Bug 1563774 - Enable Binary Signature Policy on the RDD process r=bobowen

To do this, we preload the AV libraries. They may not be needed right now, but by doing this now we ensure that future RDD work won't mysteriously fail during development for some poor coworker. Differential Revision: https://phabricator.services.mozilla.com/D37928 --HG-- extra : moz-landing-system : lando
2019-07-23 17:49:55 +00:00 · 2019-07-23 17:49:55 +00:00 · 334edd038c
--- a/dom/media/ipc/RDDProcessImpl.cpp
+++ b/dom/media/ipc/RDDProcessImpl.cpp
@ -24,6 +24,10 @@ RDDProcessImpl::~RDDProcessImpl() {}

 bool RDDProcessImpl::Init(int aArgc, char* aArgv[]) {
 #if defined(MOZ_SANDBOX) && defined(OS_WIN)
+  // Preload AV dlls so we can enable Binary Signature Policy
+  // to restrict further dll loads.
+  LoadLibraryW(L"mozavcodec.dll");
+  LoadLibraryW(L"mozavutil.dll");
  mozilla::SandboxTarget::Instance()->StartSandbox();
 #endif
  char* parentBuildID = nullptr;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@ -814,7 +814,8 @@ bool SandboxBroker::SetSecurityLevelForRDDProcess() {

  mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
                sandbox::MITIGATION_DYNAMIC_CODE_DISABLE |
-                sandbox::MITIGATION_DLL_SEARCH_ORDER;
+                sandbox::MITIGATION_DLL_SEARCH_ORDER |
+                sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;

  result = mPolicy->SetDelayedProcessMitigations(mitigations);
  SANDBOX_ENSURE_SUCCESS(result,