Bug 1619466 - Make the blocklist variable BROWSER_PROCESS work. r=aklotz
authorToshihito Kikuchi <tkikuchi@mozilla.com>
Sun, 08 Mar 2020 19:47:17 +0000
changeset 517481 13400b21b6c37818142d4766f1545864b487598a
parent 517480 cfca069fc4b2fd4c6ab406fb5b513ffab3c2e07e
child 517482 03852000dace59e2f15ffb548ec376433020a6e8
push id37194
push usershindli@mozilla.com
push dateMon, 09 Mar 2020 03:45:29 +0000
treeherdermozilla-central@2540a369a5a8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz
bugs1619466
milestone75.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1619466 - Make the blocklist variable BROWSER_PROCESS work. r=aklotz The blocklist variable `BROWSER_PROCESS` did not work as expected. Entries defined there were blocked not only in the browser process but also in the child process. This patch makes sure entries in `BROWSER_PROCESS` are blocked only in the browser process. Differential Revision: https://phabricator.services.mozilla.com/D65248
browser/app/winlauncher/freestanding/DllBlocklist.cpp
mozglue/dllservices/WindowsDllBlocklist.cpp
mozglue/dllservices/WindowsDllBlocklistCommon.h
mozglue/dllservices/gen_dll_blocklist_defs.py
--- a/browser/app/winlauncher/freestanding/DllBlocklist.cpp
+++ b/browser/app/winlauncher/freestanding/DllBlocklist.cpp
@@ -181,16 +181,21 @@ static BlockAction CheckBlockInfo(const 
     }
   }
 
   if ((aInfo->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) &&
       !(gBlocklistInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
     return BlockAction::Allow;
   }
 
+  if ((aInfo->mFlags & DllBlockInfo::BROWSER_PROCESS_ONLY) &&
+      (gBlocklistInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
+    return BlockAction::Allow;
+  }
+
   if (aInfo->mMaxVersion == DllBlockInfo::ALL_VERSIONS) {
     return BlockAction::Deny;
   }
 
   mozilla::nt::PEHeaders headers(aBaseAddress);
   if (!headers) {
     return BlockAction::Error;
   }
--- a/mozglue/dllservices/WindowsDllBlocklist.cpp
+++ b/mozglue/dllservices/WindowsDllBlocklist.cpp
@@ -468,16 +468,21 @@ static NTSTATUS NTAPI patched_LdrLoadDll
         goto continue_loading;
       }
 
       if ((info->mFlags & DllBlockInfo::CHILD_PROCESSES_ONLY) &&
           !(sInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
         goto continue_loading;
       }
 
+      if ((info->mFlags & DllBlockInfo::BROWSER_PROCESS_ONLY) &&
+          (sInitFlags & eDllBlocklistInitFlagIsChildProcess)) {
+        goto continue_loading;
+      }
+
       unsigned long long fVersion = DllBlockInfo::ALL_VERSIONS;
 
       if (info->mMaxVersion != DllBlockInfo::ALL_VERSIONS) {
         ReentrancySentinel sentinel(dllName);
         if (sentinel.BailOut()) {
           goto continue_loading;
         }
 
--- a/mozglue/dllservices/WindowsDllBlocklistCommon.h
+++ b/mozglue/dllservices/WindowsDllBlocklistCommon.h
@@ -31,20 +31,21 @@ struct DllBlockInfoT {
 
   // If the USE_TIMESTAMP flag is set, then we use the timestamp from
   // the IMAGE_FILE_HEADER in lieu of a version number.
   //
   // If the CHILD_PROCESSES_ONLY flag is set, then the dll is blocked
   // only when we are a child process.
   enum Flags {
     FLAGS_DEFAULT = 0,
-    BLOCK_WIN8PLUS_ONLY = 1,
-    BLOCK_WIN8_ONLY = 2,
-    USE_TIMESTAMP = 4,
-    CHILD_PROCESSES_ONLY = 8
+    BLOCK_WIN8PLUS_ONLY = 1 << 0,
+    BLOCK_WIN8_ONLY = 1 << 1,
+    USE_TIMESTAMP = 1 << 2,
+    CHILD_PROCESSES_ONLY = 1 << 3,
+    BROWSER_PROCESS_ONLY = 1 << 4,
   } mFlags;
 
   bool IsVersionBlocked(const uint64_t aOther) const {
     if (mMaxVersion == ALL_VERSIONS) {
       return true;
     }
 
     return aOther <= mMaxVersion;
--- a/mozglue/dllservices/gen_dll_blocklist_defs.py
+++ b/mozglue/dllservices/gen_dll_blocklist_defs.py
@@ -54,16 +54,17 @@ DLL_BLOCKLIST_DEFINITIONS_BEGIN_NAMED(gB
 """
 
 # These flag names should match the ones defined in WindowsDllBlocklistCommon.h
 FLAGS_DEFAULT = 'FLAGS_DEFAULT'
 BLOCK_WIN8PLUS_ONLY = 'BLOCK_WIN8PLUS_ONLY'
 BLOCK_WIN8_ONLY = 'BLOCK_WIN8_ONLY'
 USE_TIMESTAMP = 'USE_TIMESTAMP'
 CHILD_PROCESSES_ONLY = 'CHILD_PROCESSES_ONLY'
+BROWSER_PROCESS_ONLY = 'BROWSER_PROCESS_ONLY'
 SUBSTITUTE_LSP_PASSTHROUGH = 'SUBSTITUTE_LSP_PASSTHROUGH'
 
 # Only these flags are available in the input script
 INPUT_ONLY_FLAGS = {
     BLOCK_WIN8PLUS_ONLY,
     BLOCK_WIN8_ONLY,
 }
 
@@ -350,22 +351,21 @@ LSP_OUTPUT_SPEC = [
     {'mode': LSP_MODE_GUID,
      'filter': FILTER_ALLOW_ONLY_LSP,
      'begin': H_BEGIN_LSP,
      'end': H_END_LSP},
 ]
 
 GENERATED_BLOCKLIST_FILES = [
     BlocklistDescriptor('A11y', ['BROWSER_PROCESS'], outspec=A11Y_OUTPUT_SPEC),
-    # Child is not used by anything at the moment, so we'll just leave this
-    # descriptor commented out for now.
-    # BlocklistDescriptor('Child', ['ALL_PROCESSES', 'CHILD_PROCESSES']),
     BlocklistDescriptor('Launcher', ALL_DEFINITION_LISTS, flagspec={
+                        'BROWSER_PROCESS': {BROWSER_PROCESS_ONLY},
                         'CHILD_PROCESSES': {CHILD_PROCESSES_ONLY}}),
     BlocklistDescriptor('Legacy', ALL_DEFINITION_LISTS, flagspec={
+                        'BROWSER_PROCESS': {BROWSER_PROCESS_ONLY},
                         'CHILD_PROCESSES': {CHILD_PROCESSES_ONLY}}),
     # Roughed-in for the moment; we'll enable this in bug 1238735
     # BlocklistDescriptor('LSP', ALL_DEFINITION_LISTS, outspec=LSP_OUTPUT_SPEC),
     BlocklistDescriptor('Test', ALL_DEFINITION_LISTS,
                         outspec={'filter': FILTER_TESTS_ONLY}),
 ]