searching for reviewer(gcp)
970ef79be316a0b6d382d53d7b6ee8f78927e230: Bug 1621808 - Fix crash messages for seccomp-bpf failures. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 12 Mar 2020 08:28:39 +0000 - rev 518534
Push 110024 by jedavis@mozilla.com at Fri, 13 Mar 2020 00:15:03 +0000
Bug 1621808 - Fix crash messages for seccomp-bpf failures. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D66524
aa459bed7de4933200480c8af1f6af4725f8bf16: Bug 1621686 - Fix socket process sandbox's handling of prctl to prevent crash on kernels before 3.17. r=gcp,mjf
Jed Davis <jld@mozilla.com> - Thu, 12 Mar 2020 13:46:46 +0000 - rev 518533
Push 110024 by jedavis@mozilla.com at Fri, 13 Mar 2020 00:15:03 +0000
Bug 1621686 - Fix socket process sandbox's handling of prctl to prevent crash on kernels before 3.17. r=gcp,mjf The special handling of PR_SET_NO_NEW_PRIVS can't be overridden with Allow(); otherwise every thread in the process will repeatedly apply copies of the policy to itself until it reaches whatever limits the kernel imposes, and then we crash so we don't continue execution seemingly unsandboxed. (See also bug 1257361.) The prctl policy for the socket process is still allow-all after this patch; it just prevents crashing the socket process on startup on kernels before 3.17 (which don't support applying the policy atomically to all threads). This patch also adds a comment to try to document this failure mode. Differential Revision: https://phabricator.services.mozilla.com/D66523
89e9e9039a49b607f5a7bf64c53176a455cc14d9: Bug 1557282 Part 4: Use USER_LIMITED from the start of the socket process sandbox. r=handyman,gcp
Bob Owen <bobowencode@gmail.com> - Thu, 12 Mar 2020 20:41:09 +0000 - rev 518493
Push 109992 by btara@mozilla.com at Thu, 12 Mar 2020 20:46:32 +0000
Bug 1557282 Part 4: Use USER_LIMITED from the start of the socket process sandbox. r=handyman,gcp Differential Revision: https://phabricator.services.mozilla.com/D66613
a34986f5541da6bbdc191ee35a3c5858a028b856: Bug 1557282 Part 3: Use SetLockdownDefaultDacl and AddRestrictingRandomSid in sandbox policies. r=handyman,gcp
Bob Owen <bobowencode@gmail.com> - Thu, 12 Mar 2020 20:40:25 +0000 - rev 518492
Push 109992 by btara@mozilla.com at Thu, 12 Mar 2020 20:46:32 +0000
Bug 1557282 Part 3: Use SetLockdownDefaultDacl and AddRestrictingRandomSid in sandbox policies. r=handyman,gcp Differential Revision: https://phabricator.services.mozilla.com/D66612
b377a264897607c6f27b88b613ee6b3dba07bab2: Bug 1557282 Part 1: Take chromium commit c1ce57ea5d31208af589b4839390a44ab20b0c8f. r=handyman,gcp
Bob Owen <bobowencode@gmail.com> - Thu, 12 Mar 2020 20:39:40 +0000 - rev 518490
Push 109992 by btara@mozilla.com at Thu, 12 Mar 2020 20:46:32 +0000
Bug 1557282 Part 1: Take chromium commit c1ce57ea5d31208af589b4839390a44ab20b0c8f. r=handyman,gcp This adds AddRestrictingRandomSid feature, which fixes our issues with SetLockdownDefaultDacl, apart from when we are running from a network drive. Differential Revision: https://phabricator.services.mozilla.com/D66610
43e7de62af7f05341a8e05f75bddecccef571e9e: Bug 1608558 - pt4 - use security.sandbox.socket.process.level for linux socket process sandbox. r=gcp
Michael Froman <mfroman@mozilla.com> - Mon, 09 Mar 2020 14:57:13 +0000 - rev 517627
Push 109513 by mfroman@mozilla.com at Mon, 09 Mar 2020 16:14:03 +0000
Bug 1608558 - pt4 - use security.sandbox.socket.process.level for linux socket process sandbox. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D63716
678c6a3d00ee204c81dbbd7d9254469d31af9102: Bug 1608558 - pt3 - add EvaluateSocketCall and missing cases to EvaluateSyscall for Socket process sandbox. r=gcp
Michael Froman <mfroman@mozilla.com> - Mon, 09 Mar 2020 14:56:43 +0000 - rev 517626
Push 109513 by mfroman@mozilla.com at Mon, 09 Mar 2020 16:14:03 +0000
Bug 1608558 - pt3 - add EvaluateSocketCall and missing cases to EvaluateSyscall for Socket process sandbox. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D62445
adc30f2f9a5c179ad0d0acb25e46ad1239cb17e6: Bug 1608558 - pt2 - add SandboxBrokerPolicyFactory::GetSocketProcessPolicy to allow access to certs. r=jld,gcp
Michael Froman <mfroman@mozilla.com> - Mon, 09 Mar 2020 14:56:24 +0000 - rev 517625
Push 109513 by mfroman@mozilla.com at Mon, 09 Mar 2020 16:14:03 +0000
Bug 1608558 - pt2 - add SandboxBrokerPolicyFactory::GetSocketProcessPolicy to allow access to certs. r=jld,gcp Differential Revision: https://phabricator.services.mozilla.com/D62444
10e01cf10fafca4a150c2f76b3ce4e33bbd06223: Bug 1608558 - pt1 - add linux sandboxing to socket process. r=gcp
Michael Froman <mfroman@mozilla.com> - Mon, 09 Mar 2020 14:56:03 +0000 - rev 517624
Push 109513 by mfroman@mozilla.com at Mon, 09 Mar 2020 16:14:03 +0000
Bug 1608558 - pt1 - add linux sandboxing to socket process. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D60014
504aca5e5357f057ba4f7dcb0d76420dd1f71d15: Bug 1540776 - Change CMSOutputProfile functions to return nsArray r=gcp
Chris Martin <cmartin@mozilla.com> - Fri, 21 Feb 2020 21:27:53 +0000 - rev 515075
Push 107999 by cmartin@mozilla.com at Fri, 21 Feb 2020 21:28:56 +0000
Bug 1540776 - Change CMSOutputProfile functions to return nsArray r=gcp Currently, the GetCMSOutputProfile() and related methods pass their output using the old C-style "ptr, len" parameters. This makes them more difficult to deal with later in this change when they need to be safely passed over IPC. This refactors them to return nsTArray<uint8_t> results instead. I also removed some old cruft and refactored the existing code. Differential Revision: https://phabricator.services.mozilla.com/D63583
5fdf628512a0de7f9d7f847df36cb715f4cda453: Bug 1614434 - Remove unsused function BuildCache. r=gcp
Philipp Zech <zech.ph@gmail.com> - Thu, 13 Feb 2020 11:31:01 +0000 - rev 514768
Push 107805 by sledru@mozilla.com at Thu, 20 Feb 2020 14:33:57 +0000
Bug 1614434 - Remove unsused function BuildCache. r=gcp Removed unused function BuildCache(LookupCacheV2* cache, const _PrefixArray& aPrefixArray). This also required removal of RefPtr<T> SetupLookupCache(const _PrefixArray& aPrefixArray) (formerly line 229). Differential Revision: https://phabricator.services.mozilla.com/D62614
e72506f78ff1de27580746a77da42fb37b77fc4d: Bug 1524873 - Enable SafeBrowsing in Safe Mode. r=gcp
Dimi Lee <dlee@mozilla.com> - Tue, 18 Feb 2020 10:48:47 +0000 - rev 514574
Push 107658 by dlee@mozilla.com at Wed, 19 Feb 2020 08:37:30 +0000
Bug 1524873 - Enable SafeBrowsing in Safe Mode. r=gcp This patch enables SafeBrowsing in Safe Mode because features based on SafeBrowsing are essential for Firefox(For example, Enhanced Tracking Protection). Since Safe Browsing update is nondeterministic, we disable periodical SafeBrowsing update to make troubleshooting easier. Manually trigger an update via about:classifier is still enabled. Last, SafeBrowsing tables provided by Google will be ignored in Safe Mode to ensure the SafeBrowsing warnings are update-to-date. Differential Revision: https://phabricator.services.mozilla.com/D62708
009245e9c470ab0e3862632583683c43bed3606e: Bug 1614535 - Whitelist pread64 in the common policy. r=gcp
Emilio Cobos Álvarez <emilio@crisal.io> - Tue, 11 Feb 2020 18:20:34 +0000 - rev 513401
Push 106994 by ealvarez@mozilla.com at Tue, 11 Feb 2020 18:32:33 +0000
Bug 1614535 - Whitelist pread64 in the common policy. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D62468
3ec8c96f4d53916de5223b2eda5e8d66fb6ca227: Bug 1611565 - Cherry-pick upstream patch to use public siginfo_t fields r=gcp
Michael Forney <mforney@mforney.org> - Thu, 06 Feb 2020 17:17:18 +0000 - rev 512791
Push 106619 by gpascutto@mozilla.com at Thu, 06 Feb 2020 17:31:30 +0000
Bug 1611565 - Cherry-pick upstream patch to use public siginfo_t fields r=gcp Upstream patch: https://chromium.googlesource.com/chromium/src.git/+/6bd491daaf28a8281136931133504c23a18f819f%5E%21/#F0 _sifields is a glibc-internal field, and is not available on musl libc. Instead, use the public-facing fields si_call_addr, si_syscall, and si_arch, if they are available. Differential Revision: https://phabricator.services.mozilla.com/D61051
b6fad77fa8d62f17966b6ab5b819e26c01a4d21d: Bug 1600889 - gShuttingDownThread in nsUrlClassifierDBService should be Atomic r=gcp
Dimi Lee <dlee@mozilla.com> - Fri, 20 Dec 2019 12:46:45 +0000 - rev 508037
Push 103759 by dlee@mozilla.com at Fri, 20 Dec 2019 14:03:10 +0000
Bug 1600889 - gShuttingDownThread in nsUrlClassifierDBService should be Atomic r=gcp Differential Revision: https://phabricator.services.mozilla.com/D57954
acc35d9b520131237be4fe0d98b8e43f484f01a4: Bug 1567076 - Replace test-unwatned-simple with moztest-unwatned-simple r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 19 Dec 2019 13:25:25 +0000 - rev 507878
Push 103649 by dlee@mozilla.com at Thu, 19 Dec 2019 15:01:55 +0000
Bug 1567076 - Replace test-unwatned-simple with moztest-unwatned-simple r=gcp Differential Revision: https://phabricator.services.mozilla.com/D57784
d0dc795680f570add16b2240e74311f46e31b3d8: Bug 1600734 - Fix content sandbox level 1 on linux. r=jld,gcp
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 16 Dec 2019 22:35:03 +0000 - rev 507331
Push 103365 by ealvarez@mozilla.com at Mon, 16 Dec 2019 23:18:09 +0000
Bug 1600734 - Fix content sandbox level 1 on linux. r=jld,gcp Right now we crash on socketpair here: https://searchfox.org/mozilla-central/rev/04d8e7629354bab9e6a285183e763410860c5006/ipc/chromium/src/chrome/common/ipc_channel_posix.cc#261 As there is no broker. Differential Revision: https://phabricator.services.mozilla.com/D55532
a8082b9b4ed10796852c719d9a965445f19b53ee: Bug 1294286 - Filter clock IDs in clock_getres sandbox rule. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 21 Nov 2019 08:02:06 +0000 - rev 503210
Push 101190 by jedavis@mozilla.com at Thu, 21 Nov 2019 22:15:14 +0000
Bug 1294286 - Filter clock IDs in clock_getres sandbox rule. r=gcp The clockid_t type on Linux has a space of values with encode a pid and refer to various measures of another process's CPU usage; clock_getres would, thereby, allow probing whether other processes exist. This is a relatively small information leak into the sandboxes, but there's no reason to allow it. Differential Revision: https://phabricator.services.mozilla.com/D54081
5cddc200d6f2d846c9d730bd2b22090ac9f20b08: Bug 1598040 - Filter clock IDs in clock_nanosleep sandbox rule. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 21 Nov 2019 08:03:17 +0000 - rev 503209
Push 101190 by jedavis@mozilla.com at Thu, 21 Nov 2019 22:15:14 +0000
Bug 1598040 - Filter clock IDs in clock_nanosleep sandbox rule. r=gcp The `clockid_t` type on Linux has a space of values which encode a pid and allow measuring the CPU usage of other processes; we don't want to allow sandboxed processes to do that. Differential Revision: https://phabricator.services.mozilla.com/D54080
7d78f9dd952762cc57b7f16f085cad23f49db42f: Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp
Emilio Cobos Álvarez <emilio@crisal.io> - Wed, 20 Nov 2019 11:22:11 +0000 - rev 503004
Push 101055 by ealvarez@mozilla.com at Wed, 20 Nov 2019 11:27:50 +0000
Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp It seems newer glibc versions implement nanosleep() in terms of clock_nanosleep(), which broke the profiler due to the sandbox rules whitelisting the former but not the later. Unfortunate that the profiler will fail in old Firefox versions though... :/ Differential Revision: https://phabricator.services.mozilla.com/D53879
0206c2d1aae8093ae2c4c625bf247448b28a86c3: Bug 1591112 - Do not release Classifier in the Safe Browsing update thread. r=gcp
DimiDL <dlee@mozilla.com> - Wed, 20 Nov 2019 08:34:53 +0000 - rev 502794
Push 101046 by dlee@mozilla.com at Wed, 20 Nov 2019 09:17:47 +0000
Bug 1591112 - Do not release Classifier in the Safe Browsing update thread. r=gcp In AsyncApplyUpdate, the Safe Browsing update thread holds a reference to 'Classifier'. In some scenarios(See Bug 1591112), the update thread may be the last one holding the reference; hence the update thread releases the 'Classifier' when the task is ended. Classifier has to be created and destroyed in the same thread because of the constrain of LazyIdelThread, in the current implementation, it should be released by the worker thread. This patch transfers the ownership of the reference of 'Classifier 'from the update thread to the worker thread before its task is finished to make sure we release 'Classifier' in the right thread. Differential Revision: https://phabricator.services.mozilla.com/D53156
0e0f33fd72b8334cfdde8b4dfdb3f237a60a43a7: Bug 1580271: defer to xdg-open when opening files on OpenBSD r=gcp
joshua stein <jcs@jcs.org> - Thu, 07 Nov 2019 17:08:57 +0000 - rev 501232
Push 100077 by gpascutto@mozilla.com at Fri, 08 Nov 2019 07:42:46 +0000
Bug 1580271: defer to xdg-open when opening files on OpenBSD r=gcp g_app_info_get_default_for_type() will fail on OpenBSD's veiled filesystem since we most likely don't have direct access to the binaries that are registered as defaults for this type. Fake it up by just executing xdg-open via gio-launch-desktop (which we do have access to) and letting it figure out which program to execute for this MIME type. This has the side-effect of ignoring/losing MIME types associations registered in firefox prefs only. Differential Revision: https://phabricator.services.mozilla.com/D51388
faf2b623b315b7faf436ae69b9464f286f2ddd24: Bug 1580271: enhance sandbox on OpenBSD with unveil() r=gcp
joshua stein <jcs@jcs.org> - Fri, 08 Nov 2019 07:31:09 +0000 - rev 501231
Push 100077 by gpascutto@mozilla.com at Fri, 08 Nov 2019 07:42:46 +0000
Bug 1580271: enhance sandbox on OpenBSD with unveil() r=gcp ExpandUnveilPath() takes care of expanding potentially environment-specific XDG_DATA/CONFIG/CACHE_HOME dirs. The unveil config files lists the allowed paths & modes. 'disable' in the files will disable the corresponding pledge/unveil syscall. Differential Revision: https://phabricator.services.mozilla.com/D51387
8e2be8ec03fc1f6eab748d35240c41c1656724f8: Bug 1580268: Sandbox GPU process on OpenBSD with pledge() r=gcp
joshua stein <jcs@jcs.org> - Thu, 07 Nov 2019 09:56:07 +0000 - rev 501230
Push 100077 by gpascutto@mozilla.com at Fri, 08 Nov 2019 07:42:46 +0000
Bug 1580268: Sandbox GPU process on OpenBSD with pledge() r=gcp Differential Revision: https://phabricator.services.mozilla.com/D51386
396a73e240dfcb4273ec0657df07284b172d9ca6: Bug 1584839 - Move OpenBSD pledge promises to files r=gcp
joshua stein <jcs@jcs.org> - Thu, 07 Nov 2019 09:52:18 +0000 - rev 501229
Push 100077 by gpascutto@mozilla.com at Fri, 08 Nov 2019 07:42:46 +0000
Bug 1584839 - Move OpenBSD pledge promises to files r=gcp this way, preferences cant be modified by an extension, and they're locked down in root-owned files. Pledge promises files consist of a promise by line, are read first from /etc/MOZ_APP_NAME/pledge.${processtype} (allowing overriding by a local root if needed), and if not found /usr/local/lib/MOZ_APP_NAME/browser/defaults/preferences is used, which is where the OpenBSD packaging system will install the defaults. Differential Revision: https://phabricator.services.mozilla.com/D51385
f5df610ae207f14f233874e2f1502c137b4f94ab: Bug 1522054 - Assert when nsUrlClassifierDBService::Lookup is called with SystemPrinciap. r=gcp
DimiDL <dlee@mozilla.com> - Thu, 07 Nov 2019 08:11:33 +0000 - rev 501048
Push 99952 by dlee@mozilla.com at Thu, 07 Nov 2019 08:15:03 +0000
Bug 1522054 - Assert when nsUrlClassifierDBService::Lookup is called with SystemPrinciap. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D49887
1548ffd8f48ca29f49d1e8f2a92e2cc314c1e12e: Bug 1522054 - Assert when nsUrlClassifierDBService::Lookup is called with SystemPrinciap. r=gcp
DimiDL <dlee@mozilla.com> - Thu, 31 Oct 2019 12:55:58 +0000 - rev 500704
Push 99777 by dlee@mozilla.com at Tue, 05 Nov 2019 21:55:15 +0000
Bug 1522054 - Assert when nsUrlClassifierDBService::Lookup is called with SystemPrinciap. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D49887
e2135df66bd70a704b0de260f5b9cb4324657001: Bug 1586888 - Test security/sandbox/test/browser_content_sandbox_fs.js has failures on macOS Catalina r=gcp
Haik Aftandilian <haftandilian@mozilla.com> - Tue, 29 Oct 2019 10:45:43 +0000 - rev 499682
Push 99135 by haftandilian@mozilla.com at Tue, 29 Oct 2019 19:00:53 +0000
Bug 1586888 - Test security/sandbox/test/browser_content_sandbox_fs.js has failures on macOS Catalina r=gcp Don't test with directories not present on macOS 10.15. Differential Revision: https://phabricator.services.mozilla.com/D49499
ae22a3ec0397b00a50064359a9d74d964f5e707d: Bug 1512937 - P2. Do not generate an extra framgment for URLs without a path. r=gcp
DimiDL <dlee@mozilla.com> - Mon, 28 Oct 2019 08:27:52 +0000 - rev 499421
Push 98946 by dlee@mozilla.com at Mon, 28 Oct 2019 08:37:57 +0000
Bug 1512937 - P2. Do not generate an extra framgment for URLs without a path. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D49881
a3d9db5ef4e282248a2b9ccb368caeacf2f12b7b: Bug 1512937 - P1. Change the #include order in the Safe Browsing gtest. r=gcp
DimiDL <dlee@mozilla.com> - Mon, 28 Oct 2019 08:27:49 +0000 - rev 499420
Push 98946 by dlee@mozilla.com at Mon, 28 Oct 2019 08:37:57 +0000
Bug 1512937 - P1. Change the #include order in the Safe Browsing gtest. r=gcp There were compiler errors while I added a gtest testcase. This patch updates the Test* files to include a common header, remove redundant headers, and include missing headers. Differential Revision: https://phabricator.services.mozilla.com/D49880
8d30710883b727351ea87d038bbbbdc82f5a4cee: Bug 1583735 - Find out why accessing mmaped JAR file generates SIGBUS, r=gcp,aklotz
Michal Novotny <michal.novotny@gmail.com> - Wed, 23 Oct 2019 19:06:55 +0000 - rev 499142
Push 98921 by mnovotny@mozilla.com at Sat, 26 Oct 2019 21:14:25 +0000
Bug 1583735 - Find out why accessing mmaped JAR file generates SIGBUS, r=gcp,aklotz When we have nsZipHandle available (which is the case of crashes from bugs 1550815, 1564444 and 1564921), we send following information in the crash report: - file name - current file size - buffer address - buffer length - address that generated SIGBUS Differential Revision: https://phabricator.services.mozilla.com/D48847
c39004cf92c4aaf73da85f3d79e1babfcaa3b08e: Bug 1553855 - P2. Fix Safe Browsing testcase errors after introducing LazyIdle thread. r=gcp
DimiDL <dlee@mozilla.com> - Thu, 24 Oct 2019 14:03:25 +0000 - rev 498869
Push 98748 by dlee@mozilla.com at Thu, 24 Oct 2019 14:17:12 +0000
Bug 1553855 - P2. Fix Safe Browsing testcase errors after introducing LazyIdle thread. r=gcp A LazyIdle thread should be created and removed by the same thread. This patch fixes testcases that trigger the assertion. Depends on D49874 Differential Revision: https://phabricator.services.mozilla.com/D49875
0f506810a0a90cd3e0ca95961c4c636afa3d4d41: Bug 1553855 - P1. Make the Classifier Update thread a LazyIdle thread. r=gcp
DimiDL <dlee@mozilla.com> - Thu, 24 Oct 2019 14:02:27 +0000 - rev 498868
Push 98748 by dlee@mozilla.com at Thu, 24 Oct 2019 14:17:12 +0000
Bug 1553855 - P1. Make the Classifier Update thread a LazyIdle thread. r=gcp Safe Browsing update thread wakes up every 30 mins to update tables from google and 60 mins to update tables from mozilla. Since the update thread doesn't have always to be alive, we change the update thread to be a LazyIdle thread instead. Differential Revision: https://phabricator.services.mozilla.com/D49874
bd12db83e34285e04e1822a0ea894cc8f3839f0e: Bug 1584931 - Replace ContentTask.spawn with SpecialPowers.spawn for flash blocking testcases. r=gcp
DimiDL <dlee@mozilla.com> - Wed, 16 Oct 2019 07:38:34 +0000 - rev 497955
Push 98176 by dlee@mozilla.com at Thu, 17 Oct 2019 07:25:29 +0000
Bug 1584931 - Replace ContentTask.spawn with SpecialPowers.spawn for flash blocking testcases. r=gcp To make us pass flash blocking testcases when fission is enabled, we should use SpecialPowers.spawn instead of ContentTask.spawn because the iframes in the testcases may be cross-origin iframes. Differential Revision: https://phabricator.services.mozilla.com/D49388
42de2e88ff5508db6c7e929862dca28cf09dbd63: Bug 1576374 - Use fallible append in ProtocolParser::AppendStream. r=gcp
DimiDL <dlee@mozilla.com> - Mon, 07 Oct 2019 15:02:39 +0000 - rev 496728
Push 97395 by dlee@mozilla.com at Tue, 08 Oct 2019 07:47:55 +0000
Bug 1576374 - Use fallible append in ProtocolParser::AppendStream. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D48354
eeaa7ecf70e3ffbcd4a1908d02982b2e5d6fc8a8: Bug 1575985 part 2 - Allow RW access to /dev/null in content sandbox r=gcp
shravanrn@gmail.com <shravanrn@gmail.com> - Mon, 30 Sep 2019 21:57:34 +0000 - rev 495836
Push 96891 by tritter@mozilla.com at Wed, 02 Oct 2019 02:21:01 +0000
Bug 1575985 part 2 - Allow RW access to /dev/null in content sandbox r=gcp This is needed by lucet to run WASM sandboxed libraries. Differential Revision: https://phabricator.services.mozilla.com/D46108
e698fd77a0939128f64c4e87b02ddf22753046b6: Bug 1576292 - Avoid using directory service off-main-thread in URL Classifier gtest. r=gcp
dlee <dlee@mozilla.com> - Thu, 05 Sep 2019 07:34:41 +0000 - rev 491815
Push 94526 by dlee@mozilla.com at Thu, 05 Sep 2019 07:57:31 +0000
Bug 1576292 - Avoid using directory service off-main-thread in URL Classifier gtest. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D44728
6d946d2a7a313e4ccb8aadb4b1a86e78d1e68301: Bug 1575842 - Do not use |ResetTables| when detecting Safe Browing database corruption in GetLookupCache. r=gcp
dlee <dlee@mozilla.com> - Fri, 23 Aug 2019 08:19:18 +0000 - rev 489569
Push 93444 by dlee@mozilla.com at Fri, 23 Aug 2019 08:21:06 +0000
Bug 1575842 - Do not use |ResetTables| when detecting Safe Browing database corruption in GetLookupCache. r=gcp This patch replaces |ResetTables|(clear table's in-memory and on-disk data) with |DeleteTables|(clear table's on-disk data) in GetLookupCache to avoid infinite loop. We can just delete on-disk data when file corruption is detected in |GetLookupCache| without clearing the cache's internal data and refreshing current active caches because in that scenario, the lookup cache failing to read database has not yet added to the active caches list. Differential Revision: https://phabricator.services.mozilla.com/D43181
266d6e0597d8666ec55d833064cc0296dc7d1502: Bug 1575564 - avoid non-mainthread use of NS_GetSpecialDirectory in linux sandboxbroker, r=jld,gcp
Gijs Kruitbosch <gijskruitbosch@gmail.com> - Thu, 22 Aug 2019 16:37:18 +0000 - rev 489530
Push 93412 by gijskruitbosch@gmail.com at Thu, 22 Aug 2019 22:31:16 +0000
Bug 1575564 - avoid non-mainthread use of NS_GetSpecialDirectory in linux sandboxbroker, r=jld,gcp Differential Revision: https://phabricator.services.mozilla.com/D42951
df6b5b4da8b909d61701356243dd95f20e983bf0: Bug 1562822 - P3. Reset all the tables that fail to apply a Safe Browsing update. r=gcp
dlee <dlee@mozilla.com> - Wed, 21 Aug 2019 12:08:12 +0000 - rev 489192
Push 93171 by dlee@mozilla.com at Wed, 21 Aug 2019 12:10:50 +0000
Bug 1562822 - P3. Reset all the tables that fail to apply a Safe Browsing update. r=gcp Before this patch, when Safe Browsing updating process discovers an error, it quits and resets the table failing to update. After this patch, updating process will continue to run when an error occurs to find all the tables failing to apply an update. Differential Revision: https://phabricator.services.mozilla.com/D42615
d49cd2aa45686212954493e2465fc3258c1796a2: Bug 1562822 - P2. Reset corrupted Safe Browsing database before triggering an update. r=gcp
dlee <dlee@mozilla.com> - Wed, 21 Aug 2019 12:08:03 +0000 - rev 489191
Push 93171 by dlee@mozilla.com at Wed, 21 Aug 2019 12:10:50 +0000
Bug 1562822 - P2. Reset corrupted Safe Browsing database before triggering an update. r=gcp Patch P2 & P3 refine how Safe Browsing handles Safe Browsing database loading failure. Safe Browsing databases are read in 3 scenarios: 1. |GetLookupCache| is called on startup. Safe Browsing reads prefix files in this case. Metadata for updates(.sbstore, .metadata) are not read in this scenario. 2. |TableRequest| is called before applying an update, Safe Browsing reads update metadata to apply a partial update. 3. During an update, Safe Browsing reads both prefix files and metadata in order to merge the update result. For Case 1, we reset a table's database only when it returns FILE_CORRUPTED while loading prefixes from the prefix file(.vlpset). For Case 2, we reset a table's database when the table fails to load its metadata file or prefix file. This is because we need to make sure both files are complete so we can correctly perform a partial update. Note that in this case, we don't just reset the database when "FILE_CORRUPTED" is detected, we reset the database as long as an error occurs while loading the database. For Case 3, For all the tables failing to load their database during an updating process, the databases of those tables will be reset. Case 1 and Case 2 are done in Patch P2; Case 3 is done in Patch P3 Differential Revision: https://phabricator.services.mozilla.com/D42614
7a0ab3a7558b4fc930d1066f3f204ee99ccfc162: Bug 1562822 - P1. Return NS_ERROR_FILE_CORRUPTED when Safe Browsing cannot read the header of its database. r=gcp
dlee <dlee@mozilla.com> - Wed, 21 Aug 2019 12:07:44 +0000 - rev 489190
Push 93171 by dlee@mozilla.com at Wed, 21 Aug 2019 12:10:50 +0000
Bug 1562822 - P1. Return NS_ERROR_FILE_CORRUPTED when Safe Browsing cannot read the header of its database. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D42613
9c6e5858528aca9447967b6b5130cc4a96b9c91a: Bug 1551524 - Report failure in LookupCache::WriteFile() if StoreToFile returns an error. r=gcp
dlee <dlee@mozilla.com> - Tue, 20 Aug 2019 18:07:42 +0000 - rev 489049
Push 93098 by dlee@mozilla.com at Tue, 20 Aug 2019 19:21:13 +0000
Bug 1551524 - Report failure in LookupCache::WriteFile() if StoreToFile returns an error. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D42618
466843804c09151c4f2c7733b9c763f4edc27fc4: Bug 1573666 - Do not show warning message when there is no Safe Browsing V3 .sbstore files. r=gcp
dlee <dlee@mozilla.com> - Mon, 19 Aug 2019 09:34:18 +0000 - rev 488740
Push 92925 by dlee@mozilla.com at Mon, 19 Aug 2019 14:09:03 +0000
Bug 1573666 - Do not show warning message when there is no Safe Browsing V3 .sbstore files. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D41942
b4a0f4026d4db81feab1c8b1c2172a97f2079cbe: Bug 1574450 - Close inputstream before reseting HashStore file. r=gcp
dlee <dlee@mozilla.com> - Mon, 19 Aug 2019 07:45:33 +0000 - rev 488663
Push 92889 by dlee@mozilla.com at Mon, 19 Aug 2019 07:47:14 +0000
Bug 1574450 - Close inputstream before reseting HashStore file. r=gcp mInputStream holds a reference to the current opened HashStore file. While resetting the file, mInputStream should be closed first, otherwise, the file->Remove returns failure code NS_ERROR_FILE_IS_LOCKED. (This only happens in Windows platform) Differential Revision: https://phabricator.services.mozilla.com/D42460
d1316e6def59b8017bb3b48558ce86df329279a4: Bug 1564346 - SafeBrowsing gtest code refactoring. r=gcp
dlee <dlee@mozilla.com> - Thu, 08 Aug 2019 14:29:40 +0000 - rev 487163
Push 92130 by dlee@mozilla.com at Fri, 09 Aug 2019 07:13:22 +0000
Bug 1564346 - SafeBrowsing gtest code refactoring. r=gcp Refactor the gtest code because it confused me while adding new tests. This patch focus on refining utility function but it also contains other minor refinements. Changes includes: 1. Add comments to utility function 2. Move common utility functions to Common.cpp and remove duplicates 3. Header file removal and reorder 4. Unify MPL commnetc 5. Replace anonymouse namespace with static function Differential Revision: https://phabricator.services.mozilla.com/D37532
938ff7ae5eff2739d6999b7d982383c0abc878f4: Bug 1564041 - P1. Add telemetry to measure download protection binary type r=gcp
dimi <dlee@mozilla.com> - Thu, 08 Aug 2019 07:38:19 +0000 - rev 486871
Push 92011 by dlee@mozilla.com at Thu, 08 Aug 2019 07:41:50 +0000
Bug 1564041 - P1. Add telemetry to measure download protection binary type r=gcp This patch adds a telemetry, APPLICATION_REPUTATION_BINARY_TYPE, which records different binary type based on the file extension. 1. BinaryFile, file is considered as a binary file, file is eligible for remote lookup 2. NonBinaryFile, file is not considered as a binary file. 3. MozNonBinaryFile, file is considered as a binary file in Chrome, but we don't send a download protection ping for this file 4. UnknownFile, file is not in any of the above lists. Differential Revision: https://phabricator.services.mozilla.com/D37275
89b42e05fd3125c12acd27c61fd9c24f5423ff6a: Bug 1559368 - When determining sandbox capabilities, check for the specific X11 socket that would be used. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 07 Aug 2019 22:34:50 +0000 - rev 486846
Push 91991 by jedavis@mozilla.com at Thu, 08 Aug 2019 00:11:26 +0000
Bug 1559368 - When determining sandbox capabilities, check for the specific X11 socket that would be used. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D40915
6ec4bd94bb511e3f73f6f290c30e463e6ce740ee: Bug 1564346 - SafeBrowsing gtest code refactoring. r=gcp
dlee <dlee@mozilla.com> - Wed, 07 Aug 2019 15:17:49 +0000 - rev 486774
Push 91929 by dlee@mozilla.com at Wed, 07 Aug 2019 15:44:21 +0000
Bug 1564346 - SafeBrowsing gtest code refactoring. r=gcp Refactor the gtest code because it confused me while adding new tests. This patch focus on refining utility function but it also contains other minor refinements. Changes includes: 1. Add comments to utility function 2. Move common utility functions to Common.cpp and remove duplicates 3. Header file removal and reorder 4. Unify MPL commnetc 5. Replace anonymouse namespace with static function Differential Revision: https://phabricator.services.mozilla.com/D37532
3174ab6c79af5d9edeea03645e86ea07ab5415a4: Bug 1562875 - Listmanager kiffoffUpdate doesn't need to obtain on-disk data. r=gcp
dlee <dlee@mozilla.com> - Thu, 11 Jul 2019 12:49:14 +0000 - rev 485123
Push 91123 by dlee@mozilla.com at Mon, 29 Jul 2019 12:50:23 +0000
Bug 1562875 - Listmanager kiffoffUpdate doesn't need to obtain on-disk data. r=gcp While listmanager called |kickoffUpdate|, it used to call |GetTables| to retrieve update information and used the information to distinguish if a table is a "existing" table or not. In Bug 1045163, the "existing table" logic was removed, which also means we don't need to call |GetTabkes| anymore. This patch removes calling Classifier::TableRequest to reduce unnecessary disk IO during startup. Differential Revision: https://phabricator.services.mozilla.com/D37037