mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
553 755 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

91 Коммитов

Автор SHA1 Сообщение Дата
Bob Owen bbf27f0cae Bug 1377555 Part 2: Add option to Windows chromium sandbox policy to not use restricting SIDs. r=jimm 2017-07-11 09:44:20 +01:00
Bob Owen 01f2685a30 Bug 1377555 Part 1: Back out changesets 04edb03fb817 and d17ac655cc51. r=jimm 
This backouts the previous change to detect and change the sandbox policy
when running from a network drive.
 2017-07-11 09:44:20 +01:00
Bob Owen 1eb1c9091d Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm 2017-07-05 21:00:55 +01:00
Bob Owen a3df44ccee Bug 1323188: Don't use restricting SIDs in the sandbox access tokens when running from a network drive. r=jimm 2017-06-07 20:20:02 +01:00
Daniel Holbert 2a87f6e3c3 Bug 1369837: Add a void cast to silence clang Wcomma build warning, in sandbox's snapshot of chromium header. r=bobowen 
The build warning is for "possible misuse of comma operator".

The comma operator is a bit of a footgun becasue its first operand's result
just gets dropped on the floor (in this case, the result of the DCHECK
expression).  It appears that Chromium's use of the comma operator here is
intentional, though -- so we might as well accept clang's suggestion and "cast
expression to void to silence warning".

This is also filed upstream as:
 https://bugs.chromium.org/p/chromium/issues/detail?id=729123

MozReview-Commit-ID: Al2xsYEo3p0

--HG--
extra : rebase_source : 68d01b50ff1f07b68ddc0eeb7280ac412ac92932
 2017-06-02 12:45:01 -07:00
Bob Owen 22ff7c4117 Bug 1337331 Part 7: Re-apply - Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm 
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.

Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/1755a454e2de

MozReview-Commit-ID: 4tfygPiKG9Z
 2017-03-28 08:36:16 +01:00
Bob Owen 6a5727b408 Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm 
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e

MozReview-Commit-ID: ExTtkUIPXH8
 2017-03-29 14:23:17 +01:00
Bob Owen 927986bc20 Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz 
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
 2016-12-22 11:11:07 +00:00
Bob Owen 00ab6f4bb3 Bug 1337331 Part 4: Re-apply - Change to allow network drives in sandbox rules with non-file device fix. r=aklotz 
Carrying r=aklotz from previous changeset:
https://hg.mozilla.org/mozilla-central/rev/c70d06fa5302
 2016-02-01 08:59:00 +00:00
Gian-Carlo Pascutto 028f459d39 Bug 1337331 Part 3: Re-apply - Update chromium's list of linux-x86-32 syscalls. r=jld 
Carrying r=jld from previous changset:
https://hg.mozilla.org/mozilla-central/rev/e834e810a3fa

MozReview-Commit-ID: KnrK8HisHiX
 2016-06-08 20:36:04 +02:00
Bob Owen 1492af2edd Bug 1337331 Part 2: Re-apply - Logging changes to the Chromium interception code. r=tabraldes 
Carrying r=tabraldes from previous changset:
https://hg.mozilla.org/mozilla-central/rev/a05726163a79
 2014-11-29 17:12:18 +00:00
Bob Owen 94bf554716 Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz, r=jimm 
Also inclues follow-up to remove mitigations that require Windows 10 SDK.

MozReview-Commit-ID: HwqM4noIHmy
 2017-03-29 14:23:17 +01:00
Bob Owen 0ee38abf35 Bug 1344453 Part 1: Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm 
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
 2017-03-28 08:36:16 +01:00
Carsten "Tomcat" Book 0a1fc914ce Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob 2017-03-24 11:24:13 +01:00
Carsten "Tomcat" Book 50ef4d1d1b Backed out changeset 226c893c5d62 (bug 1337331) 2017-03-24 11:23:42 +01:00
Carsten "Tomcat" Book 3a931395eb Backed out changeset 438b6307c802 (bug 1337331) 2017-03-24 11:23:40 +01:00
Carsten "Tomcat" Book 8dd606e5ce Backed out changeset c4aa6b85411d (bug 1337331) 2017-03-24 11:23:37 +01:00
Carsten "Tomcat" Book a69a0cc262 Backed out changeset 5cd2e692ee0c (bug 1337331) 2017-03-24 11:23:35 +01:00
Carsten "Tomcat" Book ed6b3bc409 Backed out changeset 0dd9bae0b6b1 (bug 1337331) 2017-03-24 11:23:33 +01:00
Bob Owen b99c6e7ae0 Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm 
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e

MozReview-Commit-ID: ExTtkUIPXH8
 2017-03-23 10:29:05 +00:00
Bob Owen b2f5aa5c23 Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz 
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
 2016-12-22 11:11:07 +00:00
Bob Owen d3f4202804 Bug 1337331 Part 4: Re-apply - Change to allow network drives in sandbox rules with non-file device fix. r=aklotz 
Carrying r=aklotz from previous changeset:
https://hg.mozilla.org/mozilla-central/rev/c70d06fa5302
 2016-02-01 08:59:00 +00:00
Gian-Carlo Pascutto 3775b02a92 Bug 1337331 Part 3: Re-apply - Update chromium's list of linux-x86-32 syscalls. r=jld 
Carrying r=jld from previous changset:
https://hg.mozilla.org/mozilla-central/rev/e834e810a3fa

MozReview-Commit-ID: KnrK8HisHiX
 2016-06-08 20:36:04 +02:00
Bob Owen d0866c1ee4 Bug 1337331 Part 2: Re-apply - Logging changes to the Chromium interception code. r=tabraldes 
Carrying r=tabraldes from previous changset:
https://hg.mozilla.org/mozilla-central/rev/a05726163a79
 2014-11-29 17:12:18 +00:00
Bob Owen 8995d28500 Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz 2017-03-23 10:29:05 +00:00
Bob Owen d30aee57bf Bug 1339729: Remove wow_helper from Windows process sandboxing. r=glandium 2017-03-01 10:41:07 +00:00
David Parks 672079f03f Bug 1329328 - Permit sandboxed processes to access Flash temporary files. r=bobowen 
Allows the creation/use of temp files when the user has already green-lit
the use of a file for write purposes in that folder.
 2017-02-27 14:15:52 -08:00
David Parks 7f64ae96ea Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen 
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.

--HG--
extra : rebase_source : f1ddd3bdfb52cef0a2dc8bfbae4ba5c78e7fd7eb
 2017-01-20 08:27:57 -08:00
Sebastian Hengst 0155610268 Backed out changeset 0740284125d3 (bug 1284897) 2017-02-21 23:13:24 +01:00
David Parks 5b871d6f30 Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen 
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.

--HG--
extra : rebase_source : 309715aa2449d53456934495b1f5e854df599bfb
extra : histedit_source : 26761a6a33e4e5b2bb559caf3b3eb51c249f2bcd
 2017-01-20 08:27:57 -08:00
Phil Ringnalda 87ae1a50e4 Backed out 5 changesets (bug 1284897) for mozilla::SandboxPermissions::RemovePermissionsForProcess crashes 
Backed out changeset 19b2fcee13a9 (bug 1284897)
Backed out changeset a5171791437f (bug 1284897)
Backed out changeset 3ea8b8a18515 (bug 1284897)
Backed out changeset 21497a4e3bde (bug 1284897)
Backed out changeset 12e17d5f0fa9 (bug 1284897)
 2017-02-16 22:14:15 -08:00
David Parks 3fd846f6a8 Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen 
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
 2017-01-20 08:27:57 -08:00
Bob Owen 0b173d4f36 Bug 1321724: Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm 
MozReview-Commit-ID: 9cx2R6kMUwa
 2017-02-07 10:59:43 +00:00
Carsten "Tomcat" Book ac8a2fb906 Backed out changeset a608c5cc4ff8 (bug 1321725) for landing with wrong bug number 
--HG--
extra : rebase_source : 1d7b5b836c1e67507c6592c11d1bfe50623eee84
 2017-02-07 11:50:54 +01:00
Bob Owen 2ca65ce116 Bug 1321725: Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm 
MozReview-Commit-ID: 9cx2R6kMUwa
 2017-02-07 10:38:24 +00:00
Chris Peterson 4d95c4db20 Bug 1330496 - Part 1: Remove MOZ_WIN_INHERIT_STD_HANDLES_PRE_VISTA support for inheriting stdout/stderr handles on XP. r=bobowen 
MozReview-Commit-ID: B7qJdK2sjv5

--HG--
extra : rebase_source : 4053054009359c0a775dae5ad5e24ba74b4c7c7b
extra : amend_source : 3231886a86fd03ac52f3717e22f33a7b4dc41f54
extra : histedit_source : 4533b894f9894bf5c883943bc53b260faa2ae8b1
 2017-01-10 23:50:16 -08:00
Bob Owen 01b653ad07 Bug 1273372 Part 3: Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz 2016-12-22 11:11:07 +00:00
Bob Owen 9d42290e8c Bug 1273372 Part 2: Re-apply change to allow network drives in sandbox rules with non-file device fix. r=aklotz 2016-02-01 08:59:00 +00:00
Bob Owen fe98a5b119 Bug 1273372 Part 1: Backout change to allow network drives in sandbox rules. r=backout 2016-12-22 11:11:06 +00:00
Bob Owen fe5ccaf977 Bug 1303325: Revert changes to policy_target.cc that cause issue with CoInitializeSecurity. r=aklotz 
This also reverts the Bug 1287426 Part 8 patch that turned the USER_NON_ADMIN loken into a restricted token.

MozReview-Commit-ID: 9fNeyhAHw55

--HG--
extra : rebase_source : adbe59260d512b5d17b6e3ea6c1fe484c06eb555
 2016-09-16 13:49:53 +01:00
Bob Owen 83f2f5e72f Bug 1287426 Part 8: Change the USER_NON_ADMIN token to be a restricted token with the same access. r=aklotz 
This is to work around an issue where the call to CoInitializeSecurity in MainThreadRuntime::InitializeSecurity causes the impersonation token, used to give the pre-lockdown permissions, to be replaced with one with no rights.
This only seems to happen when the lockdown token is USER_NON_ADMIN, which is not a restricted token.

MozReview-Commit-ID: 6HFuDFmWLTf
 2016-09-06 08:57:22 +01:00
Gian-Carlo Pascutto 03bf07111a Bug 1287426 Part 7: Re-apply - Update chromium's list of linux-x86-32 syscalls. r=jld 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/adb1d2a92e0d

MozReview-Commit-ID: KpjitH5GQEq
 2016-06-08 20:36:04 +02:00
Bob Owen 9f75777f5c Bug 1287426 Part 6: Re-apply - Change Chromium sandbox to allow rules for files on network drives to be added. r=aklotz 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/afa4f68de47c

MozReview-Commit-ID: A18C0KcEqvP
 2016-02-01 08:59:00 +00:00
Bob Owen a2ede75e08 Bug 1287426 Part 5: Re-apply - Logging changes to the Chromium interception code. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/0f763c186855

MozReview-Commit-ID: DtuHfDoB1Dx
 2014-11-29 17:12:18 +00:00
Bob Owen 0a63c4cbc2 Bug 1287426 Part 4: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389

MozReview-Commit-ID: 2dpjBXkzlze
 2014-11-18 15:11:47 +00:00
Bob Owen d453628509 Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld 
MozReview-Commit-ID: 14eHMsYZznA
 2016-09-06 08:57:21 +01:00
Gian-Carlo Pascutto d56f275c43 Bug 1273852 - Update chromium's list of linux-x86-32 syscalls. r=jld 
MozReview-Commit-ID: KpjitH5GQEq

--HG--
extra : rebase_source : d45c7d0c1bf13481fe30ec484a15a409771f04ff
 2016-06-08 20:36:04 +02:00
Thomas Zimmermann 7d6335ca2d Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice 
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
 2016-06-16 08:43:51 +01:00
Sebastian Hengst 809cc61389 Backed out changeset a4f95658a29b (bug 1276927) 2016-06-15 12:24:14 +02:00
Thomas Zimmermann 652691d85a Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice 
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
 2016-06-15 10:59:48 +01:00