Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Mon, 13 Oct 2014 15:12:28 +0100
changeset 210504 8d0aca89e1b264e607f151fd1f23f6b15ccf3e0d
parent 210503 c07de0783e2791c824b026df4b5a978fb773d4cc
child 210505 522b1d79b69e24d8dff4b3204ed13360f075e521
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerstabraldes
bugs1080567
milestone36.0a1
Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
security/sandbox/win/src/registry_interception.cc
--- a/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
+++ b/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
@@ -1,4 +1,5 @@
 Please add a link to the bugzilla bug and patch name that should be re-applied.
 Also, please update any existing links to their actual mozilla-central changeset.
 
-https://bugzilla.mozilla.org/show_bug.cgi?id=1018966 wosChromiumChanges.patch
+https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
+https://bugzilla.mozilla.org/show_bug.cgi?id=1080567 bug1080567.patch
--- a/security/sandbox/win/src/registry_interception.cc
+++ b/security/sandbox/win/src/registry_interception.cc
@@ -5,17 +5,17 @@
 #include "sandbox/win/src/registry_interception.h"
 
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/target_services.h"
-#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
+#ifdef MOZ_CONTENT_SANDBOX
 #include "mozilla/warnonlysandbox/warnOnlySandbox.h"
 #endif
 
 namespace sandbox {
 
 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
@@ -24,19 +24,21 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCrea
   // Check if the process can create it first.
   NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,
                                    title_index, class_name, create_options,
                                    disposition);
   if (NT_SUCCESS(status))
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
 
   do {
     if (!ValidParameter(key, sizeof(HANDLE), WRITE))
@@ -168,19 +170,21 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKe
                                 ACCESS_MASK desired_access,
                                 POBJECT_ATTRIBUTES object_attributes) {
   // Check if the process can open it first.
   NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
   if (NT_SUCCESS(status))
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
                                   PHANDLE key, ACCESS_MASK desired_access,
                                   POBJECT_ATTRIBUTES object_attributes,
@@ -191,17 +195,19 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpen
 
   // We do not support open_options at this time. The 2 current known values
   // are REG_OPTION_CREATE_LINK, to open a symbolic link, and
   // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
   if (NT_SUCCESS(status) || open_options != 0)
     return status;
 
 #ifdef MOZ_CONTENT_SANDBOX
-  mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
-                                       object_attributes->ObjectName->Buffer,
-                                       object_attributes->ObjectName->Length);
+  if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+    mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
+                                         object_attributes->ObjectName->Buffer,
+                                         object_attributes->ObjectName->Length);
+  }
 #endif
 
   return CommonNtOpenKey(status, key, desired_access, object_attributes);
 }
 
 }  // namespace sandbox