Bug 1219369: In Windows debug builds allow write access to TEMP for logging purposes. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Tue, 09 Feb 2016 08:31:18 +0000
changeset 329790 92029305820c163ad08e1cbb5e8783f96d8c49b9
parent 329789 bd5d1c3f3c1e6f8a6161a50657044829b573cca6
child 329791 4a6b1b2a915774e8e2fd0b73b2a98a389bdc1318
push id10611
push userdmitchell@mozilla.com
push dateTue, 09 Feb 2016 15:15:43 +0000
reviewerstabraldes
bugs1219369
milestone47.0a1
Bug 1219369: In Windows debug builds allow write access to TEMP for logging purposes. r=tabraldes
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -48,16 +48,31 @@ SandboxBroker::LaunchApp(const wchar_t *
   mPolicy->SetStdoutHandle(::GetStdHandle(STD_OUTPUT_HANDLE));
   mPolicy->SetStderrHandle(::GetStdHandle(STD_ERROR_HANDLE));
 
   // If logging enabled, set up the policy.
   if (aEnableLogging) {
     mozilla::sandboxing::ApplyLoggingPolicy(*mPolicy);
   }
 
+#if defined(DEBUG)
+  // Allow write access to TEMP directory in debug builds for logging purposes.
+  // The path from GetTempPathW can have a length up to MAX_PATH + 1, including
+  // the null, so we need MAX_PATH + 2, so we can add an * to the end.
+  wchar_t tempPath[MAX_PATH + 2];
+  uint32_t pathLen = ::GetTempPathW(MAX_PATH + 1, tempPath);
+  if (pathLen > 0) {
+    // GetTempPath path ends with \ and returns the length without the null.
+    tempPath[pathLen] = L'*';
+    tempPath[pathLen + 1] = L'\0';
+    mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                     sandbox::TargetPolicy::FILES_ALLOW_ANY, tempPath);
+  }
+#endif
+
   // Ceate the sandboxed process
   PROCESS_INFORMATION targetInfo = {0};
   sandbox::ResultCode result;
   result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo);
   if (sandbox::SBOX_ALL_OK != result) {
     return false;
   }