David Major
68b0dee7c5
Bug 1149718: Fix wow_helper lib path for VS2015. r=glandium
2015-05-12 18:20:28 -04:00
Bob Owen
6bab3a7af4
Bug 1146874 Part 1: Check that Windows sandboxed process starts correctly. r=tabraldes
2015-05-11 08:24:39 +01:00
Bob Owen
46c30cdbd5
Bug 1158773: Use the same initial and delayed integrity level for Windows content sandbox level 0. r=tabraldes
2015-05-06 10:11:56 +01:00
Bob Owen
0693a1dc83
Bug 1150515: Set the subsystem to WINDOWS,5.02 for wow_helper so that it runs on WinXP 64-bit. r=glandium
2015-04-30 09:48:03 +01:00
Jed Davis
8f10995d7b
Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps
2015-04-24 17:36:08 -07:00
Steven Michaud
2bb57bcd7a
Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald
2015-04-22 14:56:09 -05:00
Ehsan Akhgari
d278570d19
Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel
...
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
2015-04-21 21:40:49 -04:00
André Reinald
12017521df
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
2015-04-21 11:17:16 +02:00
Jed Davis
bd4374a0cc
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
Jed Davis
a25b210578
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
Jed Davis
4bcdc2879f
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
Jed Davis
08099f9875
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
Bob Owen
72b3de6331
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
Steven Michaud
aa2d63ddad
Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld
2015-04-03 11:51:41 -05:00
Bob Owen
666e96adb9
Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce
2015-04-01 09:40:35 +01:00
Bob Owen
8e1e75d04b
Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce
2015-04-01 09:40:35 +01:00
Bob Owen
1eda62eb8d
Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz
2015-03-26 08:06:04 +00:00
Wes Kocher
0d9c0798af
Merge m-c to inbound a=merge CLOSED TREE
2015-03-23 16:51:22 -07:00
Edwin Flores
31eadf18b7
Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld
2015-03-24 10:56:49 +13:00
Edwin Flores
13fe1731fe
Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me
2015-03-24 10:53:10 +13:00
Jed Davis
0f3b12d8c5
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
2015-03-19 11:57:00 -04:00
Ehsan Akhgari
33bb32f549
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
Edwin Flores
7a76516d84
Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld
2015-03-24 09:55:36 +13:00
Bob Owen
9438a86ad1
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
2015-03-20 07:53:37 +00:00
Jed Davis
15de7894cc
Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
2015-03-18 15:30:00 +01:00
Jed Davis
d2a1fdfdb7
Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang
...
See bug, and comment at top of SandboxInfo.cpp, for rationale.
Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
2015-03-17 22:50:00 +01:00
Jed Davis
d0d9f194e4
Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
2015-03-13 13:47:56 -07:00
André Reinald
f3598cf103
Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud
...
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
2015-03-12 17:42:50 +01:00
Jed Davis
da39e0a7e8
Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
2015-03-13 13:01:28 +01:00
Jed Davis
64382897a9
Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
2015-03-11 12:39:00 +01:00
Bob Owen
4b39d1da28
Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld
2015-03-10 08:03:12 +00:00
Bob Owen
9a4eb936ac
Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes
2015-03-10 08:03:12 +00:00
Jed Davis
9e0d0967f3
Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused
...
Currently, only user namespace support is detected. This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.
Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
2015-03-06 13:59:00 -05:00
Jed Davis
c8b3a23fcc
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
2015-03-07 10:44:23 -05:00
André Reinald
29bb5c62b7
Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud
2015-02-27 16:55:35 +01:00
Jed Davis
232064fbf4
Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
2015-02-20 12:16:00 +01:00
André Reinald
7f6c61c6b3
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud
...
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
2015-02-21 13:06:34 +01:00
André Reinald
0f64952695
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud
...
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
2015-02-18 14:10:27 +01:00
Bob Owen
b56ef398b7
Bug 1132021 - Add a new sandbox level for Windows NPAPI to use USER_LIMITED access token level. r=bsmedberg, r=bbondy
2015-02-11 16:25:43 +00:00
Brian Smith
6361bff3d7
Bug 1102195 Part 4: Re-apply - Change a non-conforming usage of a const value type to a non-const value type, which VS2015 rightly rejects, r=bobowen
...
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/c827c112df81
2015-01-07 23:28:51 -08:00
Bob Owen
608de41dda
Bug 1102195 Part 3: Re-apply logging changes to the Chromium interception code. r=tabraldes
...
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/0f763c186855
2014-11-29 17:12:18 +00:00
Bob Owen
0603798733
Bug 1102195 Part 2: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
...
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
Bob Owen
cb041d2191
Bug 1102195 Part 1: Update Chromium sandbox code to commit df7cc6c04725630dd4460f29d858a77507343b24. r=aklotz, r=jld
2015-02-11 08:22:02 +00:00
Bob Owen
ad26d9d0cc
Bug 1129369 Part 3: Turn on MITIGATION_STRICT_HANDLE_CHECKS process-level mitigation for the GMP sandbox. r=tabraldes
2015-02-10 09:06:59 +00:00
Bob Owen
bb4e5fbdaa
Bug 1129369 Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes
2015-02-10 09:06:59 +00:00
Bob Owen
ee5f7177c6
Bug 1129369 Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes
2015-02-10 09:06:59 +00:00
Bob Owen
721c4e20e1
Bug 1127230: Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing. r=bsmedberg
2015-01-30 17:48:15 +00:00
Bob Owen
8299a8da28
Bug 1126402: Add a pref to enable a more strict version of the Windows NPAPI process sandbox. r=bsmedberg, r=bbondy
2015-01-29 08:13:07 +00:00
Bob Owen
41778cfef0
Bug 1125865: Only log Windows sandbox violations to console when nsContentUtils is initialized. r=bbondy
2015-01-28 11:21:24 +00:00
Bob Owen
f9d1522cfc
Bug 1094370: Use the USER_LOCKDOWN access token for GMP processes. r=aklotz
2015-01-26 10:14:39 +00:00