Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
authorBob Owen <bobowencode@gmail.com>
Fri, 20 Mar 2015 07:53:37 +0000
changeset 234629 1c6d4f4dc12fdeb82326ddf07fdaa903db29d428
parent 234628 d111d64d9f0f186e9dd8eeaa327c1a209e8c6e18
child 234630 f30be176edfd2ab07663b0429db260471f84fca2
push id57181
push userbobowencode@gmail.com
push dateFri, 20 Mar 2015 07:54:13 +0000
treeherdermozilla-inbound@1c6d4f4dc12f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz
bugs1145432
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -267,16 +267,22 @@ SandboxBroker::SetSecurityLevelForGMPlug
   // Add the policy for the client side of a pipe. It is just a file
   // in the \pipe\ namespace. We restrict it to pipes that start with
   // "chrome." so the sandboxed process cannot connect to system services.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                             sandbox::TargetPolicy::FILES_ALLOW_ANY,
                             L"\\??\\pipe\\chrome.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
+  // Add the policy for the client side of the crash server pipe.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                            sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                            L"\\??\\pipe\\gecko-crash-server-pipe.*");
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
+
 #ifdef DEBUG
   // The plugin process can't create named events, but we'll
   // make an exception for the events used in logging. Removing
   // this will break EME in debug builds.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
                             sandbox::TargetPolicy::EVENTS_ALLOW_ANY,
                             L"ChromeIPCLog.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);