зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1912481 p2: Give read access to the Windows system binary dir. r=handyman
This is to allow Windows DLLs that are not used in all content processes to load later if they are required. Differential Revision: https://phabricator.services.mozilla.com/D218964
This commit is contained in:
Родитель
1d5ebe2ece
Коммит
3f27e32e97
|
@ -1740,27 +1740,11 @@ mozilla::ipc::IPCResult ContentChild::RecvSetProcessSandbox(
|
|||
::LoadLibraryW(L"mozavutil.dll");
|
||||
|
||||
if (GetEffectiveContentSandboxLevel() > 7) {
|
||||
// Library required for timely audio processing.
|
||||
::LoadLibraryW(L"avrt.dll");
|
||||
// Libraries required by Network Security Services (NSS).
|
||||
::LoadLibraryW(L"freebl3.dll");
|
||||
::LoadLibraryW(L"softokn3.dll");
|
||||
// Library required by DirectWrite in some fall-back scenarios.
|
||||
::LoadLibraryW(L"textshaping.dll");
|
||||
// Microsoft libraries that are required for WMF software encoding.
|
||||
::LoadLibraryW(L"mfplat.dll");
|
||||
::LoadLibraryW(L"mf.dll");
|
||||
::LoadLibraryW(L"dxva2.dll");
|
||||
::LoadLibraryW(L"evr.dll");
|
||||
::LoadLibraryW(L"mfh264enc.dll");
|
||||
// Cache value that is retrieved from a registry entry.
|
||||
Unused << GetCpuFrequencyMHz();
|
||||
# if defined(DEBUG)
|
||||
// Library used in some debug testing.
|
||||
::LoadLibraryW(L"dbghelp.dll");
|
||||
// Required for WMF shutdown, not required for opt due to quick exit.
|
||||
::LoadLibraryW(L"ole32.dll");
|
||||
# endif
|
||||
}
|
||||
mozilla::SandboxTarget::Instance()->StartSandbox();
|
||||
# elif defined(XP_MACOSX)
|
||||
|
|
|
@ -1021,6 +1021,24 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
|
|||
}
|
||||
}
|
||||
|
||||
// Add access to Windows system binary dir to allow DLLs that are not
|
||||
// required in all content processes to load later.
|
||||
wchar_t* systemBinPath;
|
||||
if (SUCCEEDED(::SHGetKnownFolderPath(FOLDERID_System, 0, nullptr,
|
||||
&systemBinPath))) {
|
||||
std::wstring systemBinPathStr = systemBinPath;
|
||||
::CoTaskMemFree(systemBinPath);
|
||||
systemBinPathStr += L"\\*";
|
||||
result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
|
||||
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
|
||||
systemBinPathStr.c_str());
|
||||
if (sandbox::SBOX_ALL_OK != result) {
|
||||
NS_ERROR("Failed to add rule for system bin dir.");
|
||||
LOG_E("Failed (ResultCode %d) to add read access to: %S", result,
|
||||
systemBinPathStr.c_str());
|
||||
}
|
||||
}
|
||||
|
||||
// Read access for MF Media Source Activate and subkeys/values.
|
||||
result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
|
||||
sandbox::TargetPolicy::REG_ALLOW_READONLY,
|
||||
|
|
Загрузка…
Ссылка в новой задаче