Граф коммитов

71 Коммитов

Автор SHA1 Сообщение Дата
Toshihito Kikuchi eaaa31291a Bug 1630444: Part3 - Send the launcher process failure ping from the browser process. r=aklotz
This patch adds a new property `process_type` to the launcher process failure
ping, indicating which process type the browser process failed to initialize
as a sandboxed process.

Depends on D83639

Differential Revision: https://phabricator.services.mozilla.com/D83640
2020-08-26 19:01:27 +00:00
Toshihito Kikuchi dd20162db0 Bug 1630444: Part2 - Add HandleLauncherError to DllServices. r=aklotz
This patch adds winlauncher's HandleLauncherError to DllServices
along with InitializeDllBlocklistOOPInternal so that SandboxBroker
can call HandleLauncherError.

Differential Revision: https://phabricator.services.mozilla.com/D83639
2020-08-26 19:01:40 +00:00
Dana Keeler 24db0c88fc Bug 1629002 - unblock asepkcs.dll r=tkikuchi
When the osclientcerts module attempts to use client certificates and keys from
certain tokens, the Windows APIs will attempt to load asepkcs.dll. If Firefox
blocks this library, the keys won't be available. Thus, it needs to be
unblocked.

Due to the architecture of osclientcerts (namely, its dedicated single thread),
using asepkcs.dll via the Windows APIs shouldn't cause the crashes that led to
this module being blocked.

Differential Revision: https://phabricator.services.mozilla.com/D82788
2020-07-10 22:39:38 +00:00
Nick Alexander 1b75555dc7 Bug 1651136 - Part 1: Allow (and mark) certain xpcom/ headers as non-XPCOM. r=froydnj,bytesized
`nscore.h` includes `xpcom-config.h` which need not be generated for
non-XPCOM consumers.  In additon, `nullptr` and `bool` are C++
keywords, so at least some of the comments were dated.

The added include lines address transitive consumers of `nscore.h`.

Differential Revision: https://phabricator.services.mozilla.com/D82640
2020-07-08 22:57:26 +00:00
Toshihito Kikuchi 5002a0f0f7 Bug 1407712 - Block more versions of guard64.dll of Comodo Firewall. r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D79238
2020-06-11 14:36:44 +00:00
Toshihito Kikuchi b0d58c5da3 Bug 1637984 - Part 2: Block PavLspHook64.dll on Win7 and older. r=gcp
Depends on D78414

Differential Revision: https://phabricator.services.mozilla.com/D78415
2020-06-08 15:43:30 +00:00
Toshihito Kikuchi 686269d213 Bug 1637984 - Part 1: Introduce a new blocklist flag BLOCK_WIN7_AND_OLDER. r=mhowell
This patch introduces a new flag `BLOCK_WIN7_AND_OLDER` with which the blocklist
blocks a module on Win7 or older.

Differential Revision: https://phabricator.services.mozilla.com/D78414
2020-06-05 16:50:51 +00:00
Toshihito Kikuchi 411136143a Bug 1643200 - Rename BLOCK_WIN8_ONLY into BLOCK_WIN8_AND_OLDER. r=mhowell
`BLOCK_WIN8_ONLY` was introduced by bug 1268470 to block klsihk64.dll only on
Win8.  However, a new blocklist (bug 1445025) does wrong comparison on the OS
version, thus `BLOCK_WIN8_ONLY` has blocked modules on all platforms older than
Win10 including Win7 and Win8.1.

This patch corrects OS comparison and changes the flag to `BLOCK_WIN8_AND_OLDER`
to make it more handy.  We also remove `BLOCK_WIN8PLUS_ONLY` which is never used.

Differential Revision: https://phabricator.services.mozilla.com/D78411
2020-06-05 17:12:57 +00:00
Ricky Stewart 0bbaac721b Bug 1641693 - Replace a bunch of uses of `GENERATED_FILES` with the `GeneratedFile` template r=necko-reviewers,geckoview-reviewers,aklotz,dragana,froydnj
Also update documentation to suggest using the `GeneratedFile` template rather than directly referencing `GENERATED_FILES` where possible.

Differential Revision: https://phabricator.services.mozilla.com/D77496
2020-06-01 16:00:28 +00:00
Gabriele Svelto 64e6f96111 Bug 1639537 - Unblock OpenSC 0.20 injected DLL r=tkikuchi
This effectively reverts bug 1621804.

Differential Revision: https://phabricator.services.mozilla.com/D76488
2020-05-22 17:06:44 +00:00
Toshihito Kikuchi 0798271b37 Bug 1576728 - Block more versions of oly[64].dll and pdzipmenu[32|64].dll. r=gcp
Since we learned these modules are a shell exntension, blocking in the browser
process should suffice.

Differential Revision: https://phabricator.services.mozilla.com/D75606
2020-05-18 11:53:09 +00:00
Jared Wein 2fe007a4ac Bug 1634538 - Add BLEtokenCredentialProvider.dll to the DLL blocklist for causing crashes while opening the Windows Hello authentication prompt. r=tkikuchi
Differential Revision: https://phabricator.services.mozilla.com/D73342
2020-05-12 19:00:19 +00:00
Markus Stange 6725e6df9a Bug 1634784 - Remove MOZ_BASE_PROFILER and replace it with MOZ_GECKO_PROFILER everywhere. r=gerald
Differential Revision: https://phabricator.services.mozilla.com/D73526
2020-05-05 21:44:11 +00:00
Toshihito Kikuchi e83bcb5130 Bug 1630281 - Cache the executable's IAT for ntdll.dll before COM initialization. r=mhowell
When the browser process starts a sandbox process, we copy the executable's IAT
for ntdll.dll into the new process to prevent DLL injection via IAT tampering as
the launcher process does.  However, if IAT has been modified by a module injected
via `SetWindowHookEx`, the browser process cannot copy IAT because a modified IAT
is invalid in a different process, failing to start any sandbox processes.

The proposed fix is to cache IAT before COM initialization which may load
modules via `SetWindowHookEx` for the first time in the process.

Differential Revision: https://phabricator.services.mozilla.com/D73303
2020-04-30 18:26:18 +00:00
Gabriele Svelto c1b4ec0073 Bug 1581092 - Prevent the Hancom Office shell extension from crashing Firefox r=tkikuchi
Differential Revision: https://phabricator.services.mozilla.com/D72481
2020-04-28 14:35:57 +00:00
Toshihito Kikuchi 24bd4dbc0c Bug 1628628 - RedirectToNoOpEntryPoint is expected to block a module with ASAN. r=mhowell
With ASAN, GTest uses the old blocklist implemented in mozglue, where
the new blocklist type `RedirectToNoOpEntryPoint` behaves the same as
`DllBlocklistEntry`.  The test needs to expect `LoadLibrary` to fail.

Differential Revision: https://phabricator.services.mozilla.com/D70578

--HG--
extra : moz-landing-system : lando
2020-04-10 23:44:17 +00:00
Toshihito Kikuchi e7b458ff19 Bug 1603974 - Part 8: Use RedirectToNoOpEntryPoint for dgapi[64].dll. r=mhowell
Differential Revision: https://phabricator.services.mozilla.com/D68349

--HG--
extra : moz-landing-system : lando
2020-04-08 14:27:03 +00:00
Toshihito Kikuchi ae5caf8f80 Bug 1603974 - Part 7: Introduce a new blocklist type RedirectToNoOpEntryPoint. r=mhowell
This patch introduces a new DLL blocklist type `RedirectToNoOpEntryPoint`
which hooks a DLL's entrypoint into a no-op function.  With this technique,
we give the injected DLL no chance to run its code though we allow it to be
loaded into the process.

This new blocklist type is intended to block a DLL which is injected by IAT
patching which was planted by a kernel callback routine for LoadImage.  It's
because blocking such a DLL makes a new process fail to launch.

Differential Revision: https://phabricator.services.mozilla.com/D68348

--HG--
extra : moz-landing-system : lando
2020-04-08 14:27:03 +00:00
Andreas Farre 36eaf82163 Bug 1620594 - Part 2: Use SchedulerGroup::Dispatch instead of SystemGroup::Dispatch. r=nika
Depends on D67631

Differential Revision: https://phabricator.services.mozilla.com/D67632

--HG--
extra : moz-landing-system : lando
2020-04-07 15:16:33 +00:00
Daniel Varga 2617f15d0c Backed out 8 changesets (bug 1603974) for causing build bustage
CLOSED TREE

Backed out changeset ee3fb8271709 (bug 1603974)
Backed out changeset 28ef741f8f65 (bug 1603974)
Backed out changeset 631725404fb8 (bug 1603974)
Backed out changeset 484a45d16149 (bug 1603974)
Backed out changeset 5d4cd3237ec0 (bug 1603974)
Backed out changeset c2601b5bdd3e (bug 1603974)
Backed out changeset fe96d48d5b14 (bug 1603974)
Backed out changeset 9467dffe8d04 (bug 1603974)
2020-04-07 18:35:04 +03:00
Toshihito Kikuchi bf6e25daaa Bug 1603974 - Part 8: Use RedirectToNoOpEntryPoint for dgapi[64].dll. r=mhowell
Differential Revision: https://phabricator.services.mozilla.com/D68349

--HG--
extra : moz-landing-system : lando
2020-04-07 14:39:47 +00:00
Toshihito Kikuchi c92df182f4 Bug 1603974 - Part 7: Introduce a new blocklist type RedirectToNoOpEntryPoint. r=mhowell
This patch introduces a new DLL blocklist type `RedirectToNoOpEntryPoint`
which hooks a DLL's entrypoint into a no-op function.  With this technique,
we give the injected DLL no chance to run its code though we allow it to be
loaded into the process.

This new blocklist type is intended to block a DLL which is injected by IAT
patching which was planted by a kernel callback routine for LoadImage.  It's
because blocking such a DLL makes a new process fail to launch.

Differential Revision: https://phabricator.services.mozilla.com/D68348

--HG--
extra : moz-landing-system : lando
2020-04-07 14:39:49 +00:00
Eric Rahm 12ca859e67 Bug 1626456 - Remove stray nsAutoPtr.h includes. r=KrisWright
Differential Revision: https://phabricator.services.mozilla.com/D69127

--HG--
extra : moz-landing-system : lando
2020-04-03 21:05:46 +00:00
Gabriele Svelto 5c3d7d4ed9 Bug 1624336 - Block old versions of COMODO Firewall to prevent them from crashing Firefox r=aklotz
Differential Revision: https://phabricator.services.mozilla.com/D68188

--HG--
extra : moz-landing-system : lando
2020-04-02 20:47:30 +00:00
André Bargull 14ca007916 Bug 1625138 - Part 41: Remove no longer needed includes for mozilla/TypeTraits. r=froydnj
Also adds missing includes in some files, these were previously only transivitely
included through mozilla/TypeTraits.h.

Differential Revision: https://phabricator.services.mozilla.com/D68561

--HG--
extra : moz-landing-system : lando
2020-03-28 16:00:09 +00:00
Gabriele Svelto 4d14cf5024 Bug 1621804 - Block the latest release of OpenSC which crashes Firefox nightly r=aklotz
Differential Revision: https://phabricator.services.mozilla.com/D67529

--HG--
extra : moz-landing-system : lando
2020-03-19 22:36:51 +00:00
Toshihito Kikuchi 9a2add9bb3 Bug 1560052 - Block Athena's PKCS11 module to avoid the crash. r=jmathies
Differential Revision: https://phabricator.services.mozilla.com/D65010

--HG--
extra : moz-landing-system : lando
2020-03-16 19:51:01 +00:00
Mike Shal 1874441242 Bug 1620744 - Convert gen_dll_blocklist_defs.py to py3; r=firefox-build-system-reviewers,rstewart
Differential Revision: https://phabricator.services.mozilla.com/D65852

--HG--
extra : moz-landing-system : lando
2020-03-10 20:19:29 +00:00
Daniel Varga 09acd57d19 Backed out 13 changesets (bug 1620744) for causing diffoscope failures firefox/browser/chrome/browser/content/browser/built_in_addons.json
CLOSED TREE

Backed out changeset 6beda54bcb9b (bug 1620744)
Backed out changeset a1e97f0b91ef (bug 1620744)
Backed out changeset b8faa0184d4f (bug 1620744)
Backed out changeset 3bc8fda68107 (bug 1620744)
Backed out changeset 8e95b21b2ae3 (bug 1620744)
Backed out changeset 1de09de1a802 (bug 1620744)
Backed out changeset 622a2f7414fa (bug 1620744)
Backed out changeset 3372c9ab721c (bug 1620744)
Backed out changeset 0997313a9f99 (bug 1620744)
Backed out changeset 2fa34749bbfa (bug 1620744)
Backed out changeset 6d597d2eb792 (bug 1620744)
Backed out changeset 78e78f7c7b26 (bug 1620744)
Backed out changeset 6e4d85b19f88 (bug 1620744)
2020-03-10 21:13:18 +02:00
Mike Shal 3207c9ef3b Bug 1620744 - Convert gen_dll_blocklist_defs.py to py3; r=firefox-build-system-reviewers,rstewart
Differential Revision: https://phabricator.services.mozilla.com/D65852

--HG--
extra : moz-landing-system : lando
2020-03-09 22:02:36 +00:00
Toshihito Kikuchi 17bf9c99ee Bug 1619466 - Make the blocklist variable BROWSER_PROCESS work. r=aklotz
The blocklist variable `BROWSER_PROCESS` did not work as expected.  Entries
defined there were blocked not only in the browser process but also in the
child process.

This patch makes sure entries in `BROWSER_PROCESS` are blocked only in the
browser process.

Differential Revision: https://phabricator.services.mozilla.com/D65248

--HG--
extra : moz-landing-system : lando
2020-03-08 19:47:17 +00:00
Gabriele Svelto 11fbcdd4e7 Bug 1608048 - Block all old versions of COMODO Internet Security Essentials DLLs r=aklotz
Differential Revision: https://phabricator.services.mozilla.com/D62895

--HG--
extra : moz-landing-system : lando
2020-03-06 23:11:56 +00:00
Mike Shal d8e4653d19 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-14 13:22:46 +00:00
Cosmin Sabou ff39f9206d Backed out 2 changesets (bug 1613263, bug 1611326) for presummably causing l10n langpack bustages. a=backout
Backed out changeset 77e54e76848a (bug 1611326)
Backed out changeset 36ba18ac3a68 (bug 1613263)
2020-02-14 15:02:21 +02:00
Mike Shal ad0c283ab2 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-13 23:07:04 +00:00
Brindusan Cristian e2fb6b8344 Backed out changeset 7fefed11f117 (bug 1611326) for build bustages at update-1.xpi.stub. CLOSED TREE 2020-02-13 23:33:34 +02:00
Mike Shal e6464dd404 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-13 20:31:50 +00:00
Toshihito Kikuchi f6a7430688 Bug 1610790: Part 2 - Implement GetProcAddress for a remote process. r=handyman
This patch adds a function to get an exported function in a remote process.
We need this implementation to address Bug 1604008, Bug 1608645, and Bug 1610790.

When `WindowsDllInterceptor` detours a function in a remote process, we used the
native `GetProcAddress` locally, and then detours the returned address in the
target process.  The problem is if the caller's export table was modified, the
address returned from `GetProcAddress` might be invalid in the target process,
which is Bug 1604008.

I implemented `GetProcAddress` depending on both local and remote process image,
but it caused two regressions Bug 1608645 and Bug 1610790 because multiple
applications modify firefox's export table in multiple ways, such as replacing
an entry of EAT, replacing an RVA to Export section, or etc.

With this patch, we can use `PEExportSection<MMPolicy>::GetProcAddress` to get
an exported function in a remote process without relying on any local data so
that it's not impacted by modification of the local export table.

Differential Revision: https://phabricator.services.mozilla.com//D62315

Depends on D62314
2020-02-11 22:21:10 +02:00
Cosmin Sabou aa2a505209 Backed out 2 changesets (bug 1610790) for causing build bustages about ShowSSEConfig.
CLOSED TREE
2020-02-12 01:10:38 +02:00
Toshihito Kikuchi 23b368208e Bug 1610790: Part 2 - Implement GetProcAddress for a remote process. r=handyman
This patch adds a function to get an exported function in a remote process.
We need this implementation to address Bug 1604008, Bug 1608645, and Bug 1610790.

When `WindowsDllInterceptor` detours a function in a remote process, we used the
native `GetProcAddress` locally, and then detours the returned address in the
target process.  The problem is if the caller's export table was modified, the
address returned from `GetProcAddress` might be invalid in the target process,
which is Bug 1604008.

I implemented `GetProcAddress` depending on both local and remote process image,
but it caused two regressions Bug 1608645 and Bug 1610790 because multiple
applications modify firefox's export table in multiple ways, such as replacing
an entry of EAT, replacing an RVA to Export section, or etc.

With this patch, we can use `PEExportSection<MMPolicy>::GetProcAddress` to get
an exported function in a remote process without relying on any local data so
that it's not impacted by modification of the local export table.

Differential Revision: https://phabricator.services.mozilla.com/D62315

Depends on D62314

--HG--
extra : rebase_source : 3088f5997a2097ef22ce8567783375e5f7866ab2
2020-02-11 22:21:10 +02:00
Emilio Cobos Álvarez 33b4cfe736 Bug 1610702 - Generalize Vector::podResizeToFit into Vector::shrinkStorageToFit(). r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D61337

--HG--
extra : moz-landing-system : lando
2020-02-03 17:32:12 +00:00
Emilio Cobos Álvarez 256c124f94 Bug 1609996 - Reorder some includes affected by the previous patches. r=froydnj
This was done by:

This was done by applying:

```
diff --git a/python/mozbuild/mozbuild/code-analysis/mach_commands.py b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
index 789affde7bbf..fe33c4c7d4d1 100644
--- a/python/mozbuild/mozbuild/code-analysis/mach_commands.py
+++ b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
@@ -2007,7 +2007,7 @@ class StaticAnalysis(MachCommandBase):
         from subprocess import Popen, PIPE, check_output, CalledProcessError

         diff_process = Popen(self._get_clang_format_diff_command(commit), stdout=PIPE)
-        args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format]
+        args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format, '-sort-includes']

         if not output_file:
             args.append("-i")
```

Then running `./mach clang-format -c <commit-hash>`

Then undoing that patch.

Then running check_spidermonkey_style.py --fixup

Then running `./mach clang-format`

I had to fix four things:

 * I needed to move <utility> back down in GuardObjects.h because I was hitting
   obscure problems with our system include wrappers like this:

0:03.94 /usr/include/stdlib.h:550:14: error: exception specification in declaration does not match previous declaration
0:03.94 extern void *realloc (void *__ptr, size_t __size)
0:03.94              ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/malloc_decls.h:53:1: note: previous declaration is here
0:03.94 MALLOC_DECL(realloc, void*, void*, size_t)
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozilla/mozalloc.h:22:32: note: expanded from macro 'MALLOC_DECL'
0:03.94     MOZ_MEMORY_API return_type name##_impl(__VA_ARGS__);
0:03.94                                ^
0:03.94 <scratch space>:178:1: note: expanded from here
0:03.94 realloc_impl
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozmemory_wrap.h:142:41: note: expanded from macro 'realloc_impl'
0:03.94 #define realloc_impl mozmem_malloc_impl(realloc)

   Which I really didn't feel like digging into.

 * I had to restore the order of TrustOverrideUtils.h and related files in nss
   because the .inc files depend on TrustOverrideUtils.h being included earlier.

 * I had to add a missing include to RollingNumber.h

 * Also had to partially restore include order in JsepSessionImpl.cpp to avoid
   some -WError issues due to some static inline functions being defined in a
   header but not used in the rest of the compilation unit.

Differential Revision: https://phabricator.services.mozilla.com/D60327

--HG--
extra : moz-landing-system : lando
2020-01-20 16:19:48 +00:00
Emilio Cobos Álvarez aa3a695712 Bug 1609996 - Remove mozilla/Move.h. r=froydnj
rg -l 'mozilla/Move.h' | xargs sed -i 's/#include "mozilla\/Move.h"/#include <utility>/g'

Further manual fixups and cleanups to the include order incoming.

Differential Revision: https://phabricator.services.mozilla.com/D60323

--HG--
extra : moz-landing-system : lando
2020-01-20 16:18:20 +00:00
Aaron Klotz 844739bc32 Bug 1605248: Convert LoaderObserver::Clear to LoaderObserver::Disable; r=mhowell
We rename `LoaderObserver::Clear` to `LoaderObserver::Disable` to more accurately
reflect the following behaviour change:

Not only does the `Disable` call free any enqueued module load events, it also
ensures that no further module loads will be saved in the future. This reflects
the reality that any `mozglue` client that calls `Disable` has no intention of
ever processing these events.

Differential Revision: https://phabricator.services.mozilla.com/D57897

--HG--
extra : moz-landing-system : lando
2019-12-19 22:20:37 +00:00
Aaron Klotz 23e61114cf Bug 1522830: Part 8 - Update UntrustedModulesProcessor to support processing child processes; r=mhowell
This patch contains the core changes to make this all work across e10s:

* We clarify the naming of path variables to be more specific as to whether they are NT paths or DOS paths;
* We add IPC `ParamTraits` that are necessary for `UntrustedModulesData` types;
* We implement `ProcessModuleLoadQueue` for child processes. Because of sandboxing, we need to split this sequence into multiple async operations:
  ** Initial queue processing;
  ** Sending the list of modules to the parent process to determine trustworthiness (via `GetModulesTrust`);
  ** Receiving the results from the parent process and producing a final result (via `CompleteProcessing`).
* We implement the `GetModulesTrust` function for the parent process, which evaluates the trust of child process modules;
* We change all hash tables to be keyed using NT paths. Because resolving DOS paths may not be permitted in sandboxed processes,
  we need to standardize on NT paths as the "universal path" across processes.
* We add `WinDllServices::StartUntrustedModulesProcessor` to separate untrusted modules startup from `WinDllServices` construction:
  ** While we now start `WinDllServices` across all child process types, only specific process types will support untrusted modules.
  ** Furthermore, untrusted modules must be started at a very specific point that is dependent on the type of child process.
  ** We add those calls to `StartUntrustedModulesProcessor` in subsequent patches.

Differential Revision: https://phabricator.services.mozilla.com/D53680

--HG--
extra : moz-landing-system : lando
2019-12-06 22:06:26 +00:00
Aaron Klotz 78b5fd3fbf Bug 1522830: Part 6 - Add API to be able to initialize launcher dll blocklist during spawning of child process; r=mhowell
We need a way for the sandbox broker to be able to initialize the launcher
DLL blocklist when starting a new content process.

This patch adds the ability to resolve the initialization function through
DLL services.

Differential Revision: https://phabricator.services.mozilla.com/D53678

--HG--
extra : moz-landing-system : lando
2019-12-06 22:03:45 +00:00
Aaron Klotz ddf3168d35 Bug 1522830: Part 3 - Change launcher blocklist generation to include child processes; r=bytesized
Now that the launcher blocklist will support child processes, we need to add
them to the launcher blocklist. The revised criteria the `Launcher` blocklist
matches the criteria already in use by the `Legacy` blocklist.

Differential Revision: https://phabricator.services.mozilla.com/D53675

--HG--
extra : moz-landing-system : lando
2019-12-06 22:01:02 +00:00
Aaron Klotz b43c0975e4 Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell
* We change `InitializeDllBlocklistOOP` to be able to set the correct flags
  when initializing a sandbox child process.
* We change the freestanding DLL blocklist code to be sensitive to the
  `CHILD_PROCESSES_ONLY` flag;
* We move the declaration of `gBlocklistInitFlags` to `WindowsDllBlocklist.h`
  so that it is visible to more code.

Differential Revision: https://phabricator.services.mozilla.com/D53674

--HG--
extra : moz-landing-system : lando
2019-12-06 22:00:18 +00:00
shindli 83be0128f4 Backed out 13 changesets (bug 1522830) for causing xpc shell failures in test_ThirdPartyModulesPing.js CLOSED TREE
Backed out changeset a3e44bbc9ce3 (bug 1522830)
Backed out changeset 11078767a246 (bug 1522830)
Backed out changeset c7ee156830cf (bug 1522830)
Backed out changeset 810f0cb2308d (bug 1522830)
Backed out changeset f8ab75219387 (bug 1522830)
Backed out changeset ec293f9a5e32 (bug 1522830)
Backed out changeset 4bfc013c3d79 (bug 1522830)
Backed out changeset f4ae67f2f231 (bug 1522830)
Backed out changeset 2737350b7d40 (bug 1522830)
Backed out changeset 52931597c652 (bug 1522830)
Backed out changeset bc8985a34539 (bug 1522830)
Backed out changeset 09cbbbc5c802 (bug 1522830)
Backed out changeset d5e366ea4657 (bug 1522830)
2019-12-06 02:07:16 +02:00
Aaron Klotz 4204671639 Bug 1522830: Part 8 - Update UntrustedModulesProcessor to support processing child processes; r=mhowell
This patch contains the core changes to make this all work across e10s:

* We clarify the naming of path variables to be more specific as to whether they are NT paths or DOS paths;
* We add IPC `ParamTraits` that are necessary for `UntrustedModulesData` types;
* We implement `ProcessModuleLoadQueue` for child processes. Because of sandboxing, we need to split this sequence into multiple async operations:
  ** Initial queue processing;
  ** Sending the list of modules to the parent process to determine trustworthiness (via `GetModulesTrust`);
  ** Receiving the results from the parent process and producing a final result (via `CompleteProcessing`).
* We implement the `GetModulesTrust` function for the parent process, which evaluates the trust of child process modules;
* We change all hash tables to be keyed using NT paths. Because resolving DOS paths may not be permitted in sandboxed processes,
  we need to standardize on NT paths as the "universal path" across processes.
* We add `WinDllServices::StartUntrustedModulesProcessor` to separate untrusted modules startup from `WinDllServices` construction:
  ** While we now start `WinDllServices` across all child process types, only specific process types will support untrusted modules.
  ** Furthermore, untrusted modules must be started at a very specific point that is dependent on the type of child process.
  ** We add those calls to `StartUntrustedModulesProcessor` in subsequent patches.

Differential Revision: https://phabricator.services.mozilla.com/D53680

--HG--
extra : moz-landing-system : lando
2019-12-05 21:57:29 +00:00