Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Mon, 13 Oct 2014 15:12:28 +0100
changeset 210427 8d0aca89e1b264e607f151fd1f23f6b15ccf3e0d
parent 210426 c07de0783e2791c824b026df4b5a978fb773d4cc
child 210428 522b1d79b69e24d8dff4b3204ed13360f075e521
push id50451
push userbobowencode@gmail.com
push dateWed, 15 Oct 2014 07:30:50 +0000
treeherdermozilla-inbound@522b1d79b69e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes
bugs1080567
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
security/sandbox/win/src/registry_interception.cc
--- a/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
+++ b/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
@@ -1,4 +1,5 @@
 Please add a link to the bugzilla bug and patch name that should be re-applied.
 Also, please update any existing links to their actual mozilla-central changeset.
 
-https://bugzilla.mozilla.org/show_bug.cgi?id=1018966 wosChromiumChanges.patch
+https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
+https://bugzilla.mozilla.org/show_bug.cgi?id=1080567 bug1080567.patch
--- a/security/sandbox/win/src/registry_interception.cc
+++ b/security/sandbox/win/src/registry_interception.cc
@@ -5,17 +5,17 @@
 #include "sandbox/win/src/registry_interception.h"
 
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
-#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
+#ifdef MOZ_CONTENT_SANDBOX
 #include "mozilla/warnonlysandbox/warnOnlySandbox.h"
 #endif
 
 namespace sandbox {
 
 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
@@ -24,19 +24,21 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCrea
   // Check if the process can create it first.
   NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,
                                    title_index, class_name, create_options,
                                    disposition);
   if (NT_SUCCESS(status))
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(key, sizeof(HANDLE), WRITE))
@@ -168,19 +170,21 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKe
                                 ACCESS_MASK desired_access,
                                 POBJECT_ATTRIBUTES object_attributes) {
   // Check if the process can open it first.
   NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
   if (NT_SUCCESS(status))
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
@@ -191,17 +195,19 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpen
 
   // We do not support open_options at this time. The 2 current known values
   // are REG_OPTION_CREATE_LINK, to open a symbolic link, and
   // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
   if (NT_SUCCESS(status) || open_options != 0)
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 }  // namespace sandbox