Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes
--- a/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
+++ b/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt
@@ -1,4 +1,5 @@
Please add a link to the bugzilla bug and patch name that should be re-applied.
Also, please update any existing links to their actual mozilla-central changeset.
-https://bugzilla.mozilla.org/show_bug.cgi?id=1018966 wosChromiumChanges.patch
+https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
+https://bugzilla.mozilla.org/show_bug.cgi?id=1080567 bug1080567.patch
--- a/security/sandbox/win/src/registry_interception.cc
+++ b/security/sandbox/win/src/registry_interception.cc
@@ -5,17 +5,17 @@
#include "sandbox/win/src/registry_interception.h"
#include "sandbox/win/src/crosscall_client.h"
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_nt_util.h"
#include "sandbox/win/src/sharedmem_ipc_client.h"
#include "sandbox/win/src/target_services.h"
-#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
+#ifdef MOZ_CONTENT_SANDBOX
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
#endif
namespace sandbox {
NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
PHANDLE key, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes,
@@ -24,19 +24,21 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCrea
// Check if the process can create it first.
NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,
title_index, class_name, create_options,
disposition);
if (NT_SUCCESS(status))
return status;
#ifdef MOZ_CONTENT_SANDBOX
- mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
- object_attributes->ObjectName->Buffer,
- object_attributes->ObjectName->Length);
+ if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+ mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+ }
#endif
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
do {
if (!ValidParameter(key, sizeof(HANDLE), WRITE))
@@ -168,19 +170,21 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKe
ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes) {
// Check if the process can open it first.
NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
if (NT_SUCCESS(status))
return status;
#ifdef MOZ_CONTENT_SANDBOX
- mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
- object_attributes->ObjectName->Buffer,
- object_attributes->ObjectName->Length);
+ if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+ mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+ }
#endif
return CommonNtOpenKey(status, key, desired_access, object_attributes);
}
NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
PHANDLE key, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes,
@@ -191,17 +195,19 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpen
// We do not support open_options at this time. The 2 current known values
// are REG_OPTION_CREATE_LINK, to open a symbolic link, and
// REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
if (NT_SUCCESS(status) || open_options != 0)
return status;
#ifdef MOZ_CONTENT_SANDBOX
- mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
- object_attributes->ObjectName->Buffer,
- object_attributes->ObjectName->Length);
+ if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
+ mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+ }
#endif
return CommonNtOpenKey(status, key, desired_access, object_attributes);
}
} // namespace sandbox