Bug 1709383 - Add Win32k Lockdown status to about:support and Crash Reporter r=gsvelto,flod,bobowen,mossop,fluent-reviewers,chutten

- Move the decision logic for Win32k Lockdown to a common area where it can
  be re-used
- Cache the Win32k Lockdown state, since the result will never change
- Add IDL to allow JavaScript to query it
- Add it to the "about:support" page
- Add an annotation to Crash Reporter after the first time it's read

Differential Revision: https://phabricator.services.mozilla.com/D114850

security/sandbox/common/SandboxSettings.cpp

@@ -17,7 +17,7 @@
 #ifdef XP_WIN
 #  include "mozilla/gfx/gfxVars.h"
 #  include "mozilla/WindowsVersion.h"
-
+#  include "nsExceptionHandler.h"
 #endif  // XP_WIN
 
 using namespace mozilla;
@@ -46,28 +46,37 @@ const char* ContentWin32kLockdownStateToString(
 ContentWin32kLockdownState GetContentWin32kLockdownState() {
 #ifdef XP_WIN
   static ContentWin32kLockdownState result = [] {
-    if (!IsWin8OrLater()) {
+    ContentWin32kLockdownState state = [] {
-      return ContentWin32kLockdownState::OperatingSystemNotSupported;
+      if (!IsWin8OrLater()) {
-    }
+        return ContentWin32kLockdownState::OperatingSystemNotSupported;
+      }
 
-    // Win32k Lockdown requires WebRender, but WR is not currently guaranteed
+      // Win32k Lockdown requires WebRender, but WR is not currently guaranteed
-    // on all computers. It can also fail to initialize and fallback to
+      // on all computers. It can also fail to initialize and fallback to
-    // non-WR render path.
+      // non-WR render path.
-    //
+      //
-    // We don't want a situation where "Win32k Lockdown + No WR" occurs
+      // We don't want a situation where "Win32k Lockdown + No WR" occurs
-    // without the user explicitly requesting unsupported behavior.
+      // without the user explicitly requesting unsupported behavior.
-    if (!gfx::gfxVars::UseWebRender()) {
+      if (!gfx::gfxVars::UseWebRender()) {
-      return ContentWin32kLockdownState::MissingWebRender;
+        return ContentWin32kLockdownState::MissingWebRender;
-    }
+      }
 
-    // It's important that this goes last, as we'd like to know in
+      // It's important that this goes last, as we'd like to know in
-    // telemetry and crash reporting if the only thing holding the user
+      // telemetry and crash reporting if the only thing holding the user
-    // back from Win32k Lockdown is the-lack-of-asking-for-it
+      // back from Win32k Lockdown is the-lack-of-asking-for-it
-    if (!StaticPrefs::security_sandbox_content_win32k_disable()) {
+      if (!StaticPrefs::security_sandbox_content_win32k_disable()) {
-      return ContentWin32kLockdownState::PrefNotSet;
+        return ContentWin32kLockdownState::PrefNotSet;
-    }
+      }
 
-    return ContentWin32kLockdownState::LockdownEnabled;
+      return ContentWin32kLockdownState::LockdownEnabled;
+    }();
+
+    const char* stateStr = ContentWin32kLockdownStateToString(state);
+    CrashReporter::AnnotateCrashReport(
+        CrashReporter::Annotation::ContentSandboxWin32kState,
+        nsDependentCString(stateStr));
+
+    return state;
   }();
 
   return result;
@@ -149,6 +158,20 @@ NS_IMETHODIMP SandboxSettings::GetEffectiveContentSandboxLevel(
   return NS_OK;
 }
 
+NS_IMETHODIMP SandboxSettings::GetContentWin32kLockdownState(int32_t* aRetVal) {
+  *aRetVal = static_cast<int32_t>(mozilla::GetContentWin32kLockdownState());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SandboxSettings::GetContentWin32kLockdownStateString(nsAString& aString) {
+  ContentWin32kLockdownState lockdownState =
+      mozilla::GetContentWin32kLockdownState();
+  aString = NS_ConvertASCIItoUTF16(
+      mozilla::ContentWin32kLockdownStateToString(lockdownState));
+  return NS_OK;
+}
+
 }  // namespace mozilla
 
 NS_IMPL_COMPONENT_FACTORY(mozISandboxSettings) {

security/sandbox/common/mozISandboxSettings.idl

@@ -12,6 +12,13 @@
 interface mozISandboxSettings : nsISupports
 {
   readonly attribute long effectiveContentSandboxLevel;
+
+  /*
+   * The possible values for this are defined in the ContentWin32kLockdownState
+   * enum in security/sandbox/common/SandboxSettings.h
+   */
+  readonly attribute long contentWin32kLockdownState;
+  readonly attribute AString contentWin32kLockdownStateString;
 };
 
 %{ C++

toolkit/components/telemetry/app/TelemetryEnvironment.jsm

@@ -1595,15 +1595,27 @@ EnvironmentCache.prototype = {
 
   _getSandboxData() {
     let effectiveContentProcessLevel = null;
+    let contentWin32kLockdownState = null;
     try {
       let sandboxSettings = Cc[
         "@mozilla.org/sandbox/sandbox-settings;1"
       ].getService(Ci.mozISandboxSettings);
       effectiveContentProcessLevel =
         sandboxSettings.effectiveContentSandboxLevel;
+
+      // See `ContentWin32kLockdownState` in
+      // <security/sandbox/common/SandboxSettings.h>
+      //
+      // Values:
+      // 1 = LockdownEnabled
+      // 2 = MissingWebRender
+      // 3 = OperatingSystemNotSupported
+      // 4 = PrefNotSet
+      contentWin32kLockdownState = sandboxSettings.contentWin32kLockdownState;
     } catch (e) {}
     return {
       effectiveContentProcessLevel,
+      contentWin32kLockdownState,
     };
   },
 

toolkit/components/telemetry/docs/data/environment.rst

@@ -88,6 +88,7 @@ Structure:
         },
         sandbox: {
           effectiveContentProcessLevel: <integer>,
+          contentWin32kLockdownState: <integer>,
         }
       },
       // Optional, missing if fetching the information failed or had not yet completed.
@@ -419,6 +420,7 @@ This object contains data about the state of Firefox's sandbox.
 Specific keys are:
 
 - ``effectiveContentProcessLevel``: The meanings of the values are OS dependent. Details of the meanings can be found in the `Firefox prefs file <https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js>`_. The value here is the effective value, not the raw value, some platforms enforce a minimum sandbox level. If there is an error calculating this, it will be ``null``.
+- ``contentWin32kLockdownState``: The status of Win32k Lockdown for Content process. 1 = "Lockdown enabled", 2 = "Lockdown disabled -- Missing WebRender", 3 = "Lockdown disabled -- Unsupported OS", 4 = "Lockdown disabled -- User pref not set". If there is an error calculating this, it will be ``null``.
 
 profile
 -------

toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm

@@ -299,6 +299,21 @@ var TelemetryEnvironmentTesting = {
     Assert.equal(typeof update.autoDownload, "boolean");
     Assert.equal(typeof update.background, "boolean");
 
+    // Check sandbox settings exist and make sense
+    Assert.equal(
+      typeof data.settings.sandbox.effectiveContentProcessLevel,
+      "number",
+      "sandbox.effectiveContentProcessLevel must have the correct type"
+    );
+    Assert.equal(
+      typeof data.settings.sandbox.contentWin32kLockdownState,
+      "number",
+      "sandbox.contentWin32kLockdownState must have the correct type"
+    );
+
+    let win32kLockdownState = data.settings.sandbox.contentWin32kLockdownState;
+    Assert.ok(win32kLockdownState >= 1 && win32kLockdownState <= 4);
+
     // Check "defaultSearchEngine" separately, as it can either be undefined or string.
     if ("defaultSearchEngine" in data.settings) {
       this.checkString(data.settings.defaultSearchEngine);

toolkit/crashreporter/CrashAnnotations.yaml

@@ -230,6 +230,11 @@ ContentSandboxLevel:
     Content sandbox level.
   type: integer
 
+ContentSandboxWin32kState:
+  description: >
+    Content sandbox Win32k state
+  type: string
+
 CoUnmarshalInterfaceResult:
   description: >
     Annotation describing the error returned by trying to unmarshal an object

toolkit/locales/en-US/toolkit/about/aboutSupport.ftl

@@ -343,6 +343,7 @@ can-sandbox-content = Content Process Sandboxing
 can-sandbox-media = Media Plugin Sandboxing
 content-sandbox-level = Content Process Sandbox Level
 effective-content-sandbox-level = Effective Content Process Sandbox Level
+content-win32k-lockdown-state = Win32k Lockdown State for Content Process
 sandbox-proc-type-content = content
 sandbox-proc-type-file = file content
 sandbox-proc-type-media-plugin = media plugin

toolkit/modules/Troubleshoot.jsm

@@ -1001,6 +1001,8 @@ if (AppConstants.MOZ_SANDBOX) {
       );
       data.effectiveContentSandboxLevel =
         sandboxSettings.effectiveContentSandboxLevel;
+      data.contentWin32kLockdownState =
+        sandboxSettings.contentWin32kLockdownStateString;
     }
 
     done(data);

toolkit/modules/tests/browser/browser_Troubleshoot.js

@@ -1000,6 +1000,10 @@ const SNAPSHOT_SCHEMA = {
           required: AppConstants.MOZ_SANDBOX,
           type: "number",
         },
+        contentWin32kLockdownState: {
+          required: AppConstants.MOZ_SANDBOX,
+          type: "string",
+        },
         syscallLog: {
           required: AppConstants.platform == "linux",
           type: "array",