677499eb59
Bug 1386279 - Renovate Linux sandbox file broker handling of access(). r=gcp
...
1. X_OK is now allowed, and is limited only by the MAY_ACCESS permission.
2. The actual access() syscall is now used, if access is granted by the
broker policy. This fixed bug 1382246, which explains the background.
MozReview-Commit-ID: 926429PlBnL
--HG--
extra : rebase_source : 6ae54c4c25e1389fa3af75b0bdf727323448294a
2017-08-08 18:02:31 -06:00
0132ad567f
Bug 1386363 - remove access to the com.apple.SystemConfiguration.configd mach service from content processes; r=haik
...
MozReview-Commit-ID: 3hFEx67JkdO
--HG--
extra : rebase_source : f3671c7d7682aeb5ff4b89d2409670fcadc2341a
2017-08-07 10:09:32 -04:00
c329d562fb
merge mozilla-inbound to mozilla-central a=merge
2017-08-09 11:37:08 +02:00
2a133d756a
Bug 1388545 - Fix PulseAudio breakage caused by read restrictions. r=gcp
...
MozReview-Commit-ID: 518mslh9xy
2017-08-08 16:17:52 -06:00
ef291aef27
Bug 1388172 - [Mac] Remove access to "com.apple.window_proxies" from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 2EtLWOvPtyK
--HG--
extra : rebase_source : 3be19fbee8c0989cdfd82283ec2fb8acc5795989
2017-08-07 14:44:33 -07:00
d407d2ad13
Bug 1387570 - remove access to the com.apple.cache_delete mach service from content processes; r=haik
...
MozReview-Commit-ID: LoB1rx5DoV5
--HG--
extra : rebase_source : 7721399376e8ae7e6f41581681b61e92e20f2b21
2017-08-07 10:11:37 -04:00
9d03f37706
Bug 1322024 - [Mac] Remove com.apple.windowserver.active access from the content sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: CY99fseWrQX
--HG--
extra : rebase_source : a7219e91ca415c6f058337251ebecc8e9e5006be
2017-07-24 15:22:58 -07:00
90d2a77496
Bug 1387233 - restrict access to ipc-posix-shm APIs in the content process; r=haik
...
This removes /tmp/com.apple.csseed access entirely, ipc-posix-shm-read-metadata
from CFPBS:, and ipc-posix-shm-write-{create,unlink} from AudioIO and CFPBS:.
MozReview-Commit-ID: Eahx6guqGos
--HG--
extra : rebase_source : 621e81eb00411ae39882504db7d10a50eef30b27
2017-08-03 17:03:47 -04:00
d1db7f92fc
Bug 1385332 - remove access to the com.apple.pluginkit.pkd mach service from the content process; r=haik
...
MozReview-Commit-ID: 2KYaScrgnll
--HG--
extra : rebase_source : 4c39abdba18490f2fb12f1691f6fd5a4722cd542
2017-08-03 10:20:07 -04:00
60d25346d1
Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld
...
MozReview-Commit-ID: 9Pqwk45pJbe
--HG--
extra : rebase_source : 1c21f21d04cddd6c00e5f495c6686c671aa9cac1
2017-08-03 12:31:37 +02:00
36784f22aa
Bug 1385891 - Whitelist things in the extension dir, not just the dir itself. r=jld
...
MozReview-Commit-ID: 3DryT8mm1F3
--HG--
extra : rebase_source : 23a8bda22307687884aa73d454221a78a4922791
2017-08-04 09:48:32 +02:00
8b713b2b0f
Bug 1375125 - Stop using nsILocalFile in the tree. r=froydnj
...
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.
MozReview-Commit-ID: 4ecl3RZhOwC
--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
2017-08-04 17:49:22 +09:00
d3e4a052d9
Bug 1386075 - [Mac] Remove (iokit-user-client-class "RootDomainUserClient"). r=Alex_Gaynor
...
MozReview-Commit-ID: 2bM5KVIbdru
--HG--
extra : rebase_source : f406551fb0986aaa77dd814cba17d399602093fb
2017-08-03 13:29:55 -07:00
250a8036f3
Bug 1385096 - remove access to the com.apple.bird mach service from the content process; r=haik
...
MozReview-Commit-ID: FqKZVL16zz9
--HG--
extra : rebase_source : 8abca2f5c3aa95268887789fc2ca1a24da97de54
2017-08-03 10:14:33 -04:00
e6f1d0e175
Bug 1386161 - [Mac] Remove IOAudioControl Rules. r=Alex_Gaynor
...
MozReview-Commit-ID: 3cLUCJDoWlh
--HG--
extra : rebase_source : a6e5e7fa3975407f05c92f9e33b98826b2784e68
2017-07-30 22:26:06 -07:00
11a211f901
Bug 1386308 - stop trying to change the display sleep settings from the content process; r=haik
...
Before this change we were trying to change the settings from both the content
and parent processes, so this doesn't change any functionality. This allows to
remove access to the com.apple.PowerManagement.control mach service from the
content process.
MozReview-Commit-ID: 3DOhqG5U6oz
--HG--
extra : rebase_source : dee0b97c444ae95cfc8f80cb0fb99aa9e2658d51
2017-08-01 12:22:42 -04:00
f09847af4d
Bug 1386291 - remove access to the com.apple.DesktopServicesHelper mach service in content processes; r=haik
...
MozReview-Commit-ID: Bk58lE5p6fi
--HG--
extra : rebase_source : a730b7bdf508a26cb039345f23d71c2558c1d7d1
2017-08-01 11:12:44 -04:00
5b6073d494
Bug 1385715 - Add support for WebGL on NVIDIA PRIME. r=jld
...
MozReview-Commit-ID: 6hXLXgNdVti
--HG--
extra : rebase_source : 14917cd11f97f41f46c6d6b42cea2ecb4162293a
2017-08-02 12:02:16 +02:00
5bfd2b1cc1
Bug 1385253 - Whitelist main NixOS data store directory. r=jld
...
MozReview-Commit-ID: 2aDBSAOrbv6
--HG--
extra : rebase_source : fa8e7fee91b2688fcaa94851e1820deca1c21277
2017-08-02 11:51:12 +02:00
5df77c43f9
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: IJRYyJu1sWm
2017-08-02 17:42:10 -07:00
baf6cddc4c
Merge inbound to central, a=merge
...
MozReview-Commit-ID: 9NFjSEt96iT
2017-08-02 17:11:51 -07:00
8f357724e0
Bug 1385891 - Whitelist extensions dir in the profile. r=jld
...
MozReview-Commit-ID: 7wpVmqs6Y1X
--HG--
extra : rebase_source : 8b168e291469efb3afb90754a2833c07dd815e9f
extra : histedit_source : 7c259145efbf7cb21688d3580f74b216bb972e63
2017-07-31 18:19:26 +02:00
0d8bd27705
Bug 1384483 - Allow reading userContent.css in the sandbox. r=jld
...
MozReview-Commit-ID: A43RY1J95VF
--HG--
extra : rebase_source : 0c8355b34e79d8b0f4ec744a6f2b8b4414e0ab5c
extra : histedit_source : 6ddf29193d5a8b26e50a6a5b8e885caeff366033
2017-07-31 17:58:19 +02:00
08e54b7c13
Bug 1384819 (part 1) - Split MozStackWalk(). r=glandium.
...
MozStackWalk() is different on Windows to the other platforms. It has two extra
arguments, which can be used to walk the stack of a different thread.
This patch makes those differences clearer. Instead of having a single function
and forbidding those two arguments on non-Windows, it removes those arguments
from MozStackWalk, and splits off MozStackWalkThread() which retains them. This
also allows those arguments to have more appropriate types (HANDLE instead of
uintptr_t; CONTEXT* instead of than void*) and names (aContext instead of
aPlatformData).
The patch also removes unnecessary reinterpret_casts for the aClosure argument
at a couple of MozStackWalk() callsites.
--HG--
extra : rebase_source : 111ab7d6426d7be921facc2264f6db86c501d127
2017-07-27 12:46:47 +10:00
094c496d8d
Backed out 2 changesets (bug 1384986) for failures in browser_content_sandbox_fs.js a=backout
...
Backed out changeset 23dae62b5ece (bug 1384986)
Backed out changeset 60408af056d9 (bug 1384986)
MozReview-Commit-ID: gru7nyixFG
2017-08-01 18:17:48 -07:00
567f1c90d0
Bug 1384941 - removed access to mach services which are used for cameras in the content process; r=haik
...
MozReview-Commit-ID: Ir6KgLM34bu
--HG--
extra : rebase_source : badd0b62f20b870f7da82fcbefb09f7545e02801
2017-07-25 11:51:03 -04:00
34c815ff04
Bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox. r=Alex_Gaynor
...
MozReview-Commit-ID: 37zX5WZiF4P
--HG--
extra : rebase_source : 53bd0bb8cb8353a7ec513066581a6abfe2d99172
2017-07-24 15:53:18 -07:00
26e4446a5b
Bug 1384986 - Fix PulseAudio breakage caused by read restrictions. r=gcp
...
MozReview-Commit-ID: 518mslh9xy
--HG--
extra : rebase_source : fe5c8abda549f62f1dc20f6942ad877b0d1ecd75
2017-07-27 12:41:22 -06:00
34c347eb14
Bug 1384986 - Fix DConf breakage caused by read restrictions. r=gcp
...
MozReview-Commit-ID: GKTBPtAea5J
--HG--
extra : rebase_source : 9f0a85bddfcfe9a31364ee2e63f768eaddc52ce0
2017-07-27 11:32:09 -06:00
347f03dad0
Bug 1384306 - Allow SOCK_CLOEXEC in socketpair(). r=gcp
...
MozReview-Commit-ID: 45LJiUxZeg6
--HG--
extra : rebase_source : 234d542fea3e85ca521f23256dceee7fab6108a3
2017-07-27 15:27:06 -06:00
72c884bf74
Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
...
--HG--
extra : rebase_source : d317b25be2ec21d1a60d25da3689e46cdce0b649
2017-07-31 14:28:48 +10:00
bbe32b6bed
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 44WBcWjnVo
2017-07-30 11:19:17 +02:00
4d4fefbd12
Bug 1384718 - Add sandbox rules for Mesa 17.1 driver loader. r=gcp
2017-07-29 13:05:55 -04:00
cbb91e347d
Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik
...
MozReview-Commit-ID: BDD7WzTqHC6
--HG--
extra : rebase_source : d3eb23c8217a4dad7877a663fb455a0db2660330
2017-07-27 13:58:28 -04:00
724ff5d5bc
Bug 1264811 - Use a const reference and a default constructor to simplify the macOS sandbox code; r=haik
...
MozReview-Commit-ID: Dtspj7fL9t7
--HG--
extra : rebase_source : 4b85a1d7bd8ad393f032e67ebff0888bcfdd5447
2017-07-28 15:00:22 -04:00
4237da641e
Backed out changeset 4d7f80401751 (bug 1385028) for bustage.
...
--HG--
extra : rebase_source : 74b74e1a87c5e524f15eb04917d5b2205f3f87f3
2017-07-27 20:10:23 -04:00
7372dae53f
Bug 1385028 - simplify handling of macOS minor version in the sandbox policy; r=haik
...
MozReview-Commit-ID: BDD7WzTqHC6
--HG--
extra : rebase_source : 1d4a4deedbf6351da61e9433738000dcf6bcd0df
2017-07-27 13:58:28 -04:00
7f9d32b10e
Bug 1384153 - Artifact and local builds crashing content tabs on latest autoland to m-c merge. r=spohl
...
MozReview-Commit-ID: 6xHFTCXVgr7
--HG--
extra : rebase_source : b74fd0f4cece68bbf3f251c533d7b239cbc7e7ee
2017-07-26 22:47:10 -07:00
d360d49d2a
merge mozilla-inbound to mozilla-central a=merge
2017-07-27 10:57:25 +02:00
709a96c2ee
Backed out 3 changesets (bug 1383007, bug 1376910)
...
Backed out changeset 394b3d22db19 (bug 1383007)
Backed out changeset 17e2e2aa8f56 (bug 1376910)
Backed out changeset d11cd5c3fc6f (bug 1376910)
2017-07-26 12:50:28 -06:00
3229d39dba
Bug 1384677 - remove com.apple.cookied access from content processes; r=haik
...
MozReview-Commit-ID: 5mI4VXf7J8Q
--HG--
extra : rebase_source : 8514a3e7e73059964b29e240d7979b3a2758bb69
2017-07-25 11:03:43 -04:00
679210723b
merge mozilla-inbound to mozilla-central a=merge
2017-07-25 14:27:17 +02:00
7ee246522d
Bug 1308400 - Report failures in file processes too. r=jld
...
MozReview-Commit-ID: 549WuWKaJeM
--HG--
extra : rebase_source : 22d6348e602f2ceae546502fa0050ab0960ec075
2017-07-10 20:20:49 +02:00
d791c78487
Bug 1308400 - Symlink handling for read brokering. r=jld
...
MozReview-Commit-ID: BP1gFdDbqXD
--HG--
extra : rebase_source : 5db26ad21e40ab19228ac8a978215b97cf8b3b28
2017-07-06 15:31:13 +02:00
8bc55108f2
Bug 1308400 - Support file process, whitelist path prefs. r=jld
...
MozReview-Commit-ID: 3eX06AioPZL
--HG--
extra : rebase_source : 56bcfaad3360fe92ce605a0413bb3a9cacb4446d
2017-07-24 16:32:22 +02:00
6202d4908b
Bug 1383007 - Move the declaration in the #ifdef declaration to silent a warning r=jld
...
Otherwise, a warning is triggered because the statement will never be executed [-
Found with -Wswitch-unreachable with gcc 7
MozReview-Commit-ID: FVStzyFlhJp
--HG--
extra : rebase_source : 1db87153c3e7dcde8d5a9e0f1f0ff607307c9ca2
2017-07-21 23:28:47 +02:00
ff8375cf2e
Bug 1382099 - Remove MOZ_WIDGET_GONK from security/. r=jld.
...
--HG--
extra : rebase_source : 8027baf7a24e5e0d91a175ab38614594c143767b
2017-07-21 10:45:42 +10:00
b4239707cf
Bug 1366694 Part 2: Don't run sandbox file system test in DEBUG on Windows. r=jimm
...
This is because in DEBUG mode we currently give full access to TEMP dir
for logging purposes and the temporary profile is created in the TEMP dir.
2017-07-20 07:50:48 +01:00
dc46549cd6
Bug 1366694 Part 1: Allow user handles in the content process job in DEBUG builds. r=jimm
2017-07-07 15:51:17 +01:00
4634e2a332
Bug 1376910 - Unshare the SysV IPC namespace in content processes. r=gcp
...
MozReview-Commit-ID: 1Uajj68rEuC
--HG--
extra : rebase_source : 5a6c86a104911146cfb56243dec8016fca536dc3
2017-06-28 07:11:55 -07:00
Jed Davis
Alex Gaynor
Carsten "Tomcat" Book
Haik Aftandilian
Gian-Carlo Pascutto
Masatoshi Kimura
Wes Kocher
Nicholas Nethercote
Sebastian Hengst
Thomas Daede
Ryan VanderMeulen
Sylvestre Ledru
Bob Owen