Bug 1027902: Use an intial integrity level of low for the GMP sandbox on Windows. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Thu, 27 Nov 2014 08:44:45 +0000
changeset 242151 134dbb88ff8845e467a6a5f381938675921c2912
parent 242150 45877c941f53fc81b02565bdf392a721bc97d068
child 242152 7b05e0d1c60e39c0075905e743637d88ac7fa0d2
push id4311
push userraliiev@mozilla.com
push dateMon, 12 Jan 2015 19:37:41 +0000
treeherdermozilla-beta@150c9fed433b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes
bugs1027902
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1027902: Use an intial integrity level of low for the GMP sandbox on Windows. r=tabraldes
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -144,23 +144,18 @@ SandboxBroker::SetSecurityLevelForGMPlug
   result =
     mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                            sandbox::USER_RESTRICTED);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   result = mPolicy->SetAlternateDesktop(true);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
-  // We can't use an alternate desktop/window station AND initially
-  // set the process to low integrity. Upstream changes have been
-  // made to allow this and we should uncomment this section once
-  // we've rolled forward.
-  // result =
-  //   mPolicy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
-  // ret = ret && (sandbox::SBOX_ALL_OK == result);
+  result = mPolicy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   result =
     mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   // Add the policy for the client side of a pipe. It is just a file
   // in the \pipe\ namespace. We restrict it to pipes that start with
   // "chrome." so the sandboxed process cannot connect to system services.