Bug 1369670 Part 2: On Windows resolve junction points and symlinks in any paths that are used for sandbox policy rules. r=jimm

ipc/glue/GeckoChildProcessHost.cpp

@@ -51,6 +51,7 @@
 #if defined(MOZ_SANDBOX)
 #include "mozilla/Preferences.h"
 #include "mozilla/sandboxing/sandboxLogging.h"
+#include "WinUtils.h"
 #endif
 #endif
 
@@ -501,7 +502,17 @@ GeckoChildProcessHost::SetChildLogName(const char* varName, const char* origLogN
   // the path against the sanboxing rules as passed to fopen (left relative).
   char absPath[MAX_PATH + 2];
   if (_fullpath(absPath, origLogName, sizeof(absPath))) {
-    buffer.Append(absPath);
+#ifdef MOZ_SANDBOX
+    // We need to make sure the child log name doesn't contain any junction
+    // points or symlinks or the sandbox will reject rules to allow writing.
+    std::wstring resolvedPath(NS_ConvertUTF8toUTF16(absPath).get());
+    if (widget::WinUtils::ResolveJunctionPointsAndSymLinks(resolvedPath)) {
+      AppendUTF16toUTF8(resolvedPath.c_str(), buffer);
+    } else
+#endif
+    {
+      buffer.Append(absPath);
+    }
   } else
 #endif
   {

toolkit/xre/nsXREDirProvider.cpp

@@ -68,6 +68,9 @@
 #if (defined(XP_WIN) || defined(XP_MACOSX))
 #include "nsIUUIDGenerator.h"
 #include "mozilla/Unused.h"
+#if defined(XP_WIN)
+#include "WinUtils.h"
+#endif
 #endif
 #endif
 
@@ -119,6 +122,20 @@ nsXREDirProvider::Initialize(nsIFile *aXULAppDir,
   mAppProvider = aAppProvider;
   mXULAppDir = aXULAppDir;
   mGREDir = aGREDir;
+#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+  // The GRE directory can be used in sandbox rules, so we need to make sure
+  // it doesn't contain any junction points or symlinks or the sandbox will
+  // reject those rules.
+  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mGREDir)) {
+    NS_WARNING("Failed to resolve GRE Dir.");
+  }
+  // If the mXULAppDir is different it lives below the mGREDir. To avoid
+  // confusion resolve that as well even though we don't need it for sandbox
+  // rules. Some tests rely on this for example.
+  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mXULAppDir)) {
+    NS_WARNING("Failed to resolve XUL App Dir.");
+  }
+#endif
   mGREDir->Clone(getter_AddRefs(mGREBinDir));
 #ifdef XP_MACOSX
   mGREBinDir->SetNativeLeafName(NS_LITERAL_CSTRING("MacOS"));
@@ -182,6 +199,14 @@ nsXREDirProvider::SetProfile(nsIFile* aDir, nsIFile* aLocalDir)
 
   mProfileDir = aDir;
   mProfileLocalDir = aLocalDir;
+#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+  // The profile directory can be used in sandbox rules, so we need to make sure
+  // it doesn't contain any junction points or symlinks or the sandbox will
+  // reject those rules.
+  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mProfileDir)) {
+    NS_WARNING("Failed to resolve Profile Dir.");
+  }
+#endif
   return NS_OK;
 }
 
@@ -678,12 +703,24 @@ nsXREDirProvider::LoadContentProcessTempDir()
     mContentTempDir = GetContentProcessSandboxTempDir();
   }
 
-  if (mContentTempDir) {
-    return NS_OK;
-  } else {
-    return NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
-                                  getter_AddRefs(mContentTempDir));
+  if (!mContentTempDir) {
+    nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
+                                         getter_AddRefs(mContentTempDir));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
   }
+
+#if defined(XP_WIN)
+  // The content temp dir can be used in sandbox rules, so we need to make sure
+  // it doesn't contain any junction points or symlinks or the sandbox will
+  // reject those rules.
+  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mContentTempDir)) {
+    NS_WARNING("Failed to resolve Content Temp Dir.");
+  }
+#endif
+
+  return NS_OK;
 }
 
 static bool

widget/windows/WinUtils.cpp

@@ -1859,6 +1859,31 @@ WinUtils::ResolveJunctionPointsAndSymLinks(std::wstring& aPath)
   return true;
 }
 
+/* static */
+bool
+WinUtils::ResolveJunctionPointsAndSymLinks(nsIFile* aPath)
+{
+  MOZ_ASSERT(aPath);
+
+  nsAutoString filePath;
+  nsresult rv = aPath->GetPath(filePath);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+
+  std::wstring resolvedPath(filePath.get());
+  if (!ResolveJunctionPointsAndSymLinks(resolvedPath)) {
+    return false;
+  }
+
+  rv = aPath->InitWithPath(nsDependentString(resolvedPath.c_str()));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+
+  return true;
+}
+
 /* static */
 bool
 WinUtils::SanitizePath(const wchar_t* aInputPath, nsAString& aOutput)

widget/windows/WinUtils.h

@@ -479,6 +479,7 @@ public:
    *               remain unchanged.
    */
   static bool ResolveJunctionPointsAndSymLinks(std::wstring& aPath);
+  static bool ResolveJunctionPointsAndSymLinks(nsIFile* aPath);
 
   static void Initialize();