From 334edd038c3df300d54bbb0860d5dcd953927239 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Tue, 23 Jul 2019 17:49:55 +0000 Subject: [PATCH] Bug 1563774 - Enable Binary Signature Policy on the RDD process r=bobowen To do this, we preload the AV libraries. They may not be needed right now, but by doing this now we ensure that future RDD work won't mysteriously fail during development for some poor coworker. Differential Revision: https://phabricator.services.mozilla.com/D37928 --HG-- extra : moz-landing-system : lando --- dom/media/ipc/RDDProcessImpl.cpp | 4 ++++ security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/dom/media/ipc/RDDProcessImpl.cpp b/dom/media/ipc/RDDProcessImpl.cpp index 311d857dba92..b19baef2db91 100644 --- a/dom/media/ipc/RDDProcessImpl.cpp +++ b/dom/media/ipc/RDDProcessImpl.cpp @@ -24,6 +24,10 @@ RDDProcessImpl::~RDDProcessImpl() {} bool RDDProcessImpl::Init(int aArgc, char* aArgv[]) { #if defined(MOZ_SANDBOX) && defined(OS_WIN) + // Preload AV dlls so we can enable Binary Signature Policy + // to restrict further dll loads. + LoadLibraryW(L"mozavcodec.dll"); + LoadLibraryW(L"mozavutil.dll"); mozilla::SandboxTarget::Instance()->StartSandbox(); #endif char* parentBuildID = nullptr; diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp index 6e330e3677af..f41c858cb216 100644 --- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp +++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp @@ -814,7 +814,8 @@ bool SandboxBroker::SetSecurityLevelForRDDProcess() { mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS | sandbox::MITIGATION_DYNAMIC_CODE_DISABLE | - sandbox::MITIGATION_DLL_SEARCH_ORDER; + sandbox::MITIGATION_DLL_SEARCH_ORDER | + sandbox::MITIGATION_FORCE_MS_SIGNED_BINS; result = mPolicy->SetDelayedProcessMitigations(mitigations); SANDBOX_ENSURE_SUCCESS(result,