532fe74f04
Bug 1347710 - Enable sandbox protections for the Windows GPU process. r=bobowen
...
The sandbox works with levels. The GPU sandbox level defaults to 1 in all builds. It is controlled by security.sandbox.gpu.level.
2017-04-24 09:46:09 -07:00
df0c2aae53
Bug 1357451 - Add OS_SOLARIS ifdefs to various IPC code. r=kchen
...
--HG--
extra : rebase_source : 2720ac11f122f267408c2d01ab13ffe0a8181df2
2017-04-18 08:53:59 -07:00
654b5c9af9
Bug 1320458 - Make logging by sandboxed child processes to a file work on Windows, r=aklotz
...
MozReview-Commit-ID: 7eiW3Lo6q8Z
2017-03-06 17:42:31 +01:00
f2fa27edca
Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp
...
MozReview-Commit-ID: 8GfFo4xso65
--HG--
extra : rebase_source : 1596a79d65d30dc72d8b84fc4f1639de377f554a
2017-01-30 18:49:53 -07:00
990402c301
Bug 1317735 - Consolidate env vars for logging. r=jimm
...
Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged. The pref defaults to true. On Linux, only the environment variable is considered.
--HG--
extra : rebase_source : f67870a74795228548b290aec32d08552c068874
2017-01-23 12:46:49 -08:00
348bfffc19
Bug 1296189 - Replace NS_RUNTIMEABORT("some string literal message") with MOZ_CRASH(). r=froydnj
2016-12-02 13:46:53 -08:00
bfc72d696d
Bug 1318335 - Use auto type specifier where aplicable for variable declarations to improve code readability and maintainability in ipc/. r=billm
...
MozReview-Commit-ID: K4NAI8HjUd2
--HG--
extra : rebase_source : 9abcb40b9b3ffea07519cc03e892e15b907e6e25
2016-11-17 15:07:35 +02:00
8865218aa3
Bug 1147911 Part 9: Ensure file read permissions for file content process on Windows. r=jimm, r=jld
2016-11-24 15:08:32 +00:00
c7964131c3
Backed out changeset 11a036eafea2 (bug 1147911)
2016-11-23 18:32:42 +01:00
ca93c43645
Bug 1147911 Part 9: Ensure file read permissions for file content process on Windows. r=jimm, r=jld
2016-11-23 13:36:59 +00:00
c3474ba10b
Bug 1046166 - Add sandbox white list for userContent.css on Windows. r=bobowen
...
MozReview-Commit-ID: LQT67vC12y2
--HG--
extra : rebase_source : e090653ecd545b0d6059662a85a558fc925d0a60
2016-11-17 12:02:16 +08:00
26e454ec14
Bug 1314466 - part 4, update GeckoChildProcessHost to call LaunchAndroidService r=billm
2016-11-14 16:45:23 -08:00
a2d3e4e9f2
Bug 1313218 - Preload libmozsandbox.so in child processes on Linux. r=tedd r=billm r=glandium
...
Preloading libmozsandbox allows the symbol interpositions used by
sandboxing to be defined there instead of statically linked into the
executable; this patch also does that.
MozReview-Commit-ID: FL1QWLSKA0S
--HG--
rename : security/sandbox/linux/interpose/SandboxHooks.cpp => security/sandbox/linux/SandboxHooks.cpp
2016-11-04 18:16:05 -06:00
caf3dd0e20
Bug 1312549 - use equality comparison rather than ordered comparison in ~GeckoChildProcessHost; r=billm
...
clang has recently made |x $RELATIONAL_OP 0|, where |x| is a variable of
pointer type, to be an error. On Windows,
GeckoChildProcessHost::mChildProcessHandle is a HANDLE, which is really
just a pointer. So the comparison |> 0| in ~GeckoChildProcessHost is
invalid. Fortunately, we can use an equality comparison here and it
amounts to the same thing.
2016-10-25 23:08:11 -04:00
963b096cac
Use firefox.exe for launching the GPU process on Windows. (bug 1309890, r=jld)
2016-10-13 23:55:07 -07:00
9de1898bc2
Bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's; r=jimm
...
Passes the profile dir to the content process as a -profile CLI
option so that the correct profile dir can be used in the OS X content
sandbox rules. Only enabled on OS X for now.
On Nightly, profile directories will now be read/write protected
from the content process (apart from a few profile subdirectories) even
when they don't reside in ~/Library.
xpcshell tests invoke the content process without providing a
profile directory. In that case, we don't need to add filesystem
profile dir. read/write exclusion rules to the sandbox.
This patch adds two new macros to the content sandbox rule set:
|profileDir| holds the path to the profile or the emptry string;
|hasProfileDir| is a boolean (1 or 0) that indicates whether or
not the profile directory rules should be added. If |hasProfileDir|
is 0, profile directory exclusion rules don't need to be added
and |profileDir| is not used.
MozReview-Commit-ID: rrTcQwTNdT
--HG--
extra : rebase_source : 3d5b612c8eb3a1d0da028eba277cd9d6f0c9ac00
2016-08-30 13:32:21 -07:00
175543fda8
Bug 1293384 - Part 2: Rename Snprintf.h header to Sprintf.h. r=froydnj
2016-08-14 23:43:21 -07:00
a57972337d
Bug 1293384 - Part 1: Rename snprintf_literal to SprintfLiteral. r=froydnj
2016-08-14 23:44:00 -07:00
0af5b943b6
Bug 1284674 - Remove NUWA r=cyu
...
MozReview-Commit-ID: GyMRNzOBKw6
--HG--
extra : rebase_source : 293af1cd55f2035ce6a99f4ebf144059c32a2b8f
2016-08-02 14:54:00 +02:00
8a0ce84d5e
Bug 1253575 - Fallback to DuplicateHandle() when base::OpenPrivilegedProcessHandle() fails when starting a child process. r=krizsa
...
MozReview-Commit-ID: 2nglWFJgfja
--HG--
extra : rebase_source : 01d7b167bc0573c72aa8ef6dac8fce6bb5d4eaef
2016-06-23 17:50:37 +08:00
a733ab7fa3
Add the GPU process as a sandbox broker peer. (bug 1289895, r=bobowen)
2016-07-27 23:17:54 -07:00
534829a9e2
Bug 1289500 - Don't load GTK IM module on content process. r=masayuki
...
Now content sandbox process is enabled. Since uim-mozc uses vfork, it causes sandbox violation. It is unnecessary to load IM module on content process becasue we don't use GTK IM APIs on content process.
MozReview-Commit-ID: GrPlmazzEMd
--HG--
extra : rebase_source : e12ec563807627a7fb84b2ca56eaa552aac22643
2016-07-27 10:24:42 +09:00
22830b7f8f
Bug 1287984: Add rule to allow content process to duplicate handles to other non-broker processes. r=jimm
...
MozReview-Commit-ID: A79P9G9t7Ax
--HG--
extra : transplant_source : %C2%0A-%FB%7E%AF%99%95%C7%AF%A6%21%BC%18%D4a%9C%24z%8C
2016-07-20 14:41:18 +01:00
b175c9fdd5
Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo
2016-07-20 22:03:25 -07:00
d70c1609d8
Bug 1282559 - Followup for 1277705 and remove SetHandle() on Gonk r=billm
...
MozReview-Commit-ID: 2Xzl5UBcUrV
--HG--
extra : rebase_source : 9bbf1d05ee64c681d735ddc13b58bba4b56efc51
2016-06-27 22:32:44 +02:00
db00162c58
Bug 1277705 - Remove child_process_info (r=dvander)
2016-06-24 13:16:14 -07:00
cb8a9c03a3
Bug 1277705 - Remove waitable_event_watcher (r=dvander)
2016-06-24 13:15:41 -07:00
ab96df2b7a
Bug 1268559 - Go back to ContentParent controlling process shutdown (i.e., backout bug 1262898) (r=dvander)
2016-06-24 13:13:45 -07:00
d3bb5cb316
Add skeletal code for launching a GPU process. (bug 1271180 part 4, r=billm,jrmuizel)
...
--HG--
extra : rebase_source : 456e4b94a93191f85d90209459c5189ea165670d
2016-06-10 22:27:24 -04:00
5e0adb7d56
Back out 5 changesets (bug 1271180) for static analysis bustage
...
CLOSED TREE
Backed out changeset cfb53b780b18 (bug 1271180)
Backed out changeset 204b084385f8 (bug 1271180)
Backed out changeset 353da876be33 (bug 1271180)
Backed out changeset 4472dfbc1dc6 (bug 1271180)
Backed out changeset 81079e787b8a (bug 1271180)
--HG--
rename : ipc/glue/TaskFactory.h => dom/plugins/ipc/TaskFactory.h
2016-06-11 00:46:09 -07:00
d2678d4141
Add skeletal code for launching a GPU process. (bug 1271180 part 4, r=billm,jrmuizel)
...
--HG--
extra : rebase_source : 332f5cf6ca5e1f78fb2283a7e79b6b21654e9e59
2016-06-10 22:27:24 -04:00
5714578c95
Bug 1278528: Don't try to initialize the sandbox TargetServices when we are not sandboxed. r=jimm
...
MozReview-Commit-ID: EpXy9LYXwQL
2016-06-07 14:03:51 +01:00
6c0e1dc69f
Bug 1146873 - Handling sandbox policy setup failures. r=bobowen
2016-06-06 15:13:33 +02:00
78e49e2efb
Bug 1114647 - Use firefox for child processes instead of plugin-container. r=ted
...
Disabled on Mac (content processes need to use plugin-container.app for
UI reasons) and on Linux unless --disable-sandboxing (build issues).
Based on work by George Wright <george@mozilla.com>.
--HG--
extra : amend_source : 43986e25743de21e3ddfb7893e3ed550fe6eef76
2016-06-03 12:49:39 -07:00
8db609c916
Bug 1275117 - Fix static strings leaks when mozlogging is on. r=jduell
...
--HG--
extra : rebase_source : 2a08f4eee9a900a4e34d58084eb222aedd319464
2016-05-31 08:11:00 -04:00
c95d552240
Bug 1275430 - Add telemetry and logging to record content process failures to start; r=billm
...
MozReview-Commit-ID: LWeZbDBwfX5
2016-06-01 15:13:59 -07:00
5848fe3b73
Bug 1276318, part 2 - Fix mode lines in ipc/glue. r=billm
...
MessageChannel.{h,cpp}, MessageLink.{h,cpp}, and ProtocolUtils.h are
using 4-space indent so I left those alone.
2016-05-27 14:54:31 -07:00
9449c5e62d
Bug 1276318, part 1 - Fix leading tabs in ipc/glue. r=billm
...
Also remove a weird mode line so the script can fix it more easily in
the next part.
2016-05-27 14:54:30 -07:00
ff31be3edd
Bug 1270752 - Fix lifetime of buffer passed to PR_SetEnv(). r=jduell
...
--HG--
extra : rebase_source : 7666e7e3f864fddb5536793a91c94bccf6bb2877
2016-05-26 03:18:00 -04:00
ecee115838
Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
...
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.
MozReview-Commit-ID: IXsg2nGOqoa
--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
2016-05-25 09:06:23 +01:00
c8143d07d7
Bug 1272415: Don't include task.h everywhere. r=froydnj
2016-05-12 15:15:43 -07:00
941ab1f522
Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj
2016-05-05 01:45:00 -07:00
7311b10562
Bug 1268313: Part 2 - Replace some NewRunnableMethods with NS_NewNonOwningRunnableMethod. r=froydnj
2016-05-05 01:44:59 -07:00
dfff02b90d
Backed out changeset fd833da413ad (bug 1268313)
...
--HG--
extra : rebase_source : f857127091900871034f44d89095895abe9932dc
2016-04-29 14:21:25 +02:00
ba3fe0975c
Backed out changeset 85ce8cb0639a (bug 1268313)
...
--HG--
extra : rebase_source : 56d1cf41a2dc4959b67f834e07192a5c772176a8
2016-04-29 14:21:16 +02:00
48a594a09e
Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj
2016-04-28 14:08:25 -07:00
72c9966484
Bug 1268313: Part 2 - Replace some NewRunnableMethods with NS_NewNonOwningRunnableMethod. r=froydnj
2016-04-28 14:08:24 -07:00
7579799b01
Bug 1266595: Replace Chromium Task with Runnable. r=froydnj
2016-04-27 17:06:05 -07:00
a7d662a2b1
Bug 1262898: Keep the GeckoChildProcessHost alive for the lifetime of the CompositorBridge and ImageBridge parent actors. r=jimm r=nical
...
MozReview-Commit-ID: 1rsWqRpbhgN
2016-04-25 03:54:07 +00:00
114ad957d2
Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen
...
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.
MozReview-Commit-ID: aCTG1tQuwt
2016-04-12 16:12:20 +12:00
David Parks
Petr Sumbera
Honza Bambas
Jed Davis
Tomislav Jurin
Andi-Bogdan Postelnicu
Bob Owen
Sebastian Hengst
Wei-Cheng Pan
Randall Barker
Nathan Froyd
David Anderson
Haik Aftandilian
Igor
Alexandre Lissy
Cervantes Yu
Makoto Kato
Chris Peterson
Bill McCloskey
Phil Ringnalda
Gabor Krizsanits
Andrew McCreight
Kyle Huey
Carsten "Tomcat" Book
Bas Schouten
Chris Pearce