This is used by the new code from the profiler that is able to detect
unregistered threads. Blocking it will make child-process hit sandbox
violation.
Differential Revision: https://phabricator.services.mozilla.com/D135648
nsIX509Cert::GetCert() may cause a CERTCertificate to be instantiated. Doing so
can have performance and stability implications, so it's best to avoid it.
This patch avoids it where possible.
Differential Revision: https://phabricator.services.mozilla.com/D135945
nsIX509Cert::GetCert() may cause a CERTCertificate to be instantiated. Doing so
can have performance and stability implications, so it's best to avoid it.
This patch avoids it where possible.
Depends on D135943
Differential Revision: https://phabricator.services.mozilla.com/D135945
The original SandboxTesting protocol assumed tests would just care about
whether operations succeeded or failed, but now we have tests that check
for specific error codes. Currently that doesn't work well: getting an
error with the wrong error code is misreported as the syscall succeeding.
This patch changes the protocol to simply indicate whether the test
passed and give an unstructured message about what happened, and fixes
the `SandboxTestingChild::*Test` methods to include the relevant
information in the message.
Differential Revision: https://phabricator.services.mozilla.com/D132853
To avoid doing unnecessary work and to reduce NSS resource contention and
crashes, this patch lazily instantiates the CERTCertificate in
nsNSSCertificate.
Depends on D134979
Differential Revision: https://phabricator.services.mozilla.com/D134980
To prepare to lazily instantiate the CERTCertificate in nsNSSCertificate, this
patch avoids the CERTCertificate in nsNSSCertificate as much as possible and
instead uses the bytes of the certificate directly.
Depends on D134978
Differential Revision: https://phabricator.services.mozilla.com/D134979
nsNSSCertificate had a few functions that acted as constructors. This patch
removes these unnecessary functions and uses actual constructors.
Depends on D134977
Differential Revision: https://phabricator.services.mozilla.com/D134978
Currently, there are situations where Remote WebGL is disabled due to
lack of HW support (For example, if it is run in a Virtual Machine)
This makes it so that the WebGL remoting is enabled anyway, since it is
needed for Win32k Lockdown.
Differential Revision: https://phabricator.services.mozilla.com/D135650
Currently, there are situations where Remote WebGL is disabled due to
lack of HW support (For example, if it is run in a Virtual Machine)
This makes it so that the WebGL remoting is enabled anyway, since it is
needed for Win32k Lockdown.
Differential Revision: https://phabricator.services.mozilla.com/D135649
To avoid doing unnecessary work and to reduce NSS resource contention and
crashes, this patch lazily instantiates the CERTCertificate in
nsNSSCertificate.
Depends on D134979
Differential Revision: https://phabricator.services.mozilla.com/D134980
To prepare to lazily instantiate the CERTCertificate in nsNSSCertificate, this
patch avoids the CERTCertificate in nsNSSCertificate as much as possible and
instead uses the bytes of the certificate directly.
Depends on D134978
Differential Revision: https://phabricator.services.mozilla.com/D134979
nsNSSCertificate had a few functions that acted as constructors. This patch
removes these unnecessary functions and uses actual constructors.
Depends on D134977
Differential Revision: https://phabricator.services.mozilla.com/D134978
* the certificates were regenerated using `./mach generate-test-certs`
* the build/pgo/certs/ changes were made using
`./mach python build/pgo/genpgocert.py`
* the zip files in security/manager/ssl/tests/unit/test_signed_apps/ were
updated per the directions in the corresponding moz.build file
* security/manager/ssl/tests/unit/test_cert_override_read.js needed manual
updating
Differential Revision: https://phabricator.services.mozilla.com/D135283
`PRemoteSandboxBroker::LaunchApp` is similar to `PGMP::StartPlugin`:
it's basically a sync message but it's in the parent-to-child direction,
which isn't allowed for normal `sync` messages. However, nested sync
messages can support that; `intr` isn't required.
Differential Revision: https://phabricator.services.mozilla.com/D133963
R. Martinho Fernandes
Alexandre Lissy
John Schanck
ffxbld
Dana Keeler
Julien Cristau
Iulian Moraru
Barret Rennie
Norisz Fay
Jed Davis
Csoregi Natalia
Chris Martin
Bob Owen
Butkovits Atila
Mike Hommey
Narcis Beleuzu
Cristian Tuns
Dennis Jackson
Benjamin Beurdouche
Kershaw Chang
Nika Layzell