Jed Davis
dd6575be07
Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
...
--HG--
extra : rebase_source : 4737cfd613c1ddee8e1a4340e819eddc151e73f7
extra : histedit_source : 2d2610a775a3ae986157f61ef3797f4e88baa922
2014-07-02 11:28:48 -07:00
Wes Kocher
f174cd042e
Backed out 3 changesets (bug 956961) for non-unified build bustage
...
Backed out changeset f1be89cb58b9 (bug 956961)
Backed out changeset 272b01e4f856 (bug 956961)
Backed out changeset 56907af18c66 (bug 956961)
2014-07-02 15:03:29 -07:00
Jed Davis
49f614d6ca
Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
...
--HG--
extra : amend_source : 66f2453794e6a8a581e1564e786cfc8cac1f6bbd
2014-07-02 11:28:48 -07:00
Jed Davis
d1a5790ae4
Bug 1014299 - Add times() to seccomp whitelist. r=kang
...
This system call seems to be used by some versions of the Qualcomm Adreno
graphics drivers when we run WebGL apps.
2014-06-02 14:52:00 +02:00
Bob Owen
2c9a59f64a
Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz
2014-05-14 16:09:31 +01:00
Jed Davis
c7dae997a6
Bug 920372 - Fix socketcall whitelisting on i386. r=kang
2014-05-20 18:38:14 -07:00
Jed Davis
1523066770
Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
2014-05-20 18:38:06 -07:00
Jed Davis
3a308504da
Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
2014-05-20 18:37:53 -07:00
Jed Davis
3b103d307f
Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang
...
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h
Updated:
* base/basictypes.h
* base/macros.h
At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require. However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
2014-05-20 18:37:45 -07:00
Jed Davis
52cd05523d
Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang
2014-05-02 16:57:00 +02:00
Jed Davis
a52d5f0783
Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang
2014-04-17 16:23:23 -04:00
Jed Davis
738f39b679
Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang
2014-04-11 13:09:00 +02:00
Boris Zbarsky
46967823f5
Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE
2014-04-12 00:38:06 -04:00
Jed Davis
f8ce2f4279
Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang
2014-04-09 15:23:00 +02:00
Bob Owen
f5a4bd97f2
Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz
2014-04-08 16:25:18 +01:00
Jed Davis
ddc591c878
Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang
...
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
2014-03-28 17:58:26 -07:00
Makoto Kato
c0da567b5b
Bug 987888 - --enable-content-sandbox breaks 64-bit builds. r=dkeeler,r=mshal
2014-03-28 13:59:16 +09:00
Jed Davis
b939b580cf
Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang
2014-03-20 10:19:42 -04:00
Jed Davis
d06bc434b1
Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang
2014-03-20 10:19:42 -04:00
Jed Davis
893f056ba5
Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang
...
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
2014-03-20 10:19:42 -04:00
Jed Davis
a8a37995ce
Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang
2014-03-20 09:27:28 -04:00
Phil Ringnalda
8c19bde08b
Merge m-c to m-i
2014-03-15 12:32:04 -07:00
Kyle Huey
510a49016d
Bug 967364: Rename already_AddRefed::get to take. r=bsmedberg
2014-03-15 12:00:15 -07:00
Guillaume Destuynder
fc8cf73ff1
Bug 983518: Fix running B2G-1.4 on KitKat by whitelisting sigalstack in the sandbox. r=kang r=jld
2014-03-14 18:54:20 -07:00
Vicamo Yang
3bcd1c9eb8
Bug 944625 - B2G Emulator-x86: fix undeclared __NR_sendto, __NR_recvfrom. r=jld,kang
2014-03-13 13:44:43 +09:00
Jed Davis
f8d175ce14
Bug 977859 - Drop uid 0 in all content processes immediately after fork. r=bent r=kang
...
Now all regular child processes, including preallocated, are deprivileged.
Only Nuwa needs uid 0, because each of its children has a different uid/gid.
2014-03-12 15:48:15 -07:00
Jed Davis
685530a9a5
Bug 979686 - Fix the non-(ARM|x86|x86_64) desktop build. r=kang
2014-03-06 12:23:06 -08:00
Brian R. Bondy
6be742312e
Bug 941110 - Make the Windows sandbox code compile without the Win8 SDK. r=jimm
2014-03-06 12:53:24 -05:00
Jed Davis
cfaafc654d
Bug 946407 - Disable sandbox when DMDing. r=njn r=kang
...
See also bug 956961.
2014-03-04 18:27:14 -08:00
Ehsan Akhgari
bf09c6f469
Bug 976896 - Port STL_FLAGS to moz.build; r=mshal
2014-03-04 19:39:06 -05:00
Ryan VanderMeulen
b00f0ba8d9
Merge m-c to inbound.
2014-02-28 10:15:57 -05:00
Jed Davis
b8c81fc6e2
Bug 970676 - Turn on sandboxing on all relevant threads. r=dhylands r=bent f=kang
2014-02-27 13:18:01 -08:00
Ehsan Akhgari
87db9c0f0f
Bug 976898 - Move the sdkdecls.h force-include out of the build system; r=bbondy,glandium
2014-02-28 08:17:22 -05:00
Jed Davis
1467d9b632
Bug 971128 - Add sched_yield to seccomp whitelist. r=kang
2014-02-22 18:58:59 -08:00
Jed Davis
3027739852
Bug 970562 - Add sched_getscheduler to seccomp whitelist. r=kang
2014-02-22 18:58:59 -08:00
Brian R. Bondy
7563d524e8
Bug 974979 - Browser crashes after trying to restart a crashed e10s process. r=aklotz
2014-02-20 12:58:04 -05:00
Brian R. Bondy
842125950f
Bug 928061 - Enable separate Desktop in Windows sandbox policy. r=aklotz
2014-02-20 12:37:22 -05:00
Jed Davis
6549f56f18
Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang
...
This is a workaround for issues with the SCTP code (bug 969715) and
NSPR's IPv6 support (bug 936320).
2014-02-20 09:35:44 -05:00
Jed Davis
bd5a8731fc
Bug 966547 - Switch sipcc from named to anonymous sockets on Unix. r=jesup, r=kang
2014-02-20 09:35:26 -05:00
Jed Davis
cbefd9bed0
Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang
2014-02-19 15:55:42 -05:00
Ehsan Akhgari
c79e8f4c6e
Bug 973405 - Move some misc LOCAL_INCLUDES to moz.build; r=glandium
2014-02-18 08:49:12 -05:00
Ms2ger
6e066deaea
Bug 968856 - Move unconditional LOCAL_INCLUDES into moz.build; r=mshal
2014-02-15 21:24:59 +01:00
Brian R. Bondy
c4e16b9b50
Bug 969559 - Set delayed restricted integrity in child process to block off pipe and file access after LowerToken call. r=aklotz
2014-02-14 11:07:16 -05:00
Wes Kocher
ee5da0ab00
Merge m-c to inbound on a CLOSED TREE
2014-02-13 18:50:08 -08:00
Jed Davis
5ea5299c58
Bug 971370 - Fix seccomp whitelist errors caused by strace bug. r=kang
2014-02-13 09:47:16 -05:00
Guillaume Destuynder
cb244dcc84
bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld
2014-02-13 16:26:28 -08:00
Jed Davis
ebe6274bbf
Bug 945504 - Include JS stack in sandbox reporter logs. r=kang
2014-02-07 10:46:38 -05:00
Eric Rahm
c1dd0bb669
Bug 969126 - Fix sandbox build for b2g on OS X. r=kang
2014-02-06 16:11:53 -08:00
Jed Davis
230a08b7ab
Bug 945498 - Use breakpad to report seccomp violations as crashes. r=ted, r=kang
...
Upstream issue for breakpad patch: https://breakpad.appspot.com/1114003/
2014-02-05 13:29:51 -05:00
Brian R. Bondy
17c805b60e
Bug 961757 - Add the ability to include shim first for a buildable sandbox on Windows. r=glandium
...
--HG--
rename : security/sandbox/base/at_exit.cc => security/sandbox/chromium/base/at_exit.cc
rename : security/sandbox/base/at_exit.h => security/sandbox/chromium/base/at_exit.h
rename : security/sandbox/base/atomic_ref_count.h => security/sandbox/chromium/base/atomic_ref_count.h
rename : security/sandbox/base/atomic_sequence_num.h => security/sandbox/chromium/base/atomic_sequence_num.h
rename : security/sandbox/base/atomicops.h => security/sandbox/chromium/base/atomicops.h
rename : security/sandbox/base/atomicops_internals_tsan.h => security/sandbox/chromium/base/atomicops_internals_tsan.h
rename : security/sandbox/base/atomicops_internals_x86_gcc.h => security/sandbox/chromium/base/atomicops_internals_x86_gcc.h
rename : security/sandbox/base/atomicops_internals_x86_msvc.h => security/sandbox/chromium/base/atomicops_internals_x86_msvc.h
rename : security/sandbox/base/base_export.h => security/sandbox/chromium/base/base_export.h
rename : security/sandbox/base/base_paths.cc => security/sandbox/chromium/base/base_paths.cc
rename : security/sandbox/base/base_paths.h => security/sandbox/chromium/base/base_paths.h
rename : security/sandbox/base/base_paths_win.cc => security/sandbox/chromium/base/base_paths_win.cc
rename : security/sandbox/base/base_paths_win.h => security/sandbox/chromium/base/base_paths_win.h
rename : security/sandbox/base/base_switches.cc => security/sandbox/chromium/base/base_switches.cc
rename : security/sandbox/base/base_switches.h => security/sandbox/chromium/base/base_switches.h
rename : security/sandbox/base/basictypes.h => security/sandbox/chromium/base/basictypes.h
rename : security/sandbox/base/bind.h => security/sandbox/chromium/base/bind.h
rename : security/sandbox/base/bind_helpers.h => security/sandbox/chromium/base/bind_helpers.h
rename : security/sandbox/base/bind_internal.h => security/sandbox/chromium/base/bind_internal.h
rename : security/sandbox/base/bind_internal_win.h => security/sandbox/chromium/base/bind_internal_win.h
rename : security/sandbox/base/callback.h => security/sandbox/chromium/base/callback.h
rename : security/sandbox/base/callback_forward.h => security/sandbox/chromium/base/callback_forward.h
rename : security/sandbox/base/callback_internal.cc => security/sandbox/chromium/base/callback_internal.cc
rename : security/sandbox/base/callback_internal.h => security/sandbox/chromium/base/callback_internal.h
rename : security/sandbox/base/command_line.cc => security/sandbox/chromium/base/command_line.cc
rename : security/sandbox/base/command_line.h => security/sandbox/chromium/base/command_line.h
rename : security/sandbox/base/compiler_specific.h => security/sandbox/chromium/base/compiler_specific.h
rename : security/sandbox/base/containers/hash_tables.h => security/sandbox/chromium/base/containers/hash_tables.h
rename : security/sandbox/base/cpu.cc => security/sandbox/chromium/base/cpu.cc
rename : security/sandbox/base/cpu.h => security/sandbox/chromium/base/cpu.h
rename : security/sandbox/base/critical_closure.h => security/sandbox/chromium/base/critical_closure.h
rename : security/sandbox/base/debug/alias.cc => security/sandbox/chromium/base/debug/alias.cc
rename : security/sandbox/base/debug/alias.h => security/sandbox/chromium/base/debug/alias.h
rename : security/sandbox/base/debug/debugger.h => security/sandbox/chromium/base/debug/debugger.h
rename : security/sandbox/base/debug/leak_annotations.h => security/sandbox/chromium/base/debug/leak_annotations.h
rename : security/sandbox/base/debug/profiler.cc => security/sandbox/chromium/base/debug/profiler.cc
rename : security/sandbox/base/debug/profiler.h => security/sandbox/chromium/base/debug/profiler.h
rename : security/sandbox/base/environment.h => security/sandbox/chromium/base/environment.h
rename : security/sandbox/base/file_descriptor_posix.h => security/sandbox/chromium/base/file_descriptor_posix.h
rename : security/sandbox/base/file_util.cc => security/sandbox/chromium/base/file_util.cc
rename : security/sandbox/base/file_util.h => security/sandbox/chromium/base/file_util.h
rename : security/sandbox/base/file_util_win.cc => security/sandbox/chromium/base/file_util_win.cc
rename : security/sandbox/base/file_version_info.h => security/sandbox/chromium/base/file_version_info.h
rename : security/sandbox/base/file_version_info_win.h => security/sandbox/chromium/base/file_version_info_win.h
rename : security/sandbox/base/files/file_path.h => security/sandbox/chromium/base/files/file_path.h
rename : security/sandbox/base/float_util.h => security/sandbox/chromium/base/float_util.h
rename : security/sandbox/base/format_macros.h => security/sandbox/chromium/base/format_macros.h
rename : security/sandbox/base/guid.h => security/sandbox/chromium/base/guid.h
rename : security/sandbox/base/lazy_instance.cc => security/sandbox/chromium/base/lazy_instance.cc
rename : security/sandbox/base/lazy_instance.h => security/sandbox/chromium/base/lazy_instance.h
rename : security/sandbox/base/location.cc => security/sandbox/chromium/base/location.cc
rename : security/sandbox/base/location.h => security/sandbox/chromium/base/location.h
rename : security/sandbox/base/logging.cc => security/sandbox/chromium/base/logging.cc
rename : security/sandbox/base/logging.h => security/sandbox/chromium/base/logging.h
rename : security/sandbox/base/logging_win.cc => security/sandbox/chromium/base/logging_win.cc
rename : security/sandbox/base/logging_win.h => security/sandbox/chromium/base/logging_win.h
rename : security/sandbox/base/memory/aligned_memory.h => security/sandbox/chromium/base/memory/aligned_memory.h
rename : security/sandbox/base/memory/raw_scoped_refptr_mismatch_checker.h => security/sandbox/chromium/base/memory/raw_scoped_refptr_mismatch_checker.h
rename : security/sandbox/base/memory/ref_counted.cc => security/sandbox/chromium/base/memory/ref_counted.cc
rename : security/sandbox/base/memory/ref_counted.h => security/sandbox/chromium/base/memory/ref_counted.h
rename : security/sandbox/base/memory/scoped_ptr.h => security/sandbox/chromium/base/memory/scoped_ptr.h
rename : security/sandbox/base/memory/singleton.cc => security/sandbox/chromium/base/memory/singleton.cc
rename : security/sandbox/base/memory/singleton.h => security/sandbox/chromium/base/memory/singleton.h
rename : security/sandbox/base/memory/weak_ptr.h => security/sandbox/chromium/base/memory/weak_ptr.h
rename : security/sandbox/base/move.h => security/sandbox/chromium/base/move.h
rename : security/sandbox/base/observer_list.h => security/sandbox/chromium/base/observer_list.h
rename : security/sandbox/base/observer_list_threadsafe.h => security/sandbox/chromium/base/observer_list_threadsafe.h
rename : security/sandbox/base/os_compat_nacl.h => security/sandbox/chromium/base/os_compat_nacl.h
rename : security/sandbox/base/path_service.cc => security/sandbox/chromium/base/path_service.cc
rename : security/sandbox/base/path_service.h => security/sandbox/chromium/base/path_service.h
rename : security/sandbox/base/pending_task.h => security/sandbox/chromium/base/pending_task.h
rename : security/sandbox/base/platform_file.cc => security/sandbox/chromium/base/platform_file.cc
rename : security/sandbox/base/platform_file.h => security/sandbox/chromium/base/platform_file.h
rename : security/sandbox/base/port.h => security/sandbox/chromium/base/port.h
rename : security/sandbox/base/process/process_handle.h => security/sandbox/chromium/base/process/process_handle.h
rename : security/sandbox/base/profiler/alternate_timer.h => security/sandbox/chromium/base/profiler/alternate_timer.h
rename : security/sandbox/base/profiler/tracked_time.h => security/sandbox/chromium/base/profiler/tracked_time.h
rename : security/sandbox/base/rand_util.h => security/sandbox/chromium/base/rand_util.h
rename : security/sandbox/base/run_loop.h => security/sandbox/chromium/base/run_loop.h
rename : security/sandbox/base/scoped_clear_errno.h => security/sandbox/chromium/base/scoped_clear_errno.h
rename : security/sandbox/base/sequence_checker.h => security/sandbox/chromium/base/sequence_checker.h
rename : security/sandbox/base/sequence_checker_impl.h => security/sandbox/chromium/base/sequence_checker_impl.h
rename : security/sandbox/base/sequenced_task_runner.h => security/sandbox/chromium/base/sequenced_task_runner.h
rename : security/sandbox/base/sequenced_task_runner_helpers.h => security/sandbox/chromium/base/sequenced_task_runner_helpers.h
rename : security/sandbox/base/shim/base/gtest_prod_util.h => security/sandbox/chromium/base/shim/base/gtest_prod_util.h
rename : security/sandbox/base/shim/base/logging.cpp => security/sandbox/chromium/base/shim/base/logging.cpp
rename : security/sandbox/base/shim/base/strings/string_piece.h => security/sandbox/chromium/base/shim/base/strings/string_piece.h
rename : security/sandbox/base/shim/base/third_party/nspr/prtime.h => security/sandbox/chromium/base/shim/base/third_party/nspr/prtime.h
rename : security/sandbox/base/shim/base/third_party/nspr/prtypes.h => security/sandbox/chromium/base/shim/base/third_party/nspr/prtypes.h
rename : security/sandbox/base/shim/base/tracked_objects.h => security/sandbox/chromium/base/shim/base/tracked_objects.h
rename : security/sandbox/base/shim/sdkdecls.h => security/sandbox/chromium/base/shim/sdkdecls.h
rename : security/sandbox/base/single_thread_task_runner.h => security/sandbox/chromium/base/single_thread_task_runner.h
rename : security/sandbox/base/stl_util.h => security/sandbox/chromium/base/stl_util.h
rename : security/sandbox/base/strings/nullable_string16.cc => security/sandbox/chromium/base/strings/nullable_string16.cc
rename : security/sandbox/base/strings/nullable_string16.h => security/sandbox/chromium/base/strings/nullable_string16.h
rename : security/sandbox/base/strings/string16.h => security/sandbox/chromium/base/strings/string16.h
rename : security/sandbox/base/strings/string_number_conversions.cc => security/sandbox/chromium/base/strings/string_number_conversions.cc
rename : security/sandbox/base/strings/string_number_conversions.h => security/sandbox/chromium/base/strings/string_number_conversions.h
rename : security/sandbox/base/strings/string_piece.cc => security/sandbox/chromium/base/strings/string_piece.cc
rename : security/sandbox/base/strings/string_piece.h => security/sandbox/chromium/base/strings/string_piece.h
rename : security/sandbox/base/strings/string_util.h => security/sandbox/chromium/base/strings/string_util.h
rename : security/sandbox/base/strings/string_util_constants.cc => security/sandbox/chromium/base/strings/string_util_constants.cc
rename : security/sandbox/base/strings/string_util_stripped.cc => security/sandbox/chromium/base/strings/string_util_stripped.cc
rename : security/sandbox/base/strings/string_util_win.h => security/sandbox/chromium/base/strings/string_util_win.h
rename : security/sandbox/base/strings/stringprintf.cc => security/sandbox/chromium/base/strings/stringprintf.cc
rename : security/sandbox/base/strings/stringprintf.h => security/sandbox/chromium/base/strings/stringprintf.h
rename : security/sandbox/base/strings/utf_string_conversion_utils.cc => security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc
rename : security/sandbox/base/strings/utf_string_conversion_utils.h => security/sandbox/chromium/base/strings/utf_string_conversion_utils.h
rename : security/sandbox/base/strings/utf_string_conversions.cc => security/sandbox/chromium/base/strings/utf_string_conversions.cc
rename : security/sandbox/base/strings/utf_string_conversions.h => security/sandbox/chromium/base/strings/utf_string_conversions.h
rename : security/sandbox/base/synchronization/lock.cc => security/sandbox/chromium/base/synchronization/lock.cc
rename : security/sandbox/base/synchronization/lock.h => security/sandbox/chromium/base/synchronization/lock.h
rename : security/sandbox/base/synchronization/lock_impl.h => security/sandbox/chromium/base/synchronization/lock_impl.h
rename : security/sandbox/base/synchronization/lock_impl_win.cc => security/sandbox/chromium/base/synchronization/lock_impl_win.cc
rename : security/sandbox/base/sys_info.h => security/sandbox/chromium/base/sys_info.h
rename : security/sandbox/base/task_runner.h => security/sandbox/chromium/base/task_runner.h
rename : security/sandbox/base/template_util.h => security/sandbox/chromium/base/template_util.h
rename : security/sandbox/base/third_party/dmg_fp/LICENSE => security/sandbox/chromium/base/third_party/dmg_fp/LICENSE
rename : security/sandbox/base/third_party/dmg_fp/dmg_fp.h => security/sandbox/chromium/base/third_party/dmg_fp/dmg_fp.h
rename : security/sandbox/base/third_party/dmg_fp/dtoa.cc => security/sandbox/chromium/base/third_party/dmg_fp/dtoa.cc
rename : security/sandbox/base/third_party/dmg_fp/g_fmt.cc => security/sandbox/chromium/base/third_party/dmg_fp/g_fmt.cc
rename : security/sandbox/base/third_party/dynamic_annotations/LICENSE => security/sandbox/chromium/base/third_party/dynamic_annotations/LICENSE
rename : security/sandbox/base/third_party/dynamic_annotations/dynamic_annotations.h => security/sandbox/chromium/base/third_party/dynamic_annotations/dynamic_annotations.h
rename : security/sandbox/base/third_party/icu/LICENSE => security/sandbox/chromium/base/third_party/icu/LICENSE
rename : security/sandbox/base/third_party/icu/icu_utf.cc => security/sandbox/chromium/base/third_party/icu/icu_utf.cc
rename : security/sandbox/base/third_party/icu/icu_utf.h => security/sandbox/chromium/base/third_party/icu/icu_utf.h
rename : security/sandbox/base/thread_task_runner_handle.h => security/sandbox/chromium/base/thread_task_runner_handle.h
rename : security/sandbox/base/threading/platform_thread.h => security/sandbox/chromium/base/threading/platform_thread.h
rename : security/sandbox/base/threading/platform_thread_win.cc => security/sandbox/chromium/base/threading/platform_thread_win.cc
rename : security/sandbox/base/threading/sequenced_worker_pool.h => security/sandbox/chromium/base/threading/sequenced_worker_pool.h
rename : security/sandbox/base/threading/thread_checker_impl.h => security/sandbox/chromium/base/threading/thread_checker_impl.h
rename : security/sandbox/base/threading/thread_collision_warner.cc => security/sandbox/chromium/base/threading/thread_collision_warner.cc
rename : security/sandbox/base/threading/thread_collision_warner.h => security/sandbox/chromium/base/threading/thread_collision_warner.h
rename : security/sandbox/base/threading/thread_id_name_manager.cc => security/sandbox/chromium/base/threading/thread_id_name_manager.cc
rename : security/sandbox/base/threading/thread_id_name_manager.h => security/sandbox/chromium/base/threading/thread_id_name_manager.h
rename : security/sandbox/base/threading/thread_local.h => security/sandbox/chromium/base/threading/thread_local.h
rename : security/sandbox/base/threading/thread_local_storage.h => security/sandbox/chromium/base/threading/thread_local_storage.h
rename : security/sandbox/base/threading/thread_local_win.cc => security/sandbox/chromium/base/threading/thread_local_win.cc
rename : security/sandbox/base/threading/thread_restrictions.cc => security/sandbox/chromium/base/threading/thread_restrictions.cc
rename : security/sandbox/base/threading/thread_restrictions.h => security/sandbox/chromium/base/threading/thread_restrictions.h
rename : security/sandbox/base/time/time.cc => security/sandbox/chromium/base/time/time.cc
rename : security/sandbox/base/time/time.h => security/sandbox/chromium/base/time/time.h
rename : security/sandbox/base/time/time_win.cc => security/sandbox/chromium/base/time/time_win.cc
rename : security/sandbox/base/tracking_info.h => security/sandbox/chromium/base/tracking_info.h
rename : security/sandbox/base/tuple.h => security/sandbox/chromium/base/tuple.h
rename : security/sandbox/base/values.h => security/sandbox/chromium/base/values.h
rename : security/sandbox/base/version.h => security/sandbox/chromium/base/version.h
rename : security/sandbox/base/win/event_trace_provider.cc => security/sandbox/chromium/base/win/event_trace_provider.cc
rename : security/sandbox/base/win/event_trace_provider.h => security/sandbox/chromium/base/win/event_trace_provider.h
rename : security/sandbox/base/win/pe_image.cc => security/sandbox/chromium/base/win/pe_image.cc
rename : security/sandbox/base/win/pe_image.h => security/sandbox/chromium/base/win/pe_image.h
rename : security/sandbox/base/win/registry.cc => security/sandbox/chromium/base/win/registry.cc
rename : security/sandbox/base/win/registry.h => security/sandbox/chromium/base/win/registry.h
rename : security/sandbox/base/win/scoped_handle.cc => security/sandbox/chromium/base/win/scoped_handle.cc
rename : security/sandbox/base/win/scoped_handle.h => security/sandbox/chromium/base/win/scoped_handle.h
rename : security/sandbox/base/win/scoped_process_information.cc => security/sandbox/chromium/base/win/scoped_process_information.cc
rename : security/sandbox/base/win/scoped_process_information.h => security/sandbox/chromium/base/win/scoped_process_information.h
rename : security/sandbox/base/win/startup_information.cc => security/sandbox/chromium/base/win/startup_information.cc
rename : security/sandbox/base/win/startup_information.h => security/sandbox/chromium/base/win/startup_information.h
rename : security/sandbox/base/win/windows_version.cc => security/sandbox/chromium/base/win/windows_version.cc
rename : security/sandbox/base/win/windows_version.h => security/sandbox/chromium/base/win/windows_version.h
2014-01-28 15:19:22 -05:00
Jed Davis
bbc239ca00
Bug 964427 - Whitelist msync (asm.js cache) and sched_get_priority_m{in,ax} (webrtc). r=kang
2014-01-28 09:04:39 -05:00
Jed Davis
e233c87fdd
Bug 960365 - Whitelist uname for nsSystemInfo. r=kang
2014-01-21 15:48:00 -05:00
Jed Davis
81f5ace514
Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang
...
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.
Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
2014-01-10 08:22:58 -05:00
Ryan VanderMeulen
ca386608b9
Merge b2g-inbound to m-c.
2013-12-09 17:26:11 -05:00
Birunthan Mohanathas
759ab69b0a
Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo
...
--HG--
rename : mfbt/Util.h => mfbt/ArrayUtils.h
2013-12-08 21:52:54 -05:00
Vicamo Yang
02b63a0803
Bug 944625 - B2G Emulator-x86: fix undeclared __NR_socketpair, __NR_sendmsg. r=kang,jld
2013-12-09 21:02:54 +08:00
Jed Davis
d1ffa9058b
Bug 943774 - Allow sigaction when sandboxed, for the crash reporter. r=kang
2013-12-03 18:45:17 -05:00
Ms2ger
f56294acdb
Bug 937258 - Part a: Remove empty makefiles; r=gps
2013-11-28 15:25:40 +01:00
Mike Hommey
9245936f8b
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-27 22:55:07 +09:00
Mike Hommey
2b828323f2
Backout changeset 3fd4b546eed4 (bug 874266) and changeset a35d2e3a872f (bug 942043) for ASAN build bustage and Windows test bustage
...
--HG--
extra : amend_source : f20d09aeff1c8b5cbd0f1d24c7ce04e86f3aed1d
2013-11-28 14:24:05 +09:00
Mike Hommey
d210f8ff00
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-28 13:08:16 +09:00
Christoph Kerschbaumer
ad08ffe884
Bug 935111 - Enable seccomp-bpf for Linux. r=jld
2013-11-19 16:09:18 -08:00
Mike Hommey
a65383e1e9
Bug 939632 - Remove LIBRARY_NAME for leaf libraries. r=gps
...
Landing on a CLOSED TREE.
2013-11-19 11:50:54 +09:00
Mike Hommey
8ceb917350
Bug 939074 - Remove most LIBXUL_LIBRARY. rs=gps
2013-11-19 11:48:10 +09:00
Mike Hommey
b95448fc0b
Bug 914245 - Move FORCE_SHARED_LIB to moz.build. r=mshal
2013-11-19 11:47:45 +09:00
Mike Hommey
bb6779efe3
Bug 939044 - Remove most definitions of MODULE. r=mshal
2013-11-19 11:47:39 +09:00
Mike Hommey
d7b6f95761
Bug 935881 - Use FINAL_LIBRARY for all (fake) libraries that end up linked in a single other library. r=gps
2013-11-19 11:47:14 +09:00
Jed Davis
bdf5094b93
Bug 936163 - Fix profiling-specific sandbox whitelist for x86_64. r=kang
...
There is no sigaction, only rt_sigaction.
2013-11-08 13:30:05 -08:00
Jed Davis
7a807d7a56
Bug 936252 - Augment seccomp whitelist for b2g mochitests. r=kang
...
FormHistory invokes sqlite3, which calls fsync and geteuid.
A form test calls nsIFile's remove method, which uses lstat.
The crash reporter uses socketpair/sendmsg, to send a pipe back to the parent.
2013-11-11 09:11:43 -05:00
Jed Davis
5b0c9a29cf
Bug 936145 - Clean up architecture-specific parts of seccomp whitelist. r=kang
2013-11-08 15:31:20 -05:00
Brian R. Bondy
e6fe7374c3
Bug 935042 - Allow more than one process to be sandboxed from a single sandboxbroker. r=aklotz
2013-11-05 13:07:40 -05:00
Brian R. Bondy
2edaa77988
Bug 934445 - Fix Windows linking error in Release mode only when MOZ_CONTENT_SANDBOX is defined. r=aklotz
2013-11-04 15:35:03 -05:00
Brian R. Bondy
9b594b1851
Bug 925571 - Packaging for Sandboxing dll. r=bsmedberg
2013-10-30 16:58:56 -07:00
Brian R. Bondy
038d21bf1d
Bug 925571 - Initial Windows content process sandbox broker code. r=aklotz
2013-10-30 16:58:52 -07:00
Brian R. Bondy
b77c4127db
Bug 925571 - Build config for plugin_container windows sandboxing. r=bsmedberg
2013-10-30 16:58:45 -07:00
Brian R. Bondy
4d159c0649
Bug 922756 - Changes to import of Chromium sandbox so that it's buildable. r=aklotz
2013-10-28 14:54:46 -07:00
Brian R. Bondy
5763932590
Bug 922756 - Initial import of subset of Chromium sandbox. r=aklotz
2013-10-28 14:54:42 -07:00
Brian R. Bondy
f0bbd6b4f3
Bug 922756 - Build config for Chromium sandbox. r=bsmedberg
...
--HG--
rename : security/sandbox/LICENSE => security/sandbox/linux/LICENSE
rename : security/sandbox/Makefile.in => security/sandbox/linux/Makefile.in
rename : security/sandbox/Sandbox.cpp => security/sandbox/linux/Sandbox.cpp
rename : security/sandbox/Sandbox.h => security/sandbox/linux/Sandbox.h
rename : security/sandbox/android_arm_ucontext.h => security/sandbox/linux/android_arm_ucontext.h
rename : security/sandbox/android_i386_ucontext.h => security/sandbox/linux/android_i386_ucontext.h
rename : security/sandbox/android_ucontext.h => security/sandbox/linux/android_ucontext.h
rename : security/sandbox/arm_linux_syscalls.h => security/sandbox/linux/arm_linux_syscalls.h
rename : security/sandbox/linux_seccomp.h => security/sandbox/linux/linux_seccomp.h
rename : security/sandbox/linux_syscalls.h => security/sandbox/linux/linux_syscalls.h
rename : security/sandbox/moz.build => security/sandbox/linux/moz.build
rename : security/sandbox/seccomp_filter.h => security/sandbox/linux/seccomp_filter.h
rename : security/sandbox/x86_32_linux_syscalls.h => security/sandbox/linux/x86_32_linux_syscalls.h
rename : security/sandbox/x86_64_linux_syscalls.h => security/sandbox/linux/x86_64_linux_syscalls.h
2013-10-28 14:54:36 -07:00
Brian R. Bondy
66dccd9d5b
Bug 931429 - Fix PR_LOG compiling error for sandbox code on Linux. r=kang
2013-10-28 14:42:26 -07:00
Birunthan Mohanathas
5d748e0ca5
Bug 784739 - Switch from NULL to nullptr in security/; r=ehsan
2013-10-28 10:05:19 -04:00
Mike Hommey
1d566f7586
Bug 929905 - Consolidate sources in moz.build. r=gps
2013-10-25 08:23:05 +09:00
Brian O'Keefe
4c98f61956
Bug 928709 - Convert chromium-config.mk to mozbuild, r=mshal
2013-10-02 13:17:55 -04:00
Ms2ger
bfd2d90f89
Bug 908142 - Part b: Move FAIL_ON_WARNINGS to moz.build in security/sandbox/; r=gps
2013-10-20 09:25:19 +02:00
Jed Davis
fee032cd43
Bug 912822 - Enable sandbox logging on Android without setting NSPR_LOG_MODULES. r=kang
2013-10-06 15:15:50 -04:00
Jed Davis
f6ace5f553
Bug 919090 - Let content processes use sigaction and tgkill if profiling enabled. r=kang
2013-10-04 13:29:48 -04:00
Ms2ger
7ffcd856c2
Bug 900980 - Part a: Move unconditional assignments to EXPORT_LIBRARY to moz.build; rs=gps
2013-10-03 09:11:13 +02:00
David Keeler
10b7700647
bug 914716 - get seccomp-bpf sandboxing to compile on x86_64 r=kang
2013-09-25 11:14:34 -07:00
Vicamo Yang
e413395a3d
Bug 909658: B2G emulator-x86 has no __NR_{recv,msgget,semget}. r=kang
2013-09-11 00:23:35 +08:00
Jed Davis
d7d8d94afd
Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
...
Relatively harmless syscalls:
* dup, used by mozilla::ipc::Shmem
* getuid, for android::IPCThreadState, used in audio decode
* nanosleep, used by android::AudioTrack
Of potential concern:
* sched_setscheduler, used by audio threads in e.g. CubeVid
This might be restrictable somewhat by inspecting its arguments.
Of serious concern:
* unlink, as a workaround for bug 906996 (q.v.).
Note that we already allow open(), including for writing (temporary
files, /dev/genlock on qcom devices, probably more), so allowing unlink
won't make the situation much worse.
2013-09-06 09:13:59 -04:00
Mike Hommey
f1cf3b4238
Bug 912293 - Remove now redundant boilerplate from Makefile.in. r=gps
2013-09-05 09:01:46 +09:00
Brian O'Keefe
4f68eb9b02
Bug 875934 - Move LIBRARY_NAME to moz.build, batch 3; r=mshal
2013-08-15 09:02:09 -04:00
Jed Davis
845479d565
Bug 907002 - Add restart_syscall to seccomp whitelist. r=kang
2013-08-26 11:27:49 -04:00
Ms2ger
c3e345584c
Bug 883284 - Part f: Move LIBXUL_LIBRARY into moz.build (p-z); r=glandium
2013-08-22 08:56:01 +02:00
Guillaume Destuynder
100ce2c5f3
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=khuey, r=gerv, r=agal, r=dhylands, r=keeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00
Ms2ger
f9ca076cae
Backout changeset 9a57f0f347e3 for insufficient review.
2013-08-13 13:30:00 +02:00
Guillaume Destuynder
65326fc6cb
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=agal, r=dhylands, r=dkeeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00