d4dd2195766e051b57d93e799fbdc1a029c99c2b: Bug 1528276 - Do not destroy the DebuggerServer in non-e10s when last frame connection is closed r=ochameau
Julian Descottes <jdescottes@mozilla.com> - Wed, 27 Feb 2019 19:17:37 +0000 - rev 461524
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1528276 - Do not destroy the DebuggerServer in non-e10s when last frame connection is closed r=ochameau When reviewing https://bugzilla.mozilla.org/show_bug.cgi?id=1521052 I did not think about Firefox for Android which is not using e10s. This means the main DebuggerServer will be killed when there are no connections left. Happy to discuss more about the preferred solution. This is a regression in 66 and I hope to uplift a fix for this. Differential Revision: https://phabricator.services.mozilla.com/D20830
493b443954fe15f7b542ba14671f25e5f8531dff: Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:54 +0000 - rev 461523
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525
bf58d8320f5a1de358b930d996615c73ff22cce9: Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf
Jed Davis <jld@mozilla.com> - Mon, 25 Feb 2019 16:20:50 +0000 - rev 461522
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf Counting CPUs accesses the filesystem (sysfs or procfs), which we'd like to disallow when sandboxed if possible, and fails silently if access is denied. Because the CPU count rarely changes, this patch handles that problem for the RDD process by caching a copy before starting sandboxing. Tested with a local patch to have the sandbox file broker client crash if accessing the sysfs node for the CPU count, to verify that it's not accessed. Depends on D14524 Differential Revision: https://phabricator.services.mozilla.com/D20895
94cb1fe9db5eb0f0aa0634541afb08af17cf5c05: Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:52 +0000 - rev 461521
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp File descriptors are sometimes dup()ed in the process of communicating them over IPC; some of this may be unnecessary (due to insufficient use of move-only types), but dup() is relatively harmless. It was previously allowed for both content and GMP, so this doesn't change anything. The handling of ftruncate is a little complicated -- it's used for IPC shared memory, but only when creating segments; so GMP doesn't allow it and should continue not allowing it, but content needs it and RDD will as well. As a result, the subclass indicates if it will be needed. Note that even when we have memfd_create support (bug 1440203), ftruncate is still necessary even though brokering may not. Depends on D14523 Differential Revision: https://phabricator.services.mozilla.com/D14524
db2dee78ddb0dd23e29948258abd6c7404555b59: Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:10 +0000 - rev 461520
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp The sandbox broker uses socketpair to construct the per-request channels over which responses are sent; thus, if and only if the policy will be using brokering, it will allow socketpair as safely as possible (i.e., denying datagram sockets if possible). Depends on D14522 Differential Revision: https://phabricator.services.mozilla.com/D14523
bab79f85596242146787d6d2a5ad56596cc1343e: Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:08 +0000 - rev 461519
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp madvise is used by our malloc (and probably others), and mprotect is used with shared memory, including when created by another process, so the common policy should include those rules. Depends on D14521 Differential Revision: https://phabricator.services.mozilla.com/D14522
48431f63d84227177951f65c9c828548d9a8bbb2: Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:06 +0000 - rev 461518
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp This will allow other policies to use brokering if needed (e.g., RDD and similar utility processes may need to access /dev/shm to create shared memory). The concrete policy class can deny filesystem access completely (matching the current behavior of the GMP policy) by passing nullptr to the superclass constructor instead. Depends on D14520 Differential Revision: https://phabricator.services.mozilla.com/D14521
56f39977c72c62e0fdff0e5f68e72d6091b221db: Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 461517
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp ContentSandboxPolicy currently allows direct filesystem access if it isn't given a broker client; this is a legacy design from the B2G era, before the current idea of "sandbox level". With this patch, it allows filesystem access at level 1, and above that it requires brokering. This is both to reduce the opportunities for accidentally having a too-permissive sandbox and to prepare for refactoring the broker glue in bug 1511560. Depends on D14519 Differential Revision: https://phabricator.services.mozilla.com/D14520
bacaa3d582814d0a1ba3769de92e68a01d16a777: Bug 1500297 - Fix Linux content sandbox level 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 461516
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1500297 - Fix Linux content sandbox level 1. r=gcp Level 1 is meant to enable some seccomp-bpf filtering, but still allow direct access to the filesystem, and level 2 is where brokering starts. This was accidentally broken in 1365257 (making "level 1" act like level 2); this patch fixes that. This feature obviously isn't used much given how long nobody noticed it was broken, but it's useful to have around for troubleshooting, and it's actually easier to fix it than edit it out of the documentation. Differential Revision: https://phabricator.services.mozilla.com/D14519
da83e69c73310999b5c68b769b614351f279ca34: Bug 1530488 - Disable camera for aarch64 windows builds; r=pehrsons
Dan Minor <dminor@mozilla.com> - Wed, 27 Feb 2019 19:50:04 +0000 - rev 461515
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1530488 - Disable camera for aarch64 windows builds; r=pehrsons This disables the camera for win64-aarch64 for Windows versions below 19H1. These versions have problems with the DirectShow implementation which prevent the camera from working properly. Differential Revision: https://phabricator.services.mozilla.com/D21272
2c0ca241bd4b662f7022beb535509164ab7cde51: Bug 1519621 - Make sure ScrollToRestoredPosition() restores both the layout and visual scroll positions. r=tnikkel
Botond Ballo <botond@mozilla.com> - Wed, 27 Feb 2019 20:19:33 +0000 - rev 461514
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1519621 - Make sure ScrollToRestoredPosition() restores both the layout and visual scroll positions. r=tnikkel Differential Revision: https://phabricator.services.mozilla.com/D18367
30aad4a580eb65ad099c1c4c2d897db85b7a76ec: Bug 1527127 update addon panel text for private windows r=flod,Gijs,mstriemer,rpl
Shane Caraveo <scaraveo@mozilla.com> - Wed, 27 Feb 2019 20:05:38 +0000 - rev 461513
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1527127 update addon panel text for private windows r=flod,Gijs,mstriemer,rpl Differential Revision: https://phabricator.services.mozilla.com/D19845
3063f37eb7b21e145478f9ee641d2945e0e36986: Bug 1527127 set permission for enabled extensions on initial upgrade r=aswan
Shane Caraveo <scaraveo@mozilla.com> - Mon, 25 Feb 2019 16:59:55 +0000 - rev 461512
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1527127 set permission for enabled extensions on initial upgrade r=aswan When a user first upgrades to a version where incognito is enabled, add the permission to all enabled extensions. This preserves user workflow and addresses other issues (e.g. proxy). This will only happen once. Differential Revision: https://phabricator.services.mozilla.com/D19442
009e7457b990b1a0f6c19814cd31526539303ebc: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 12 - new CookieSettings for SharedWorkers and ServiceWorkers, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:58:26 +0000 - rev 461511
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 12 - new CookieSettings for SharedWorkers and ServiceWorkers, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D21357
efb2e8fca464952ac811ffc124d47bb543ff3a76: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:58:07 +0000 - rev 461510
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18960
6a8401de32379f23a5544a7e0b5b1b16916fd581: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:47 +0000 - rev 461509
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18958
38e802661b143173e5f1a3606a28faab480b089d: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 9 - Tests for DOM Cache and cookie settings changing, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:27 +0000 - rev 461508
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 9 - Tests for DOM Cache and cookie settings changing, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18957
d02e3f436390ec69c44c3bd09ab1fe81489701a4: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 8 - Tests for ServiceWorkers and cookie settings changing, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:09 +0000 - rev 461507
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 8 - Tests for ServiceWorkers and cookie settings changing, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18956
10afd61b758223b1a60541935817dc77ff033d30: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 7 - Tests for IndexedDB and cookie settings changing, r=Ehsan,asuth
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:56:57 +0000 - rev 461506
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 7 - Tests for IndexedDB and cookie settings changing, r=Ehsan,asuth Differential Revision: https://phabricator.services.mozilla.com/D18955
6b92fb3666d156c8547378eec6c6b2713d820046: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 6 - Tests for SharedWorker and cookie settings changing, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:56:39 +0000 - rev 461505
Push 35625 by csabou@mozilla.com at Thu, 28 Feb 2019 10:55:23 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 6 - Tests for SharedWorker and cookie settings changing, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18954
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 +100000 tip