Add separate entitlement lists for the parent process, plugin-container, and media-plugin-helper executables. Add a utility entitlement list to use for non-browser executables in developer builds to support debugging. For production codesigning versions, only allow loading of unsigned libraries by the media-plugin-helper executable. Limit most entitlements to the parent process executable.
A subsequent fix to taskcluster code will enable the new entitlements.
Other executables in the bundle will have no entitlements.
Differential Revision: https://phabricator.services.mozilla.com/D187245
Create a new utility-process type for the sole use of out-of-process
instantiation of the Windows file dialog.
We do not sandbox this process type, as in certain test environments
sandboxing has been found to prevent the child process from interacting
with any other windows on the desktop -- including the parent process
window which it will need to assign as the parent of the file dialog.
Technically, no functional changes, as this commit adds no uses of this
type. (That will come later in the patchset.)
Differential Revision: https://phabricator.services.mozilla.com/D180341
The original sources were compiled... three times. Get rid of the
chromium reference in this commit, i18n will come in a separate commit.
Differential Revision: https://phabricator.services.mozilla.com/D186948
Previously, the client authentication certificate selection dialog could show
up unexpectedly. Because it was modal, it would prevent user interaction with
the browser. It could even get in a state where the dialog couldn't be
interacted with, and neither could anything else, so the entire browser would
be locked and the user would have to quit and restart.
This patch associates a top-level outer content window ID (called "browserId"
in networking code) with each NSSSocketControl. When a peer asks for a client
authentication certificate, the NSSSocketControl can use the ID to find the
relevant tab and open a tab-modal dialog, which allows other browser UI to be
interacted with.
Some loads cannot be associated with browser tabs, and so the implementation
falls back to opening a window-modal dialog on the most recently active window.
This is still better than the previous implementation, since the dialog is
connected to a window rather than being its own separate dialog.
Differential Revision: https://phabricator.services.mozilla.com/D183775
Previously, the client authentication certificate selection dialog could show
up unexpectedly. Because it was modal, it would prevent user interaction with
the browser. It could even get in a state where the dialog couldn't be
interacted with, and neither could anything else, so the entire browser would
be locked and the user would have to quit and restart.
This patch associates a top-level outer content window ID (called "browserId"
in networking code) with each NSSSocketControl. When a peer asks for a client
authentication certificate, the NSSSocketControl can use the ID to find the
relevant tab and open a tab-modal dialog, which allows other browser UI to be
interacted with.
Some loads cannot be associated with browser tabs, and so the implementation
falls back to opening a window-modal dialog on the most recently active window.
This is still better than the previous implementation, since the dialog is
connected to a window rather than being its own separate dialog.
Differential Revision: https://phabricator.services.mozilla.com/D183775
ICU version 73 (bug 1824744) has [a change to call realpath][icu-2323]
rather than just readlink on `/etc/localtime`, meaning that it needs to
be able to readlink every directory involved in path resolution. In
particular, for a symlink into `/usr/share/zoneinfo`, this includes
`/usr`, which is blocked by the content sandbox policy.
Currently, the file broker requires `MAY_READ` permission to allow
readlink, so we grant that on `/usr` and `/nix` (there will be a
similar issue with symlinks to `/nix/store/...`). Note that this
applies only to those directories themselves, not files within them.
This also means that the process can open those directories for reading
(i.e., readdir), but that should be relatively low-impact compared to
the information that's already exposed.
[icu-2323]: https://github.com/unicode-org/icu/pull/2323
Differential Revision: https://phabricator.services.mozilla.com/D186584
This patch enables SIMD in Wasm sandboxed SoundTouch by using
simd-everywhere to map SSE intrinsics to WASMSIMD intrinsics and
compiling with -msimd128 flag.
Differential Revision: https://phabricator.services.mozilla.com/D183629
This patch enables SIMD in Wasm sandboxed SoundTouch by using
simd-everywhere to map SSE intrinsics to WASMSIMD intrinsics and
compiling with -msimd128 flag.
Depends on D183628
Differential Revision: https://phabricator.services.mozilla.com/D183629
ffxbld
Peter Van der Beken
Dana Keeler
Haik Aftandilian
Iulian Moraru
Ray Kraesig
Marco Bonardo
Masatoshi Kimura
Cosmin Sabou
Sandor Molnar
Mark Banner
Narcis Beleuzu
Molly Howell
John Schanck
Logan Rosen
Mike Hommey
serge-sans-paille
Joel Maher
Kershaw Chang
Norisz Fay
Jed Davis
Willy R. Vasquez