Jed Davis
b84e184fac
Bug 964427 - Whitelist msync (asm.js cache) and sched_get_priority_m{in,ax} (webrtc). r=kang
2014-01-28 09:04:39 -05:00
Jed Davis
7533caa9fa
Bug 960365 - Whitelist uname for nsSystemInfo. r=kang
2014-01-21 15:48:00 -05:00
Jed Davis
66de476356
Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang
...
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.
Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
2014-01-10 08:22:58 -05:00
Ryan VanderMeulen
6428c27a28
Merge b2g-inbound to m-c.
2013-12-09 17:26:11 -05:00
Birunthan Mohanathas
58325c73be
Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo
...
--HG--
rename : mfbt/Util.h => mfbt/ArrayUtils.h
2013-12-08 21:52:54 -05:00
Vicamo Yang
e6144af740
Bug 944625 - B2G Emulator-x86: fix undeclared __NR_socketpair, __NR_sendmsg. r=kang,jld
2013-12-09 21:02:54 +08:00
Jed Davis
20acfb65e6
Bug 943774 - Allow sigaction when sandboxed, for the crash reporter. r=kang
2013-12-03 18:45:17 -05:00
Ms2ger
554db665e5
Bug 937258 - Part a: Remove empty makefiles; r=gps
2013-11-28 15:25:40 +01:00
Mike Hommey
fdd3247a81
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-27 22:55:07 +09:00
Mike Hommey
2f727b6d62
Backout changeset 3fd4b546eed4 (bug 874266) and changeset a35d2e3a872f (bug 942043) for ASAN build bustage and Windows test bustage
...
--HG--
extra : amend_source : f20d09aeff1c8b5cbd0f1d24c7ce04e86f3aed1d
2013-11-28 14:24:05 +09:00
Mike Hommey
b038245b8d
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-28 13:08:16 +09:00
Christoph Kerschbaumer
2360074175
Bug 935111 - Enable seccomp-bpf for Linux. r=jld
2013-11-19 16:09:18 -08:00
Mike Hommey
931cb49886
Bug 939632 - Remove LIBRARY_NAME for leaf libraries. r=gps
...
Landing on a CLOSED TREE.
2013-11-19 11:50:54 +09:00
Mike Hommey
db9e5129bc
Bug 939074 - Remove most LIBXUL_LIBRARY. rs=gps
2013-11-19 11:48:10 +09:00
Mike Hommey
636b672657
Bug 914245 - Move FORCE_SHARED_LIB to moz.build. r=mshal
2013-11-19 11:47:45 +09:00
Mike Hommey
f0d1cd1e10
Bug 939044 - Remove most definitions of MODULE. r=mshal
2013-11-19 11:47:39 +09:00
Mike Hommey
f81885e53b
Bug 935881 - Use FINAL_LIBRARY for all (fake) libraries that end up linked in a single other library. r=gps
2013-11-19 11:47:14 +09:00
Jed Davis
0575f79039
Bug 936163 - Fix profiling-specific sandbox whitelist for x86_64. r=kang
...
There is no sigaction, only rt_sigaction.
2013-11-08 13:30:05 -08:00
Jed Davis
bf53218b36
Bug 936252 - Augment seccomp whitelist for b2g mochitests. r=kang
...
FormHistory invokes sqlite3, which calls fsync and geteuid.
A form test calls nsIFile's remove method, which uses lstat.
The crash reporter uses socketpair/sendmsg, to send a pipe back to the parent.
2013-11-11 09:11:43 -05:00
Jed Davis
8a6912c5a8
Bug 936145 - Clean up architecture-specific parts of seccomp whitelist. r=kang
2013-11-08 15:31:20 -05:00
Brian R. Bondy
6ceb592a81
Bug 935042 - Allow more than one process to be sandboxed from a single sandboxbroker. r=aklotz
2013-11-05 13:07:40 -05:00
Brian R. Bondy
7b8c0a47a1
Bug 934445 - Fix Windows linking error in Release mode only when MOZ_CONTENT_SANDBOX is defined. r=aklotz
2013-11-04 15:35:03 -05:00
Brian R. Bondy
423a5df4f3
Bug 925571 - Packaging for Sandboxing dll. r=bsmedberg
2013-10-30 16:58:56 -07:00
Brian R. Bondy
af6005bb38
Bug 925571 - Initial Windows content process sandbox broker code. r=aklotz
2013-10-30 16:58:52 -07:00
Brian R. Bondy
cc0884e81f
Bug 925571 - Build config for plugin_container windows sandboxing. r=bsmedberg
2013-10-30 16:58:45 -07:00
Brian R. Bondy
28868558b4
Bug 922756 - Changes to import of Chromium sandbox so that it's buildable. r=aklotz
2013-10-28 14:54:46 -07:00
Brian R. Bondy
d223207229
Bug 922756 - Initial import of subset of Chromium sandbox. r=aklotz
2013-10-28 14:54:42 -07:00
Brian R. Bondy
d8605953fb
Bug 922756 - Build config for Chromium sandbox. r=bsmedberg
...
--HG--
rename : security/sandbox/LICENSE => security/sandbox/linux/LICENSE
rename : security/sandbox/Makefile.in => security/sandbox/linux/Makefile.in
rename : security/sandbox/Sandbox.cpp => security/sandbox/linux/Sandbox.cpp
rename : security/sandbox/Sandbox.h => security/sandbox/linux/Sandbox.h
rename : security/sandbox/android_arm_ucontext.h => security/sandbox/linux/android_arm_ucontext.h
rename : security/sandbox/android_i386_ucontext.h => security/sandbox/linux/android_i386_ucontext.h
rename : security/sandbox/android_ucontext.h => security/sandbox/linux/android_ucontext.h
rename : security/sandbox/arm_linux_syscalls.h => security/sandbox/linux/arm_linux_syscalls.h
rename : security/sandbox/linux_seccomp.h => security/sandbox/linux/linux_seccomp.h
rename : security/sandbox/linux_syscalls.h => security/sandbox/linux/linux_syscalls.h
rename : security/sandbox/moz.build => security/sandbox/linux/moz.build
rename : security/sandbox/seccomp_filter.h => security/sandbox/linux/seccomp_filter.h
rename : security/sandbox/x86_32_linux_syscalls.h => security/sandbox/linux/x86_32_linux_syscalls.h
rename : security/sandbox/x86_64_linux_syscalls.h => security/sandbox/linux/x86_64_linux_syscalls.h
2013-10-28 14:54:36 -07:00
Brian R. Bondy
fcf90538ed
Bug 931429 - Fix PR_LOG compiling error for sandbox code on Linux. r=kang
2013-10-28 14:42:26 -07:00
Birunthan Mohanathas
54a21686df
Bug 784739 - Switch from NULL to nullptr in security/; r=ehsan
2013-10-28 10:05:19 -04:00
Mike Hommey
f1c0c07862
Bug 929905 - Consolidate sources in moz.build. r=gps
2013-10-25 08:23:05 +09:00
Brian O'Keefe
0cbcd904c7
Bug 928709 - Convert chromium-config.mk to mozbuild, r=mshal
2013-10-02 13:17:55 -04:00
Ms2ger
07dff61e68
Bug 908142 - Part b: Move FAIL_ON_WARNINGS to moz.build in security/sandbox/; r=gps
2013-10-20 09:25:19 +02:00
Jed Davis
6a41b94bbb
Bug 912822 - Enable sandbox logging on Android without setting NSPR_LOG_MODULES. r=kang
2013-10-06 15:15:50 -04:00
Jed Davis
cafbb08ba8
Bug 919090 - Let content processes use sigaction and tgkill if profiling enabled. r=kang
2013-10-04 13:29:48 -04:00
Ms2ger
df62fb8b0f
Bug 900980 - Part a: Move unconditional assignments to EXPORT_LIBRARY to moz.build; rs=gps
2013-10-03 09:11:13 +02:00
David Keeler
00014bbf23
bug 914716 - get seccomp-bpf sandboxing to compile on x86_64 r=kang
2013-09-25 11:14:34 -07:00
Vicamo Yang
34d42311bd
Bug 909658: B2G emulator-x86 has no __NR_{recv,msgget,semget}. r=kang
2013-09-11 00:23:35 +08:00
Jed Davis
a3fbb55f38
Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
...
Relatively harmless syscalls:
* dup, used by mozilla::ipc::Shmem
* getuid, for android::IPCThreadState, used in audio decode
* nanosleep, used by android::AudioTrack
Of potential concern:
* sched_setscheduler, used by audio threads in e.g. CubeVid
This might be restrictable somewhat by inspecting its arguments.
Of serious concern:
* unlink, as a workaround for bug 906996 (q.v.).
Note that we already allow open(), including for writing (temporary
files, /dev/genlock on qcom devices, probably more), so allowing unlink
won't make the situation much worse.
2013-09-06 09:13:59 -04:00
Mike Hommey
05b3f24e0e
Bug 912293 - Remove now redundant boilerplate from Makefile.in. r=gps
2013-09-05 09:01:46 +09:00
Brian O'Keefe
0ee041b9fd
Bug 875934 - Move LIBRARY_NAME to moz.build, batch 3; r=mshal
2013-08-15 09:02:09 -04:00
Jed Davis
840702aa2c
Bug 907002 - Add restart_syscall to seccomp whitelist. r=kang
2013-08-26 11:27:49 -04:00
Ms2ger
4d0ead0110
Bug 883284 - Part f: Move LIBXUL_LIBRARY into moz.build (p-z); r=glandium
2013-08-22 08:56:01 +02:00
Guillaume Destuynder
eda4902d8b
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=khuey, r=gerv, r=agal, r=dhylands, r=keeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00
Ms2ger
0f97870355
Backout changeset 9a57f0f347e3 for insufficient review.
2013-08-13 13:30:00 +02:00
Guillaume Destuynder
0351bab10b
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=agal, r=dhylands, r=dkeeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00