Bug 1548406 - Part 2 - Conditionally include WindowServer access in the GMP sandbox r=handyman
authorHaik Aftandilian <haftandilian@mozilla.com>
Thu, 02 May 2019 07:04:58 +0000
changeset 472237 38a326f813f6b1fd1400d215730e0105f62eb9c5
parent 472236 d977a4ad06166453823ed73b0ec7b77dd20399bf
child 472238 55950b79d6b9204d8340e1b7e5458131869a0c3e
child 472243 1f1bcf9c471dc10ef3df04c56aa4814cf34c1c1d
push id112984
push usercbrindusan@mozilla.com
push dateThu, 02 May 2019 09:57:19 +0000
treeherdermozilla-inbound@55950b79d6b9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershandyman
bugs1548406
milestone68.0a1
first release with
nightly linux32
38a326f813f6 / 68.0a1 / 20190502095227 / files
nightly linux64
38a326f813f6 / 68.0a1 / 20190502095227 / files
nightly mac
38a326f813f6 / 68.0a1 / 20190502095227 / files
nightly win32
38a326f813f6 / 68.0a1 / 20190502095227 / files
nightly win64
38a326f813f6 / 68.0a1 / 20190502095227 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1548406 - Part 2 - Conditionally include WindowServer access in the GMP sandbox r=handyman Conditionally include WindowServer access in the GMP sandbox so that it is only allowed for the Widevine CDM plugin, and not OpenH264. Differential Revision: https://phabricator.services.mozilla.com/D29586
security/sandbox/mac/Sandbox.mm
security/sandbox/mac/SandboxPolicyGMP.h
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -299,16 +299,18 @@ bool StartMacSandbox(MacSandboxInfo cons
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("PLUGIN_BINARY_PATH");
     params.push_back(aInfo.pluginBinaryPath.c_str());
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
     params.push_back("APP_BINARY_PATH");
     params.push_back(aInfo.appBinaryPath.c_str());
+    params.push_back("HAS_WINDOW_SERVER");
+    params.push_back(aInfo.hasWindowServer ? "TRUE" : "FALSE");
   } else if (aInfo.type == MacSandboxType_Content) {
     MOZ_ASSERT(aInfo.level >= 1);
     if (aInfo.level >= 1) {
       profile = SandboxPolicyContent;
       params.push_back("SHOULD_LOG");
       params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
       params.push_back("SANDBOX_LEVEL_1");
       params.push_back(aInfo.level == 1 ? "TRUE" : "FALSE");
--- a/security/sandbox/mac/SandboxPolicyGMP.h
+++ b/security/sandbox/mac/SandboxPolicyGMP.h
@@ -10,16 +10,17 @@ namespace mozilla {
 
 static const char SandboxPolicyGMP[] = R"SANDBOX_LITERAL(
   (version 1)
 
   (define should-log (param "SHOULD_LOG"))
   (define plugin-binary-path (param "PLUGIN_BINARY_PATH"))
   (define app-path (param "APP_PATH"))
   (define app-binary-path (param "APP_BINARY_PATH"))
+  (define hasWindowServer (param "HAS_WINDOW_SERVER"))
 
   (define (moz-deny feature)
     (if (string=? should-log "TRUE")
       (deny feature)
       (deny feature (with no-log))))
 
   (moz-deny default)
   ; These are not included in (deny default)
@@ -51,14 +52,15 @@ static const char SandboxPolicyGMP[] = R
   (allow file-read*
       (literal "/etc")
       (literal "/dev/random")
       (literal "/dev/urandom")
       (literal "/usr/share/icu/icudt51l.dat")
       (subpath "/System/Library/Displays/Overrides")
       (subpath "/System/Library/CoreServices/CoreTypes.bundle"))
 
-  (allow mach-lookup (global-name "com.apple.windowserver.active"))
+  (if (string=? hasWindowServer "TRUE")
+    (allow mach-lookup (global-name "com.apple.windowserver.active")))
 )SANDBOX_LITERAL";
 
 }  // namespace mozilla
 
 #endif  // mozilla_SandboxPolicyGMP_h