This fixes improper usages of Find where an offset was actually being use for
the boolean ignore case flag. It also fixes a few instances of passing in a
literal wchar_t to our functions where a NS_LITERAL_STRING or char16_t should
be used instead.
--HG--
extra : rebase_source : 5de1e9335895d65e6db06c510e8887d27be3390f
extra : source : f762f605dd83fc6331161a33e1ef5d54cafbd08d
This is 0cb5dadc2b1f84fbbd9c6f75056e38d05a5b07d3 and
db4c64b63d6098294ed255e962700fd2d465575e in the chromium repository.
This allows a single process to create sandboxed children with alternate
desktops on both an alternate winstation and the local winstation.
MozReview-Commit-ID: 8sS7LjoveOk
--HG--
extra : rebase_source : 6915af73743f87ed74ddefe04210dbdd95bb56ed
Adds access to video encoding/decoding services when running on macOS 10.13 High Sierra.
MozReview-Commit-ID: 6h4dZ6gkFtp
--HG--
extra : rebase_source : 8c5078b336631e3254fcaaf6727dff281c840159
Fix the file access check by adding missing parentheses to isDirectory method call.
Don't run the cookies file check on Linux because the test profile is read accessible due to being in /tmp.
MozReview-Commit-ID: lps2hk8f5U
--HG--
extra : rebase_source : 5fba75d65081e56df5a0d171c41689c489a3aace
Generally, the intent for the Add* methods is that they always grant
rights in addition to what's already in the policy, not remove them;
this makes subtree rules that overlap single-file rules follow that
principle.
This requires a global analysis because the conflicting rules can be
added in any order. It does not currently attempt to handle prefix
rules that aren't at a path component boundary, because that's not a
problem we currently have.
MozReview-Commit-ID: 4kv6QoGCBTV
--HG--
extra : rebase_source : 9e41263bbb1c07b8cde40ec2e72d746f17278fcb
Now that all of the operations that took two paths are removed, we can
have less string manipulation running on untrusted inputs in a trusted
context.
Note that the path isn't null-terminated in transit, because we know
the message length and there's no longer any need to delimit anything.
(This is how the protocol worked before the two-path operations were
added.)
MozReview-Commit-ID: 5VHkMoPlWmU
--HG--
extra : rebase_source : 2108a4f7c7bf5098f2ef63786c3675367bd56e19
In testing (local and CI) these seem to no longer be used.
MozReview-Commit-ID: 2D3C8eWoIsB
--HG--
extra : rebase_source : dde2015af1d036c32631d185703f1149285b253e
Now that all of the operations that took two paths are removed, we can
have less string manipulation running on untrusted inputs in a trusted
context.
Note that the path isn't null-terminated in transit, because we know
the message length and there's no longer any need to delimit anything.
(This is how the protocol worked before the two-path operations were
added.)
MozReview-Commit-ID: 5VHkMoPlWmU
--HG--
extra : rebase_source : 74fd595c4aea6c9e073ae704b8e59599770300b4
In testing (local and CI) these seem to no longer be used.
MozReview-Commit-ID: 2D3C8eWoIsB
--HG--
extra : rebase_source : 20d986e1430a70ddb534fdd73d1d06e12510292f
Moves IsDevelopmentBuild(), GetRepoDir(), and GetObjectDir() out of
SandboxSettings because they also need to be used by ExtensionProtocolHandler
to do security checks on developer builds as a result of how developer builds
rely on symlinks to the repo dir from system extension directories.
Remove the Linux-implementation of GetRepoDir() and GetObjectDir()
because the Linux content sandbox implementation and the
ExtensionProtocolHandler checks don't need them.
MozReview-Commit-ID: KwBFUnh6Cml
--HG--
extra : rebase_source : 3529a18ea802699ff968b798a7c560613469809b
1. X_OK is now allowed, and is limited only by the MAY_ACCESS permission.
2. The actual access() syscall is now used, if access is granted by the
broker policy. This fixed bug 1382246, which explains the background.
MozReview-Commit-ID: 926429PlBnL
--HG--
extra : rebase_source : 6ae54c4c25e1389fa3af75b0bdf727323448294a
This removes /tmp/com.apple.csseed access entirely, ipc-posix-shm-read-metadata
from CFPBS:, and ipc-posix-shm-write-{create,unlink} from AudioIO and CFPBS:.
MozReview-Commit-ID: Eahx6guqGos
--HG--
extra : rebase_source : 621e81eb00411ae39882504db7d10a50eef30b27
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.
MozReview-Commit-ID: 4ecl3RZhOwC
--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
Sebastian Hengst
Bob Owen
Chris Manchester
Eric Rahm
Alex Gaynor
Jed Davis
Gian-Carlo Pascutto
Haik Aftandilian
James Forshaw
Phil Ringnalda
Chris Peterson
Sylvestre Ledru
Wes Kocher
Carsten "Tomcat" Book
Masatoshi Kimura