This patch mostly turns on the features set up by the earlier patches:
allow connecting to the X server and reading various related things
(.Xauthority, GPU device info in sysfs, etc.). It also turns off Mesa's
shader cache in the RDD process; that shouldn't be needed here, and
disabling it lets us avoid dealing with a few things in the sandbox
policy that we'd rather not (e.g., `getpwuid`).
Differential Revision: https://phabricator.services.mozilla.com/D146275
This patch moves a lot of text but the idea is relatively simple and
no functional change is intended: factor out the parts of the content
sandbox policy needed to create and use an EGL context under X11.
(The `AddDriPaths` function already has some of the dependencies in a
conveniently separated form, but there are others.)
Differential Revision: https://phabricator.services.mozilla.com/D146274
These syscalls (at least send/recv) are used by X11 client libraries, and
allowing them doesn't really change anything about security or attack
surface, because they're strict subsets of sendmsg/recvmsg which we
already allow everywhere for use by IPC. So, this patch allows them in
all process types instead of only content.
Differential Revision: https://phabricator.services.mozilla.com/D146273
We're going to want to let the RDD process make a (brokered) connection
to a local X server, but the seccomp-bpf plumbing for that mostly lives
in the content process sandbox policy. This moves it into the common
policy, and subclasses can opt in.
Differential Revision: https://phabricator.services.mozilla.com/D146272
The arguments to the SandboxPolicyCommon contructor will get more
complicated as more optional features are added (e.g., the one added in
the next patch), and they're basically just mapped to boolean member
variables, so this patch lets the subclasses set them directly, to keep
things simpler and more readable.
Differential Revision: https://phabricator.services.mozilla.com/D146271
A custom defintion wrapping fu2::function_base is used to customize the
inline buffer's size and alignment to make it compatible with nsTArray.
Without the custom wrapper, `alignof(max_align_t)` is used, which is
larger than nsTArray's max alignment on some platforms.
Differential Revision: https://phabricator.services.mozilla.com/D145691
The function2 library is a header-only library which provides support
for defining move-only function types, similar to the proposed
std::move_only_function in C++23, but with support for additional
customization.
This appears to be the first time we've vendored code using the boost
license, so I've added it to license.html and moz_yaml.py, and have
requested review to ensure it is OK to use code with this license.
Differential Revision: https://phabricator.services.mozilla.com/D145690
The function2 library uses an explicit move constructor internally,
which would trigger this checker, and cause a build failure.
Differential Revision: https://phabricator.services.mozilla.com/D145689
This wrapper exposes all lexical variables in Cu.import return value,
that allows us removing `this.foo = foo;` hack, in bug 1610653 patches,
without affecting the not-in-tree consumer.
Differential Revision: https://phabricator.services.mozilla.com/D145938
This shim redirects Cu.import("foo.jsm") to ChromeUtils.importModule("foo.mjs")
if foo.jsm is already renamed to foo.mjs.
This de-optimizes ESM component's global `var`s, in order to expose all
variables in `ModuleEnvironmentObject`, and return those variables from
`Cu.improt`'s return value.
In contrast to normal Cu.import, the return value of shim version exposes
all non-exported lexical variables.
Bug 1768060 patch aligns the normal Cu.import to expose them as well,
so that `this.foo = foo;` hack can be removed in bug 1610653.
Once not-in-tree `Cu.import` consumers are gone and `Cu.import` is removed,
this shim and the de-optimization for the `var` can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D145784
In order to add public API that returns module's environment, shell-only
function GetModuleEnvironment needs to be renamed.
Differential Revision: https://phabricator.services.mozilla.com/D146034
This is necessary for putting all global `var`s in `ModuleEnvironmentObject`,
instead of local slot, so that they're accessible in Part 4 patch.
Differential Revision: https://phabricator.services.mozilla.com/D146033
The deserialize parameter is used only for getting global object, and in the JSM
context, it's the shared global. So directly passing globalThis works.
Differential Revision: https://phabricator.services.mozilla.com/D144133
This `global` variable is used for accessing Error prototypes, and they're
properties of the shared global (`globalThis`), not per-JSM global (`this`).
Differential Revision: https://phabricator.services.mozilla.com/D144131
For smaller paper sizes (e.g. label maker sized paper) it's possible that the defaut margins will be too large, wich results in non-obvious error state for the print dialog. In this case we want to fall back to using "None" margins to ensure the form is valid/printing is still possible.
Differential Revision: https://phabricator.services.mozilla.com/D142889
Form Autofill now supports respecting autocomplete=off if the newly added
"extensions.formautofill.creditCards.ignoreAutocompleteOff" and
"extensions.formautofill.addresses.ignoreAutocompleteOff" are set to false.
Differential Revision: https://phabricator.services.mozilla.com/D145916
Jonathan Kew
Iulian Moraru
Jed Davis
Daniel Holbert
Magnus Melin
Nika Layzell
Daisuke Akatsuka
Kagami Sascha Rosylight
Tooru Fujisawa
Nick Alexander
Emilio Cobos Álvarez
Narcis Beleuzu
Mozilla Releng Treescript
Tom Schuster
Alexandre Lissy
Hanna Jones
Tim Giles
Eitan Isaacson