Bug 1557282: SetLockdownDefaultDacl for content process sandbox policy for Windows 10 or later. r=jmathies
authorBob Owen <bobowencode@gmail.com>
Wed, 10 Jul 2019 14:57:01 +0000
changeset 482362 9559ef8f347dc0e4e92546954472d4153283d5f2
parent 482361 203e09f37d1f38b5f6f7de0fd8dc181a66d6daa2
child 482363 2729b410f2b58d9e55227514d4e0115ac9529d87
push id89719
push userbobowencode@gmail.com
push dateThu, 11 Jul 2019 09:19:44 +0000
treeherderautoland@9559ef8f347d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjmathies
bugs1557282
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1557282: SetLockdownDefaultDacl for content process sandbox policy for Windows 10 or later. r=jmathies Differential Revision: https://phabricator.services.mozilla.com/D33301
browser/app/profile/firefox.js
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1036,17 +1036,17 @@ pref("dom.ipc.plugins.sandbox-level.flas
 pref("dom.ipc.plugins.sandbox-level.flash", 0);
 #endif
 
 // This controls the strength of the Windows content process sandbox for testing
 // purposes. This will require a restart.
 // On windows these levels are:
 // See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
 // SetSecurityLevelForContentProcess() for what the different settings mean.
-pref("security.sandbox.content.level", 5);
+pref("security.sandbox.content.level", 6);
 
 // This controls the depth of stack trace that is logged when Windows sandbox
 // logging is turned on.  This is only currently available for the content
 // process because the only other sandbox (for GMP) has too strict a policy to
 // allow stack tracing.  This does not require a restart to take effect.
 pref("security.sandbox.windows.log.stackTraceDepth", 0);
 
 // This controls the strength of the Windows GPU process sandbox.  Changes
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -497,16 +497,23 @@ void SandboxBroker::SetSecurityLevelForC
   result = mPolicy->SetIntegrityLevel(initialIntegrityLevel);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "SetIntegrityLevel should never fail, what happened?");
   result = mPolicy->SetDelayedIntegrityLevel(delayedIntegrityLevel);
   MOZ_RELEASE_ASSERT(
       sandbox::SBOX_ALL_OK == result,
       "SetDelayedIntegrityLevel should never fail, what happened?");
 
+  // SetLockdownDefaultDacl causes audio to fail for Windows 8.1 and earlier.
+  // Bug 1564842 tracks removing the Win10 or later restriction, once we can
+  // work around that problem.
+  if (aSandboxLevel > 5 && IsWin10OrLater()) {
+    mPolicy->SetLockdownDefaultDacl();
+  }
+
   sandbox::MitigationFlags mitigations =
       sandbox::MITIGATION_BOTTOM_UP_ASLR | sandbox::MITIGATION_HEAP_TERMINATE |
       sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
       sandbox::MITIGATION_DEP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
       sandbox::MITIGATION_IMAGE_LOAD_PREFER_SYS32;
 
 #if defined(_M_ARM64)
   // Disable CFG on older versions of ARM64 Windows to avoid a crash in COM.