Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
☠☠ backed out by 87b02835d654 ☠ ☠
authorBob Owen <bobowencode@gmail.com>
Tue, 18 Nov 2014 15:09:55 +0000
changeset 216619 ec63befb3ad7c4e06568fa5ab98c7a1239d14909
parent 216618 1aebb84c8af12888b9135b72716560c06d10c889
child 216620 ebe866ff8a445ddd36b471621ced3ee8015706a2
push id27858
push userkwierso@gmail.com
push dateFri, 21 Nov 2014 01:35:46 +0000
treeherdermozilla-central@6309710dd71d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes
bugs1041775
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes Originally landed as changsets: https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
security/sandbox/win/src/filesystem_interception.cc
security/sandbox/win/src/handle_interception.cc
security/sandbox/win/src/named_pipe_interception.cc
security/sandbox/win/src/process_thread_interception.cc
security/sandbox/win/src/registry_interception.cc
security/sandbox/win/src/sync_interception.cc
--- a/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
+++ b/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
@@ -1,6 +1,5 @@
 Please add a link to the bugzilla bug and patch name that should be re-applied.
 Also, please update any existing links to their actual mozilla-central changeset.
 
-https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
-https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
 https://hg.mozilla.org/mozilla-central/rev/f94a07671389
+https://bugzilla.mozilla.org/show_bug.cgi?id=1041775 bug1041775part2.patch
--- a/security/sandbox/win/src/filesystem_interception.cc
+++ b/security/sandbox/win/src/filesystem_interception.cc
@@ -7,16 +7,19 @@
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/policy_params.h"
 #include "sandbox/win/src/policy_target.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
                                    PHANDLE file, ACCESS_MASK desired_access,
                                    POBJECT_ATTRIBUTES object_attributes,
                                    PIO_STATUS_BLOCK io_status,
                                    PLARGE_INTEGER allocation_size,
@@ -26,16 +29,22 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
   // Check if the process can open it first.
   NTSTATUS status = orig_CreateFile(file, desired_access, object_attributes,
                                     io_status, allocation_size,
                                     file_attributes, sharing, disposition,
                                     options, ea_buffer, ea_length);
   if (STATUS_ACCESS_DENIED != status)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtCreateFile",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(file, sizeof(HANDLE), WRITE))
       break;
     if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE))
@@ -81,32 +90,43 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
     __try {
       *file = answer.handle;
       io_status->Status = answer.nt_status;
       io_status->Information = answer.extended[0].ulong_ptr;
       status = io_status->Status;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtCreateFile",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
                                  ACCESS_MASK desired_access,
                                  POBJECT_ATTRIBUTES object_attributes,
                                  PIO_STATUS_BLOCK io_status, ULONG sharing,
                                  ULONG options) {
   // Check if the process can open it first.
   NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes,
                                   io_status, sharing, options);
   if (STATUS_ACCESS_DENIED != status)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenFile",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(file, sizeof(HANDLE), WRITE))
       break;
     if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE))
@@ -149,30 +169,41 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
     __try {
       *file = answer.handle;
       io_status->Status = answer.nt_status;
       io_status->Information = answer.extended[0].ulong_ptr;
       status = io_status->Status;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenFile",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtQueryAttributesFile(
     NtQueryAttributesFileFunction orig_QueryAttributes,
     POBJECT_ATTRIBUTES object_attributes,
     PFILE_BASIC_INFORMATION file_attributes) {
   // Check if the process can query it first.
   NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes);
   if (STATUS_ACCESS_DENIED != status)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtQueryAttributesFile",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE))
       break;
 
@@ -203,16 +234,21 @@ NTSTATUS WINAPI TargetNtQueryAttributesF
     ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name,
                                 attributes, file_info, &answer);
 
     operator delete(name, NT_ALLOC);
 
     if (SBOX_ALL_OK != code)
       break;
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtQueryAttributesFile",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
     return answer.nt_status;
 
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
@@ -220,16 +256,22 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu
     POBJECT_ATTRIBUTES object_attributes,
     PFILE_NETWORK_OPEN_INFORMATION file_attributes) {
   // Check if the process can query it first.
   NTSTATUS status = orig_QueryFullAttributes(object_attributes,
                                              file_attributes);
   if (STATUS_ACCESS_DENIED != status)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtQueryFullAttributesFile",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION),
                         WRITE))
       break;
@@ -261,32 +303,41 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu
     ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name,
                                 attributes, file_info, &answer);
 
     operator delete(name, NT_ALLOC);
 
     if (SBOX_ALL_OK != code)
       break;
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtQueryFullAttributesFile",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
     return answer.nt_status;
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtSetInformationFile(
     NtSetInformationFileFunction orig_SetInformationFile, HANDLE file,
     PIO_STATUS_BLOCK io_status, PVOID file_info, ULONG length,
     FILE_INFORMATION_CLASS file_info_class) {
   // Check if the process can open it first.
   NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length,
                                             file_info_class);
   if (STATUS_ACCESS_DENIED != status)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtSetInformationFile");
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     void* memory = GetGlobalIPCMemory();
     if (NULL == memory)
       break;
@@ -338,14 +389,17 @@ NTSTATUS WINAPI TargetNtSetInformationFi
     ResultCode code = CrossCall(ipc, IPC_NTSETINFO_RENAME_TAG, file,
                                 io_status_buffer, file_info_buffer, length,
                                 file_info_class, &answer);
 
     if (SBOX_ALL_OK != code)
       break;
 
     status = answer.nt_status;
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtSetInformationFile");
+#endif
   } while (false);
 
   return status;
 }
 
 }  // namespace sandbox
--- a/security/sandbox/win/src/handle_interception.cc
+++ b/security/sandbox/win/src/handle_interception.cc
@@ -5,16 +5,19 @@
 #include "sandbox/win/src/handle_interception.h"
 
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 ResultCode DuplicateHandleProxy(HANDLE source_handle,
                                 DWORD target_process_id,
                                 HANDLE* target_handle,
                                 DWORD desired_access,
                                 DWORD options) {
@@ -29,17 +32,23 @@ ResultCode DuplicateHandleProxy(HANDLE s
   ResultCode code = CrossCall(ipc, IPC_DUPLICATEHANDLEPROXY_TAG,
                               source_handle, target_process_id,
                               desired_access, options, &answer);
   if (SBOX_ALL_OK != code)
     return code;
 
   if (answer.win32_result) {
     ::SetLastError(answer.win32_result);
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogBlocked("DuplicateHandle");
+#endif
     return SBOX_ERROR_GENERIC;
   }
 
   *target_handle = answer.handle;
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogAllowed("DuplicateHandle");
+#endif
   return SBOX_ALL_OK;
 }
 
 }  // namespace sandbox
 
--- a/security/sandbox/win/src/named_pipe_interception.cc
+++ b/security/sandbox/win/src/named_pipe_interception.cc
@@ -7,31 +7,38 @@
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/policy_params.h"
 #include "sandbox/win/src/policy_target.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 HANDLE WINAPI TargetCreateNamedPipeW(
     CreateNamedPipeWFunction orig_CreateNamedPipeW, LPCWSTR pipe_name,
     DWORD open_mode, DWORD pipe_mode, DWORD max_instance, DWORD out_buffer_size,
     DWORD in_buffer_size, DWORD default_timeout,
     LPSECURITY_ATTRIBUTES security_attributes) {
   HANDLE pipe = orig_CreateNamedPipeW(pipe_name, open_mode, pipe_mode,
                                       max_instance, out_buffer_size,
                                       in_buffer_size, default_timeout,
                                       security_attributes);
   if (INVALID_HANDLE_VALUE != pipe)
     return pipe;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("CreateNamedPipeW", pipe_name);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return INVALID_HANDLE_VALUE;
 
   DWORD original_error = ::GetLastError();
 
   // We don't support specific Security Attributes.
   if (security_attributes)
@@ -57,16 +64,19 @@ HANDLE WINAPI TargetCreateNamedPipeW(
     if (SBOX_ALL_OK != code)
       break;
 
     ::SetLastError(answer.win32_result);
 
     if (ERROR_SUCCESS != answer.win32_result)
       return INVALID_HANDLE_VALUE;
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("CreateNamedPipeW", pipe_name);
+#endif
     return answer.handle;
   } while (false);
 
   ::SetLastError(original_error);
   return INVALID_HANDLE_VALUE;
 }
 
 }  // namespace sandbox
--- a/security/sandbox/win/src/process_thread_interception.cc
+++ b/security/sandbox/win/src/process_thread_interception.cc
@@ -7,32 +7,38 @@
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/policy_params.h"
 #include "sandbox/win/src/policy_target.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 SANDBOX_INTERCEPT NtExports g_nt;
 
 // Hooks NtOpenThread and proxy the call to the broker if it's trying to
 // open a thread in the same process.
 NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
                                    PHANDLE thread, ACCESS_MASK desired_access,
                                    POBJECT_ATTRIBUTES object_attributes,
                                    PCLIENT_ID client_id) {
   NTSTATUS status = orig_OpenThread(thread, desired_access, object_attributes,
                                     client_id);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenThread");
+#endif
   do {
     if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
       break;
     if (!client_id)
       break;
 
     uint32 thread_id = 0;
     bool should_break = false;
@@ -88,16 +94,19 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe
 
     __try {
       // Write the output parameters.
       *thread = answer.handle;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenThread");
+#endif
     return answer.nt_status;
   } while (false);
 
   return status;
 }
 
 // Hooks NtOpenProcess and proxy the call to the broker if it's trying to
 // open the current process.
@@ -105,16 +114,19 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOp
                                    PHANDLE process, ACCESS_MASK desired_access,
                                    POBJECT_ATTRIBUTES object_attributes,
                                    PCLIENT_ID client_id) {
   NTSTATUS status = orig_OpenProcess(process, desired_access, object_attributes,
                                      client_id);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenProcess");
+#endif
   do {
     if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
       break;
     if (!client_id)
       break;
 
     uint32 process_id = 0;
     bool should_break = false;
@@ -158,30 +170,36 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOp
 
     __try {
       // Write the output parameters.
       *process = answer.handle;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenProcess");
+#endif
     return answer.nt_status;
   } while (false);
 
   return status;
 }
 
 
 NTSTATUS WINAPI TargetNtOpenProcessToken(
     NtOpenProcessTokenFunction orig_OpenProcessToken, HANDLE process,
     ACCESS_MASK desired_access, PHANDLE token) {
   NTSTATUS status = orig_OpenProcessToken(process, desired_access, token);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenProcessToken");
+#endif
   do {
     if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
       break;
 
     if (CURRENT_PROCESS != process)
       break;
 
     if (!ValidParameter(token, sizeof(HANDLE), WRITE))
@@ -203,30 +221,36 @@ NTSTATUS WINAPI TargetNtOpenProcessToken
 
     __try {
       // Write the output parameters.
       *token = answer.handle;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenProcessToken");
+#endif
     return answer.nt_status;
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
     NtOpenProcessTokenExFunction orig_OpenProcessTokenEx, HANDLE process,
     ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token) {
   NTSTATUS status = orig_OpenProcessTokenEx(process, desired_access,
                                             handle_attributes, token);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenProcessTokenEx");
+#endif
   do {
     if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
       break;
 
     if (CURRENT_PROCESS != process)
       break;
 
     if (!ValidParameter(token, sizeof(HANDLE), WRITE))
@@ -248,16 +272,19 @@ NTSTATUS WINAPI TargetNtOpenProcessToken
 
     __try {
       // Write the output parameters.
       *token = answer.handle;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenProcessTokenEx");
+#endif
     return answer.nt_status;
   } while (false);
 
   return status;
 }
 
 BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW,
                                  LPCWSTR application_name, LPWSTR command_line,
@@ -269,16 +296,20 @@ BOOL WINAPI TargetCreateProcessW(CreateP
                                  LPPROCESS_INFORMATION process_information) {
   if (orig_CreateProcessW(application_name, command_line, process_attributes,
                           thread_attributes, inherit_handles, flags,
                           environment, current_directory, startup_info,
                           process_information)) {
     return TRUE;
   }
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("CreateProcessW", application_name);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return FALSE;
 
   DWORD original_error = ::GetLastError();
 
   do {
     if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION),
@@ -306,16 +337,19 @@ BOOL WINAPI TargetCreateProcessW(CreateP
                                 command_line, cur_dir, proc_info, &answer);
     if (SBOX_ALL_OK != code)
       break;
 
     ::SetLastError(answer.win32_result);
     if (ERROR_SUCCESS != answer.win32_result)
       return FALSE;
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("CreateProcessW", application_name);
+#endif
     return TRUE;
   } while (false);
 
   ::SetLastError(original_error);
   return FALSE;
 }
 
 BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA,
@@ -328,16 +362,20 @@ BOOL WINAPI TargetCreateProcessA(CreateP
                                  LPPROCESS_INFORMATION process_information) {
   if (orig_CreateProcessA(application_name, command_line, process_attributes,
                           thread_attributes, inherit_handles, flags,
                           environment, current_directory, startup_info,
                           process_information)) {
     return TRUE;
   }
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("CreateProcessA", application_name);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return FALSE;
 
   DWORD original_error = ::GetLastError();
 
   do {
     if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION),
@@ -388,16 +426,19 @@ BOOL WINAPI TargetCreateProcessA(CreateP
 
     if (SBOX_ALL_OK != code)
       break;
 
     ::SetLastError(answer.win32_result);
     if (ERROR_SUCCESS != answer.win32_result)
       return FALSE;
 
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("CreateProcessA", application_name);
+#endif
     return TRUE;
   } while (false);
 
   ::SetLastError(original_error);
   return FALSE;
 }
 
 }  // namespace sandbox
--- a/security/sandbox/win/src/registry_interception.cc
+++ b/security/sandbox/win/src/registry_interception.cc
@@ -5,31 +5,42 @@
 #include "sandbox/win/src/registry_interception.h"
 
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
                                   ULONG title_index, PUNICODE_STRING class_name,
                                   ULONG create_options, PULONG disposition) {
   // Check if the process can create it first.
   NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,
                                    title_index, class_name, create_options,
                                    disposition);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(key, sizeof(HANDLE), WRITE))
       break;
 
@@ -82,16 +93,21 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCrea
 
       if (disposition)
        *disposition = answer.extended[0].unsigned_int;
 
       status = answer.nt_status;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtCreateKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
                                 ACCESS_MASK desired_access,
                                 POBJECT_ATTRIBUTES object_attributes) {
@@ -135,29 +151,42 @@ NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS
         break;
 
     __try {
       *key = answer.handle;
       status = answer.nt_status;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenKey[Ex]",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
                                 ACCESS_MASK desired_access,
                                 POBJECT_ATTRIBUTES object_attributes) {
   // Check if the process can open it first.
   NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
   if (NT_SUCCESS(status))
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
+#endif
+
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
                                   ULONG open_options) {
   // Check if the process can open it first.
@@ -165,12 +194,20 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpen
                                    open_options);
 
   // We do not support open_options at this time. The 2 current known values
   // are REG_OPTION_CREATE_LINK, to open a symbolic link, and
   // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
   if (NT_SUCCESS(status) || open_options != 0)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
+#endif
+
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 }  // namespace sandbox
--- a/security/sandbox/win/src/sync_interception.cc
+++ b/security/sandbox/win/src/sync_interception.cc
@@ -7,16 +7,19 @@
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/policy_params.h"
 #include "sandbox/win/src/policy_target.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
+#ifdef MOZ_CONTENT_SANDBOX
+#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
+#endif
 
 namespace sandbox {
 
 ResultCode ProxyCreateEvent(LPCWSTR name,
                             BOOL initial_state,
                             EVENT_TYPE event_type,
                             void* ipc_memory,
                             CrossCallReturn* answer) {
@@ -57,16 +60,22 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCr
                                     EVENT_TYPE event_type,
                                     BOOLEAN initial_state) {
   NTSTATUS status = orig_CreateEvent(event_handle, desired_access,
                                      object_attributes, event_type,
                                      initial_state);
   if (status != STATUS_ACCESS_DENIED || !object_attributes)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtCreateEvent",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
       break;
 
@@ -96,30 +105,41 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCr
       break;
     }
     __try {
       *event_handle = answer.handle;
       status = STATUS_SUCCESS;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtCreateEvent",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent,
                                   PHANDLE event_handle,
                                   ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes) {
   NTSTATUS status = orig_OpenEvent(event_handle, desired_access,
                                    object_attributes);
   if (status != STATUS_ACCESS_DENIED || !object_attributes)
     return status;
 
+#ifdef MOZ_CONTENT_SANDBOX
+  mozilla::warnonlysandbox::LogBlocked("NtOpenEvent",
+                                       object_attributes->ObjectName->Buffer,
+                                       object_attributes->ObjectName->Length);
+#endif
+
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
       break;
 
@@ -148,14 +168,19 @@ NTSTATUS WINAPI TargetNtOpenEvent(NtOpen
       break;
     }
     __try {
       *event_handle = answer.handle;
       status = STATUS_SUCCESS;
     } __except(EXCEPTION_EXECUTE_HANDLER) {
       break;
     }
+#ifdef MOZ_CONTENT_SANDBOX
+    mozilla::warnonlysandbox::LogAllowed("NtOpenEvent",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+#endif
   } while (false);
 
   return status;
 }
 
 }  // namespace sandbox