Bug 1522830: Part 7 - Initialize launcher process blocklist during launch of sandboxed child process; r=bobowen

When launching a sandboxed child process that uses `firefox.exe`, we now perform early initialization of the DLL blocklist. Differential Revision: https://phabricator.services.mozilla.com/D53679 --HG-- extra : moz-landing-system : lando
2019-12-06 22:04:23 +00:00 · 2019-12-06 22:04:23 +00:00 · c04875c1e5
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@ -18,6 +18,7 @@
 #include "mozilla/StaticPrefs_security.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/Telemetry.h"
+#include "mozilla/WinDllServices.h"
 #include "mozilla/WindowsVersion.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsCOMPtr.h"
@ -333,6 +334,22 @@ bool SandboxBroker::LaunchApp(const wchar_t* aPath, const wchar_t* aArguments,
    }
  }

+  if (XRE_GetChildProcBinPathType(aProcessType) == BinPathType::Self) {
+    RefPtr<DllServices> dllSvc(DllServices::Get());
+    LauncherVoidResultWithLineInfo blocklistInitOk =
+        dllSvc->InitDllBlocklistOOP(aPath, targetInfo.hProcess);
+    if (blocklistInitOk.isErr()) {
+      LOG_E("InitDllBlocklistOOP failed at %s:%d with HRESULT 0x%08lX",
+            blocklistInitOk.unwrapErr().mFile,
+            blocklistInitOk.unwrapErr().mLine,
+            blocklistInitOk.unwrapErr().mError.AsHResult());
+      TerminateProcess(targetInfo.hProcess, 1);
+      CloseHandle(targetInfo.hThread);
+      CloseHandle(targetInfo.hProcess);
+      return false;
+    }
+  }
+
  // The sandboxed process is started in a suspended state, resume it now that
  // we've set things up.
  ResumeThread(targetInfo.hThread);