зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
This commit is contained in:
Родитель
feb3886659
Коммит
cd5643f4d3
|
@ -983,6 +983,14 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
|||
#endif
|
||||
{
|
||||
base::LaunchApp(cmdLine, false, false, &process);
|
||||
|
||||
// We need to be able to duplicate handles to non-sandboxed content
|
||||
// processes, so add it as a target peer.
|
||||
if (mProcessType == GeckoProcessType_Content) {
|
||||
if (!mSandboxBroker.AddTargetPeer(process)) {
|
||||
NS_WARNING("Failed to add content process as target peer.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
|
|
@ -439,6 +439,13 @@ SandboxBroker::AllowDirectory(wchar_t const *dir)
|
|||
return (sandbox::SBOX_ALL_OK == result);
|
||||
}
|
||||
|
||||
bool
|
||||
SandboxBroker::AddTargetPeer(HANDLE aPeerProcess)
|
||||
{
|
||||
sandbox::ResultCode result = sBrokerService->AddTargetPeer(aPeerProcess);
|
||||
return (sandbox::SBOX_ALL_OK == result);
|
||||
}
|
||||
|
||||
SandboxBroker::~SandboxBroker()
|
||||
{
|
||||
if (mPolicy) {
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
#include <windows.h>
|
||||
|
||||
namespace sandbox {
|
||||
class BrokerServices;
|
||||
|
@ -45,6 +46,9 @@ public:
|
|||
bool AllowReadWriteFile(wchar_t const *file);
|
||||
bool AllowDirectory(wchar_t const *dir);
|
||||
|
||||
// Exposes AddTargetPeer from broker services, so that none sandboxed
|
||||
// processes can be added as handle duplication targets.
|
||||
bool AddTargetPeer(HANDLE aPeerProcess);
|
||||
private:
|
||||
static sandbox::BrokerServices *sBrokerService;
|
||||
sandbox::TargetPolicy *mPolicy;
|
||||
|
|
Загрузка…
Ссылка в новой задаче