44ae0c536b
Bug 1295700 - Don't allow content processes to access the weave director on macOS r=haik
...
These directories contain sensitive content, and access is not necessary now that we have file content processes.
r=haik
MozReview-Commit-ID: FiRJkMnlYUx
--HG--
extra : rebase_source : 0bcdefcb1ea410fb26c3f8373673488e2a5fdd75
2017-04-06 15:20:23 -04:00
5da888bcd4
Merge m-c to autoland
2017-04-05 21:34:29 -07:00
4c78879252
Backed out 2 changesets (bug 1329294) for Win8 debug bustage in test_refresh_firefox.py TestFirefoxRefresh.testReset, a=merged-around-permaorange
...
Backed out changeset 08e2719fe7be (bug 1329294)
Backed out changeset 3b1bbf6392f4 (bug 1329294)
2017-04-05 21:32:08 -07:00
f84f44fbfa
Bug 1329294 Part 2: Enable content temp file test on Windows. r=haik
2017-04-05 16:34:36 +01:00
beb64a1329
Bug 1353040 - Switch from sandbox_init to sandbox_init_with_parameters. r=haik
...
This API produces much more readable code (though slightly more verbose). While this is not a publicly documented API on macOS, it is used by both WebKit and Chrome.
MozReview-Commit-ID: LVxYT4wBLck
--HG--
extra : rebase_source : 9688981ea0bb4e71f084afc404af705fa68f84a3
2017-04-04 13:40:36 -04:00
264adb55c2
Merge m-c to autoland, a=merge
2017-04-05 14:20:01 -07:00
49d40030b6
Bug 1348269 - When SpawnTarget fails during Windows sandboxed process creation, log more information r=bobowen
...
r=bobowen
MozReview-Commit-ID: HTLPYg870rt
--HG--
extra : rebase_source : 5c7fc4045324d442ff372ec700b57c12c4d10080
2017-04-04 10:54:14 -04:00
22ff7c4117
Bug 1337331 Part 7: Re-apply - Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
...
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/1755a454e2de
MozReview-Commit-ID: 4tfygPiKG9Z
2017-03-28 08:36:16 +01:00
6a5727b408
Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
...
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e
MozReview-Commit-ID: ExTtkUIPXH8
2017-03-29 14:23:17 +01:00
927986bc20
Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz
...
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
2016-12-22 11:11:07 +00:00
00ab6f4bb3
Bug 1337331 Part 4: Re-apply - Change to allow network drives in sandbox rules with non-file device fix. r=aklotz
...
Carrying r=aklotz from previous changeset:
https://hg.mozilla.org/mozilla-central/rev/c70d06fa5302
2016-02-01 08:59:00 +00:00
028f459d39
Bug 1337331 Part 3: Re-apply - Update chromium's list of linux-x86-32 syscalls. r=jld
...
Carrying r=jld from previous changset:
https://hg.mozilla.org/mozilla-central/rev/e834e810a3fa
MozReview-Commit-ID: KnrK8HisHiX
2016-06-08 20:36:04 +02:00
1492af2edd
Bug 1337331 Part 2: Re-apply - Logging changes to the Chromium interception code. r=tabraldes
...
Carrying r=tabraldes from previous changset:
https://hg.mozilla.org/mozilla-central/rev/a05726163a79
2014-11-29 17:12:18 +00:00
94bf554716
Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz, r=jimm
...
Also inclues follow-up to remove mitigations that require Windows 10 SDK.
MozReview-Commit-ID: HwqM4noIHmy
2017-03-29 14:23:17 +01:00
2a12392590
Bug 1344453 Part 2: Add FILES_ALLOW_READONLY rule to all paths when Windows child process should have full read access. r=jimm
2017-03-28 08:36:16 +01:00
0ee38abf35
Bug 1344453 Part 1: Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
...
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
2017-03-28 08:36:16 +01:00
0a1fc914ce
Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob
2017-03-24 11:24:13 +01:00
50ef4d1d1b
Backed out changeset 226c893c5d62 (bug 1337331)
2017-03-24 11:23:42 +01:00
3a931395eb
Backed out changeset 438b6307c802 (bug 1337331)
2017-03-24 11:23:40 +01:00
8dd606e5ce
Backed out changeset c4aa6b85411d (bug 1337331)
2017-03-24 11:23:37 +01:00
a69a0cc262
Backed out changeset 5cd2e692ee0c (bug 1337331)
2017-03-24 11:23:35 +01:00
ed6b3bc409
Backed out changeset 0dd9bae0b6b1 (bug 1337331)
2017-03-24 11:23:33 +01:00
b99c6e7ae0
Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
...
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e
MozReview-Commit-ID: ExTtkUIPXH8
2017-03-23 10:29:05 +00:00
b2f5aa5c23
Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz
...
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
2016-12-22 11:11:07 +00:00
d3f4202804
Bug 1337331 Part 4: Re-apply - Change to allow network drives in sandbox rules with non-file device fix. r=aklotz
...
Carrying r=aklotz from previous changeset:
https://hg.mozilla.org/mozilla-central/rev/c70d06fa5302
2016-02-01 08:59:00 +00:00
3775b02a92
Bug 1337331 Part 3: Re-apply - Update chromium's list of linux-x86-32 syscalls. r=jld
...
Carrying r=jld from previous changset:
https://hg.mozilla.org/mozilla-central/rev/e834e810a3fa
MozReview-Commit-ID: KnrK8HisHiX
2016-06-08 20:36:04 +02:00
d0866c1ee4
Bug 1337331 Part 2: Re-apply - Logging changes to the Chromium interception code. r=tabraldes
...
Carrying r=tabraldes from previous changset:
https://hg.mozilla.org/mozilla-central/rev/a05726163a79
2014-11-29 17:12:18 +00:00
8995d28500
Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz
2017-03-23 10:29:05 +00:00
17d57d21e1
Bug 1340351 - Allow sandboxed content process on macOS to access fonts synced by Adobe Creative Cloud. r=haik
2017-03-16 22:26:43 +00:00
37bbced84d
Bug 1344711 - hand cleanup of remaining useless try blocks around get*Pref calls identified by eslint, r=jaws.
...
--HG--
extra : rebase_source : 18c027010838faba91f0ac699f9bde07f85500e7
2017-03-07 15:29:48 +01:00
654b5c9af9
Bug 1320458 - Make logging by sandboxed child processes to a file work on Windows, r=aklotz
...
MozReview-Commit-ID: 7eiW3Lo6q8Z
2017-03-06 17:42:31 +01:00
8f8a9f5255
Bug 1344106 - Remove Linux todos() now that Linux sandboxing is riding the trains. r=haik
...
MozReview-Commit-ID: 9tI2S6fEYkD
--HG--
extra : rebase_source : 0a5d00f8498861e7ea281e527b2be6b2c4e472d6
2017-03-03 09:50:29 +01:00
d30aee57bf
Bug 1339729: Remove wow_helper from Windows process sandboxing. r=glandium
2017-03-01 10:41:07 +00:00
672079f03f
Bug 1329328 - Permit sandboxed processes to access Flash temporary files. r=bobowen
...
Allows the creation/use of temp files when the user has already green-lit
the use of a file for write purposes in that folder.
2017-02-27 14:15:52 -08:00
bcd3dcc6b3
Bug 1342385: Allow mremap on linux32 for wasm; r=jld
...
MozReview-Commit-ID: 82f8ryvd57S
--HG--
extra : rebase_source : 0e74611052853f149eb0fefe8fef849a8f8978b0
extra : amend_source : ff91bb31d45ca4783da391e519f10e3613f0f890
2017-02-24 13:18:57 +01:00
7f64ae96ea
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
...
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
--HG--
extra : rebase_source : f1ddd3bdfb52cef0a2dc8bfbae4ba5c78e7fd7eb
2017-01-20 08:27:57 -08:00
26437f4ecd
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
...
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.
--HG--
extra : rebase_source : 4d5637bcdbeae605b0b99e9192598d48f371b698
2017-02-14 15:08:40 -08:00
68e7240c0c
Backed out changeset 71b9ac06a60a (bug 1284897)
2017-02-21 23:13:29 +01:00
0155610268
Backed out changeset 0740284125d3 (bug 1284897)
2017-02-21 23:13:24 +01:00
5b871d6f30
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
...
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
--HG--
extra : rebase_source : 309715aa2449d53456934495b1f5e854df599bfb
extra : histedit_source : 26761a6a33e4e5b2bb559caf3b3eb51c249f2bcd
2017-01-20 08:27:57 -08:00
82eb0f3fdd
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
...
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.
--HG--
extra : rebase_source : e34e8b50101cc40ded26e80791052123b24c8243
extra : histedit_source : 69c9b2dc91546adbfdad03b5d43842809191ffb9
2017-02-14 15:08:40 -08:00
a01b0b45dd
Bug 1286865 - Step 4: Report rejected syscall info in Telemetry. r=gcp r=francois
...
MozReview-Commit-ID: 7R755WT1Ftu
--HG--
extra : rebase_source : 77356e29da9a02a3a4392be3de0e9e88ed9e131e
extra : histedit_source : 813980d967009d4270143ce3a503836c7337941f
2017-02-20 19:55:56 +01:00
f0666046d6
Bug 1286865 - Step 2: Add XPCOM bindings for sandbox syscall reporter. r=gcp r=glandium
...
MozReview-Commit-ID: GERRsOJ7H2w
--HG--
extra : rebase_source : 8ff688150ccf417a266a663ed0973d4850f51e63
2017-01-30 18:50:41 -07:00
f2fa27edca
Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp
...
MozReview-Commit-ID: 8GfFo4xso65
--HG--
extra : rebase_source : 1596a79d65d30dc72d8b84fc4f1639de377f554a
2017-01-30 18:49:53 -07:00
eb0d19601a
Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
...
MozReview-Commit-ID: 1It6HNizbAc
--HG--
extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
2017-01-27 14:25:50 -07:00
87ae1a50e4
Backed out 5 changesets (bug 1284897) for mozilla::SandboxPermissions::RemovePermissionsForProcess crashes
...
Backed out changeset 19b2fcee13a9 (bug 1284897)
Backed out changeset a5171791437f (bug 1284897)
Backed out changeset 3ea8b8a18515 (bug 1284897)
Backed out changeset 21497a4e3bde (bug 1284897)
Backed out changeset 12e17d5f0fa9 (bug 1284897)
2017-02-16 22:14:15 -08:00
3fd846f6a8
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen
...
Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
2017-01-20 08:27:57 -08:00
e9bcaf4cbe
Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen, r=glandium
...
Hook this into the browser via the XREAppData. This patch does not include the changes to Chromium source code.
2017-02-14 15:08:40 -08:00
017c515285
Merge inbound to m-c a=merge
...
MozReview-Commit-ID: IKI0zVtF1n9
2017-02-15 16:18:13 -08:00
209be0e8ce
Bug 1339389: Remove legacy build config from Windows SandboxBroker moz.build. r=glandium
...
MozReview-Commit-ID: KA3dCxrCZRo
2017-02-15 08:31:14 +00:00
Alex Gaynor
Phil Ringnalda
Bob Owen
Wes Kocher
Gian-Carlo Pascutto
Carsten "Tomcat" Book
Jonathan Kew
Florian Quèze
Honza Bambas
Haik Aftandilian
David Parks
Benjamin Bouvier
Sebastian Hengst
Jed Davis