mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
573 142 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

863 Коммитов

Автор SHA1 Сообщение Дата
Bob Owen cd83addd77 Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm 2017-12-07 10:24:38 +00:00
Bob Owen 8ba04e79f9 Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz 2017-12-07 09:07:43 +00:00
Alex Gaynor 52d69a63ca Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik 
MozReview-Commit-ID: GJukCOAyE10

--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
 2017-11-28 14:06:06 -05:00
Gabriele Svelto 80fbb39861 Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert 
MozReview-Commit-ID: CfPBvffjEhq

--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
 2017-10-10 15:25:39 +02:00
Bob Owen ef5af7b0b1 Bug 1366701 Part 2: Roll-up patch to apply remaining mozilla changes to chromium sandbox. r=tabraldes,aklotz,jimm,bobowen 
Patches re-applied from security/sandbox/chromium-shim/patches/after_update/.
See patch files for additional commit comments.
 2014-11-29 17:12:18 +00:00
Bob Owen 6bd2ddcccd Bug 1366701 Part 1: Roll-up of chromium sandbox update and mozilla patches to get a running browser. r=jld,aklotz,jimm,bobowen 
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.

Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
 2017-10-26 15:10:41 +01:00
Alex Gaynor de761e28e1 Bug 1419811 - allow file content processes to access the com.apple.iconservices service; r=Gijs,haik 
Directory listing for file URLs needs access to draw icons for files.

MozReview-Commit-ID: KIEx00gB5ia

--HG--
extra : rebase_source : 16aadb2f008f40233a2147dea384d9ed33310cb7
 2017-11-22 11:51:32 -06:00
Gian-Carlo Pascutto 34be833347 Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld 
MozReview-Commit-ID: KahivmVJR1l

--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
 2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto c979b7a21f Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld 
MozReview-Commit-ID: DwwltKQg8x4

--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
 2017-11-17 15:45:11 +01:00
Bob Owen 5a64c2aeb7 Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm 2017-11-16 18:10:00 +00:00
Jonathan Kew 304ec4c15e Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik 2017-11-15 17:59:44 +00:00
Jed Davis 873f611a48 Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp 
MozReview-Commit-ID: JknJhF5umZc

--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
 2017-10-06 17:15:46 -06:00
Alex Gaynor af821e1fe3 Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp 
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.

MozReview-Commit-ID: 4CsOf89vlRB

--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
 2017-06-01 10:38:22 -04:00
shindli 897ae925f7 Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE 
Backed out changeset 00edc1ac58f9 (bug 1365257)

--HG--
extra : rebase_source : d33f3bba71d1899e0f4a5051369c240e00ea42fe
 2017-11-10 19:23:58 +02:00
Alex Gaynor 31e67fc86a Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp 
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.

MozReview-Commit-ID: 4CsOf89vlRB

--HG--
extra : rebase_source : 10234bd7d837eae8dc915e4a0c0a37040fd0a280
 2017-06-01 10:38:22 -04:00
Bob Owen cd430d0c58 Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm 2017-11-08 08:06:14 +00:00
Jed Davis 0b91cda795 Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp 
MozReview-Commit-ID: Bz4EWU13HAJ

--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
 2017-10-31 18:12:43 -06:00
Jed Davis de1cbf125f Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp 
MozReview-Commit-ID: DY0qdGYGNdL

--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
 2017-10-30 19:45:39 -06:00
Jed Davis a2451f13e5 Bug 1412480 - Statically check for overly large syscall arguments. r=gcp 
See the previous patch for an explanation of the mistake that this is
meant to catch.

Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument.  The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.

Therefore, this patch rejects any argument types larger than a word.

MozReview-Commit-ID: FVhpri4zcWk

--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
 2017-10-27 19:51:26 -06:00
Jed Davis 6d4b2907e1 Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp 
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.

MozReview-Commit-ID: 5ldv6WbL2Z3

--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
 2017-10-27 20:51:25 -06:00
Sebastian Hengst 1133016f04 Backed out 6 changesets (bug 1386404) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE 
Backed out changeset c80acdea24c1 (bug 1386404)
Backed out changeset 6224ffae752a (bug 1386404)
Backed out changeset 9eba087cf64a (bug 1386404)
Backed out changeset eac6eb517096 (bug 1386404)
Backed out changeset 802a00ea50e7 (bug 1386404)
Backed out changeset d7f697bac6ef (bug 1386404)
 2017-11-03 20:28:00 +01:00
Gian-Carlo Pascutto 859dfba3ed Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik 
MozReview-Commit-ID: HI68lvyJIPQ

--HG--
extra : rebase_source : 95804e003ae2cde2b4baa1f5d1bba43d2d0830b5
 2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto 9dd0bca893 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : b7fe3ad6317fafa382a2ad38c7d9d5338aeafc9b
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto 12fb914457 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : 821381f48b822415ae3d477341071099e7c1db54
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto 88fc2f8563 Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 38bd2a2ffc593bf94b3c16f0c755d169d5998f7f
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto fff36a228d Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : 083bf3d52e228ce953d31ef997f969a0e4a562ec
 2017-10-12 11:18:25 +02:00
Haik Aftandilian a6836496b3 Bug 1403260 - [Mac] Remove access to print server from content process sandbox. r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 8a6859d411b332aca404bb6a78b91cdae6b498c0
 2017-10-30 11:14:08 -07:00
Sebastian Hengst 6979ea37b4 merge mozilla-central to autoland. r=merge a=merge 2017-10-30 23:58:16 +01:00
Bob Owen e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Jed Davis 6557099666 Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: ARc7EpfN73o

--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
 2017-10-27 18:05:53 -06:00
Jed Davis ee247f0d5f Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
 2017-10-27 19:32:37 -06:00
Jed Davis 27d4543313 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
 2017-10-25 12:43:13 -06:00
Sebastian Hengst d67d120cc4 Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE 
Backed out changeset 36556e1a5ac7 (bug 1386404)
Backed out changeset b136f90dc49f (bug 1386404)
Backed out changeset 4600c2d575f9 (bug 1386404)
Backed out changeset c2c40e4d9815 (bug 1386404)
 2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto 3d94d8e8e1 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto 577b3a7731 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto 6a66615d8d Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto 802f1b9395 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
 2017-10-12 11:18:25 +02:00
Attila Craciun 21363323fd Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout. 
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
 2017-10-27 16:15:47 +03:00
Jed Davis 76b1bdf7de Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp 
MozReview-Commit-ID: nKyIvMNQAt

--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
 2017-10-25 13:35:47 -06:00
Jed Davis 5f10d1f416 Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
 2017-10-25 13:08:26 -06:00
Jed Davis fce1017953 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
 2017-10-25 12:43:13 -06:00
Jed Davis 160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00
Jed Davis b8aa6b6de9 Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp 
MozReview-Commit-ID: LAgORUSvDh9

--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
 2017-10-25 17:58:22 -06:00
Jed Davis aa4363afaa Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp 
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.

MozReview-Commit-ID: 6jAM65V32vK

--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
 2017-10-25 11:04:34 -06:00
Phil Ringnalda a173b09db6 Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests 
MozReview-Commit-ID: IZNT5Jh8nzB
 2017-10-25 23:00:17 -07:00
Haik Aftandilian 362316451f Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
 2017-10-22 23:02:58 -07:00
Jed Davis 9bac6e88bd Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp 
MozReview-Commit-ID: BDBTwlT82mf

--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
 2017-07-24 17:33:07 -06:00
Haik Aftandilian 90adeb05d8 Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor 
MozReview-Commit-ID: 5UaqiHBKd90

--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
 2017-10-12 18:29:42 -07:00
Sebastian Hengst 32f7c8fec3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 1h3kZyrtqSt
 2017-10-17 11:45:16 +02:00
Matthew Gregan 28e8f43756 Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld 
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
 2017-10-16 14:54:46 +13:00