Add the crash reporter port to the utility process sandbox so that crash reports can be saved for processes using the utility sandbox with early sandbox init.
At this time, the RDD process is the only process using the utility sandbox.
Differential Revision: https://phabricator.services.mozilla.com/D26228
--HG--
extra : moz-landing-system : lando
The Set* functions of nsICertStorage (SetRevocationByIssuerAndSerial,
SetRevocationBySubjectAndPubKey, SetEnrollment, and SetWhitelist) are called on
the main thread by the implementations that manage consuming remote security
information. We don't want to block the main thread, so this patch modifies
these functions to take a callback that will be called (on the original thread)
when the operation in question has been completed on a background thread.
The Get* functions of nsICertStorage (GetRevocationState, GetEnrollmentState,
and GetWhitelistState) should only be called off the main thread. For the most
part they are, but there are at least two main-thread certificate verifications
that can cause these functions to be called on the main thread. These instances
are in nsSiteSecurityService::ProcessPKPHeader and
ContentSignatureVerifier::CreateContextInternal and will be dealt with in
bug 1406854 bug 1534600, respectively.
Differential Revision: https://phabricator.services.mozilla.com/D25174
--HG--
extra : moz-landing-system : lando
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process
Differential Revision: https://phabricator.services.mozilla.com/D23330
--HG--
extra : moz-landing-system : lando
The new rkv-based cert_storage database caused a Heap Unclassified regression because of memory that LMDB reserves when opening a database in read-write mode. Since cert_storage usage is read-heavy, this change claws back that regression by opening it in read-only mode except when changes are being made.
Differential Revision: https://phabricator.services.mozilla.com/D25098
--HG--
extra : moz-landing-system : lando
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
1. Enable the security.webauth.u2f by default, to ride the trains
2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Differential Revision: https://phabricator.services.mozilla.com/D25241
--HG--
extra : moz-landing-system : lando
When the RDD process sandbox is started at launch, assert the sandbox has been enabled in the Init message.
Change AssertMacSandboxEnabled() to use the undocumented sandbox_check() function instead of sandbox_init().
Differential Revision: https://phabricator.services.mozilla.com/D22414
--HG--
extra : moz-landing-system : lando
Move sandbox early start logic to GeckoChildProcessHost.
Move sandbox CLI param logic into MacSandboxInfo.
Differential Revision: https://phabricator.services.mozilla.com/D22409
--HG--
extra : moz-landing-system : lando
Remove the unused plugin binary path and app binary path parameters and cleanup file path permissions.
Explicitly allow access to launchservicesd to allow SetProcessName() to work when the sandbox is started during startup.
Differential Revision: https://phabricator.services.mozilla.com/D22408
--HG--
extra : moz-landing-system : lando
Move sandbox policies for different process types into their own files.
Create a new "utility" policy cloned from the GMP policy to be used for basic utility-type processes.
Use the utility policy for the RDD process.
Differential Revision: https://phabricator.services.mozilla.com/D22405
--HG--
extra : moz-landing-system : lando
After initialization (which happens on the main thread because we need to access
preferences), cert_storage will first be used on a certificate verification
thread. We can use this to avoid main-thread I/O by lazily opening the DB when
it first gets used rather than at initialization.
Differential Revision: https://phabricator.services.mozilla.com/D24998
--HG--
extra : moz-landing-system : lando
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).
Differential Revision: https://phabricator.services.mozilla.com/D24384
--HG--
extra : moz-landing-system : lando
Removed all occurences of ondialogaccept.
Removed all occurences of ondialogcancel.
Replaced all removed attributes with event handlers.
Differential Revision: https://phabricator.services.mozilla.com/D21227
--HG--
extra : moz-landing-system : lando
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process
Differential Revision: https://phabricator.services.mozilla.com/D23330
--HG--
extra : moz-landing-system : lando
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).
Differential Revision: https://phabricator.services.mozilla.com/D24384
--HG--
extra : moz-landing-system : lando
Added files to UNIFIED_SOURCES and removed conflicts. Files that required flags still remain in SOURCES. SOURCES use "StrictOrderingOnAppendListWithFlagsFactory" base class and UNIFIED_SOURCES use "StrictOrderingOnAppendList" base class. As of now I do not think there is an option to add flags for the later. So the files requiring flags are kept in SOURCES.
Differential Revision: https://phabricator.services.mozilla.com/D23795
--HG--
extra : moz-landing-system : lando
cert_storage migrates revocations.txt via one transaction per entry, which can be expensive. This change uses a single transaction to migrate all entries.
Differential Revision: https://phabricator.services.mozilla.com/D24579
--HG--
extra : moz-landing-system : lando
The definitions can't be entirely removed yet because NSS still needs them.
Differential Revision: https://phabricator.services.mozilla.com/D23454
--HG--
extra : moz-landing-system : lando
This allows us to drop preprocessing and makes it simpler to add edit menu functionality to any type of document.
Differential Revision: https://phabricator.services.mozilla.com/D21446
--HG--
extra : moz-landing-system : lando
If nsSecureBrowserUIImpl::GetState is never called, it never checks for mixed
content (this can happen when loading a page from the BF cache). To ensure that
we properly set the security state (via OnLocationChange -> OnSecurityChange),
nsSecureBrowserUIImpl must check for mixed content more proactively.
Differential Revision: https://phabricator.services.mozilla.com/D23945
--HG--
extra : moz-landing-system : lando
This patch also base64-decodes the API inputs before storing in the DB in
anticipation of being able to pass binary data directly (bug 1535752).
Differential Revision: https://phabricator.services.mozilla.com/D23430
--HG--
extra : moz-landing-system : lando