize(nsIFile *aXULAppDir,
|
|||
mAppProvider = aAppProvider;
|
||||
mXULAppDir = aXULAppDir;
|
||||
mGREDir = aGREDir;
|
||||
#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// The GRE directory can be used in sandbox rules, so we need to make sure
|
||||
// it doesn't contain any junction points or symlinks or the sandbox will
|
||||
// reject those rules.
|
||||
if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mGREDir)) {
|
||||
NS_WARNING("Failed to resolve GRE Dir.");
|
||||
}
|
||||
// If the mXULAppDir is different it lives below the mGREDir. To avoid
|
||||
// confusion resolve that as well even though we don't need it for sandbox
|
||||
// rules. Some tests rely on this for example.
|
||||
if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mXULAppDir)) {
|
||||
NS_WARNING("Failed to resolve XUL App Dir.");
|
||||
}
|
||||
#endif
|
||||
mGREDir->Clone(getter_AddRefs(mGREBinDir));
|
||||
#ifdef XP_MACOSX
|
||||
mGREBinDir->SetNativeLeafName(NS_LITERAL_CSTRING("MacOS"));
|
||||
|
@ -182,6 +199,14 @@ nsXREDirProvider::SetProfile(nsIFile* aDir, nsIFile* aLocalDir)
|
|||
|
||||
mProfileDir = aDir;
|
||||
mProfileLocalDir = aLocalDir;
|
||||
#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// The profile directory can be used in sandbox rules, so we need to make sure
|
||||
// it doesn't contain any junction points or symlinks or the sandbox will
|
||||
// reject those rules.
|
||||
if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mProfileDir)) {
|
||||
NS_WARNING("Failed to resolve Profile Dir.");
|
||||
}
|
||||
#endif
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -678,12 +703,24 @@ nsXREDirProvider::LoadContentProcessTempDir()
|
|||
mContentTempDir = GetContentProcessSandboxTempDir();
|
||||
}
|
||||
|
||||
if (mContentTempDir) {
|
||||
return NS_OK;
|
||||
} else {
|
||||
return NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
|
||||
getter_AddRefs(mContentTempDir));
|
||||
if (!mContentTempDir) {
|
||||
nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
|
||||
getter_AddRefs(mContentTempDir));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(XP_WIN)
|
||||
// The content temp dir can be used in sandbox rules, so we need to make sure
|
||||
// it doesn't contain any junction points or symlinks or the sandbox will
|
||||
// reject those rules.
|
||||
if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mContentTempDir)) {
|
||||
NS_WARNING("Failed to resolve Content Temp Dir.");
|
||||
}
|
||||
#endif
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
static bool
|
||||
|
|
|
@ -1859,6 +1859,31 @@ WinUtils::ResolveJunctionPointsAndSymLinks(std::wstring& aPath)
|
|||
return true;
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool
|
||||
WinUtils::ResolveJunctionPointsAndSymLinks(nsIFile* aPath)
|
||||
{
|
||||
MOZ_ASSERT(aPath);
|
||||
|
||||
nsAutoString filePath;
|
||||
nsresult rv = aPath->GetPath(filePath);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::wstring resolvedPath(filePath.get());
|
||||
if (!ResolveJunctionPointsAndSymLinks(resolvedPath)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
rv = aPath->InitWithPath(nsDependentString(resolvedPath.c_str()));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool
|
||||
WinUtils::SanitizePath(const wchar_t* aInputPath, nsAString& aOutput)
|
||||
|
|
|
@ -479,6 +479,7 @@ public:
|
|||
* remain unchanged.
|
||||
*/
|
||||
static bool ResolveJunctionPointsAndSymLinks(std::wstring& aPath);
|
||||
static bool ResolveJunctionPointsAndSymLinks(nsIFile* aPath);
|
||||
|
||||
static void Initialize();
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче