7857fa0a5e
merge mozilla-inbound to mozilla-central a=merge
2017-07-06 11:18:05 +02:00
84f7ba492b
Bug 1377614 - Part 1 - Move IsDevelopmentBuild() to common code. r=Alex_Gaynor
...
MozReview-Commit-ID: AcO0XaMS4Gp
--HG--
extra : rebase_source : ec40a94545fa78ce0210a0614db82b7bcb7e8a97
2017-07-03 11:17:04 -07:00
8b1992d948
Backed out changeset 9137ed21a66f (bug 1377614) for bustage: not finding mozilla/SandboxSettings.h at netwerk/protocol/res/ExtensionProtocolHandler.cpp:46. r=backout
2017-07-05 22:51:58 +02:00
2032eb5262
Bug 1377614 - Part 1 - Move IsDevelopmentBuild() to common code. r=Alex_Gaynor
...
MozReview-Commit-ID: AcO0XaMS4Gp
--HG--
extra : rebase_source : 2fa012f693ad7855c2c6e7b8399edf3c0e734299
2017-07-03 11:17:04 -07:00
53f0246cfd
Bug 1377164 - Improve the readability of the macOS plugin sandbox policy; r=haik
...
MozReview-Commit-ID: 9R8qT98ESQJ
--HG--
extra : rebase_source : 537f0dc3c46bee9b8e295689fbcbc8c63415c5d1
2017-06-29 10:53:04 -07:00
22cb9f77bb
Merge m-c to m-i
...
MozReview-Commit-ID: H6zGgEm7oOM
2017-07-04 20:32:07 -07:00
09971ac7d3
Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp
2017-06-27 17:57:00 +02:00
df076300b1
Bug 1376643 - Use 'nullptr' where applicable in security/sandbox/. r=gcp
2017-06-27 17:56:00 +02:00
b636380391
Bug 1374557 - Part 1 - Add the ability to specify a list of paths to whitelist read access to in the macOS content sandbox; r=haik
...
MozReview-Commit-ID: HXBkyR7Tts2
--HG--
extra : rebase_source : 6daf50a4d7a4ff2ff85dfac43891149353e813aa
2017-06-21 10:19:28 -04:00
bb1ea70f5f
Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik
...
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.
MozReview-Commit-ID: 6VqEoGsWSGH
--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
2017-04-18 15:57:54 -04:00
bfc45b98b9
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9XdoB5MuVz6
2017-07-05 17:17:41 -07:00
1eb1c9091d
Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm
2017-07-05 21:00:55 +01:00
7918eeee02
merge mozilla-inbound to mozilla-central a=merge
2017-06-28 13:23:29 +02:00
8e5d5bda0f
Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp
...
MozReview-Commit-ID: Gml8lR1Heu1
--HG--
extra : rebase_source : 6b466f887bd1802277a506295a9c6cc575196385
2017-06-27 14:52:25 -07:00
f2e7c8b77a
Bug 1374281. r=jld
...
MozReview-Commit-ID: Ko5m5i4Wkd6
--HG--
extra : rebase_source : 3076315ef3639a89f752addbb01d5d08a9c2db75
2017-06-19 20:07:38 +02:00
f115503a0b
Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
f1364a75ea
Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsSubstring --> nsAString
- nsCSubstring --> nsACString
--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
66f6d259bc
Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop.
2017-06-22 12:51:42 +02:00
1141573ee9
Bug 1374660 - Removed redundant declarations from macOS content sandbox policy; r=haik
...
MozReview-Commit-ID: Gw6AnH8r9sL
--HG--
extra : rebase_source : 62bb4dc335ab3f38a42543a488d07129a8d92a33
2017-06-20 10:27:18 -04:00
caa7e3c377
Bug 1368600: Add telemetry with the error code for when a Windows sandboxed child process fails to start. r=jimm, data-review=francois
2017-06-13 08:54:41 +01:00
b0a3a49ce8
Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld
...
Enables creating new libevent epoll queues on Linux
2017-06-13 01:54:20 -04:00
da2db41a9c
Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp
...
MozReview-Commit-ID: HCbavpMUxYm
--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
2017-06-07 16:33:11 -06:00
0403c42ccf
Bug 1371701 - Fixed sandboxing tests to reflect that we're enabling file content process for all channels r=bobowen
...
MozReview-Commit-ID: ICXZjEU2n6L
--HG--
extra : rebase_source : f28d5d61f6a0cdfecb2804239c407c730c4fd2ba
2017-06-09 11:24:07 -04:00
a3df44ccee
Bug 1323188: Don't use restricting SIDs in the sandbox access tokens when running from a network drive. r=jimm
2017-06-07 20:20:02 +01:00
039a1c2b5c
Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
...
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.
If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work. So we should avoid that.
MozReview-Commit-ID: 9xoBIhtu5cu
--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
2017-05-30 07:10:15 -06:00
e43d5d424f
Bug 1370540 - Extend the level 3 content sandbox filesystem read blacklist to include /Network and /Users; r=haik
...
MozReview-Commit-ID: 6RfS5aYRghK
--HG--
extra : rebase_source : c8d084d42dc2b37e4a0642e1a72bdd514a68d465
2017-06-06 10:48:06 -04:00
2a87f6e3c3
Bug 1369837: Add a void cast to silence clang Wcomma build warning, in sandbox's snapshot of chromium header. r=bobowen
...
The build warning is for "possible misuse of comma operator".
The comma operator is a bit of a footgun becasue its first operand's result
just gets dropped on the floor (in this case, the result of the DCHECK
expression). It appears that Chromium's use of the comma operator here is
intentional, though -- so we might as well accept clang's suggestion and "cast
expression to void to silence warning".
This is also filed upstream as:
https://bugs.chromium.org/p/chromium/issues/detail?id=729123
MozReview-Commit-ID: Al2xsYEo3p0
--HG--
extra : rebase_source : 68d01b50ff1f07b68ddc0eeb7280ac412ac92932
2017-06-02 12:45:01 -07:00
b129f08d7f
Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp
...
MozReview-Commit-ID: B4LmSGR6OEz
--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
2017-05-30 23:13:37 -06:00
d27dc0ba0b
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
2017-05-12 17:04:42 -04:00
fd03aa5bc8
Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
2017-05-31 21:34:13 +02:00
39f34ea898
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
2017-05-12 17:04:42 -04:00
1532472698
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
...
r?haik
MozReview-Commit-ID: HPW4luz5n0M
--HG--
extra : rebase_source : c224b56de4b705758e2ab7820af02a4ef41d4040
2017-05-30 13:52:57 -04:00
f6b03fa260
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
...
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
2017-04-11 20:55:34 -06:00
675bae8c8d
Bug 1364533 - Allow madvise huge page hints. r=gcp
...
MozReview-Commit-ID: 7sNWS2sFJCx
--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
2017-05-12 20:04:07 -06:00
e6bdfd5594
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
MozReview-Commit-ID: Jn6pCkLoGNM
--HG--
extra : source : 431267ab28deabef6ed7c791d8dff79e3fe590c1
2017-05-22 20:41:28 +01:00
035cf9bdc2
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
--HG--
extra : source : c3fb60fbc32660719c1b8b06dc785abd4559d6c0
2017-05-22 20:41:27 +01:00
848c9aa744
Backed out 3 changesets (bug 1339105) for plugin process leaks a=backout
...
Backed out changeset 431267ab28de (bug 1339105)
Backed out changeset 445875fbf13b (bug 1339105)
Backed out changeset c3fb60fbc326 (bug 1339105)
MozReview-Commit-ID: 4HYUQbHHnox
2017-05-22 15:14:23 -07:00
16a4871cdf
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 20:41:28 +01:00
edf3a239b1
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 20:41:27 +01:00
89e33081c6
Backed out changeset 50bf4c923818 (bug 1339105) for Windows bustage: calling protected constructor of class 'nsAString' at sandboxBroker.cpp(208,11). r=backout on a CLOSED TREE
2017-05-22 16:16:16 +02:00
2a69fd246c
Backed out changeset 367734cc9370 (bug 1339105)
2017-05-22 16:14:27 +02:00
62c455086d
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 14:29:06 +01:00
f24abd4ac3
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 14:29:06 +01:00
e4f38c8d7c
Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian
2017-05-15 21:49:50 +02:00
33b7e1fa87
Bug 1363179 - do not allow content processes to read from /Volumes on macOS r=haik
...
MozReview-Commit-ID: 8osJVQD3myh
--HG--
extra : rebase_source : 8cda32ca1bca80b796458d36099244a45af2f185
2017-05-12 16:18:57 -04:00
9a4c947617
Bug 1363729 - Fixed a small formatting regression in tests. r=haik
...
MozReview-Commit-ID: 7I6tKS6yoM7
--HG--
extra : rebase_source : 03a652024d30a57ad270338bc6e222281d0e7c78
2017-05-10 10:05:25 -04:00
fd32e8da4a
Bug 1359614 - Move the security/manager/.eslintrc.js to security/.eslintrc.js and fix the ESLint issues raised. r=standard8
...
MozReview-Commit-ID: AlfInBsIPnF
--HG--
rename : security/manager/.eslintrc.js => security/.eslintrc.js
extra : rebase_source : 4dfdd45a4f1e4d3e45e2ef353dd0bb343a3d1adb
2017-05-09 19:48:02 +05:30
445480436b
Bug 1361733 - In debug builds, do not allow content sandbox to write to all of /private/var r=haik
...
This permission was needed for the memory bloat logging, which is used for
leaktest, including logging intentionally crashing processes. Now we restrict
ourselves to only allowing writes to the location needed for this logging,
rather than all of /private/var.
MozReview-Commit-ID: 5AbJEZlDHNV
--HG--
extra : rebase_source : 26936b8d8bca53f2c37a195b5e7c69c151ec18d2
2017-05-02 11:07:10 -04:00
8c95154f41
Bug 1361304 - Remove /private/var read access from Mac level 3 content sandbox; r=Alex_Gaynor
...
Removes read access to /private/var and its subdirectories from
the content process under the level 3 Mac sandbox. Still permits
reading of file metadata within the majority of /private/var.
Adds tests to validate the level 3 Mac content sandbox prevents
reading from /private.
MozReview-Commit-ID: FO5dz0F7dl4
--HG--
extra : rebase_source : 226f8de6d4d88f188c272a3e119ed7b8bac292df
2017-05-05 10:48:52 -07:00
3c4e538953
Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp
...
MozReview-Commit-ID: 3M3T3bkx4nP
--HG--
extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4
2017-05-01 21:51:11 -06:00
Carsten "Tomcat" Book
Gian-Carlo Pascutto
Sebastian Hengst
Alex Gaynor
Phil Ringnalda
Jan Keromnes
Wes Kocher
Bob Owen
Jed Davis
Bill McCloskey
Nicholas Nethercote
Florian Quèze
Randell Jesup
Daniel Holbert
Christoph Kerschbaumer
Hemant Singh Patwal
Haik Aftandilian