Bug 1366694 Part 1: Allow user handles in the content process job in DEBUG builds. r=jimm
authorBob Owen <bobowencode@gmail.com>
Fri, 07 Jul 2017 15:51:17 +0100
changeset 418644 19b982efa54dc1176af09c19304c7622e51e47e8
parent 418643 bed655e34ed939af69706116bbdb1d97b1f87c77
child 418645 5195f1b9490398b7b8078dbedd0a4d1b344a5ea3
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm
bugs1366694
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1366694 Part 1: Allow user handles in the content process job in DEBUG builds. r=jimm
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -302,18 +302,24 @@ SandboxBroker::SetSecurityLevelForConten
     if (accessTokenLevel < sandbox::USER_NON_ADMIN) {
       accessTokenLevel = sandbox::USER_NON_ADMIN;
     }
     if (delayedIntegrityLevel > sandbox::INTEGRITY_LEVEL_LOW) {
       delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
     }
   }
 
-  sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel,
-                                                    0 /* ui_exceptions */);
+#if defined(DEBUG)
+  // This is required for a MOZ_ASSERT check in WindowsMessageLoop.cpp
+  // WinEventHook, see bug 1366694 for details.
+  DWORD uiExceptions = JOB_OBJECT_UILIMIT_HANDLES;
+#else
+  DWORD uiExceptions = 0;
+#endif
+  sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel, uiExceptions);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "Setting job level failed, have you set memory limit when jobLevel == JOB_NONE?");
 
   // If the delayed access token is not restricted we don't want the initial one
   // to be either, because it can interfere with running from a network drive.
   sandbox::TokenLevel initialAccessTokenLevel =
     (accessTokenLevel == sandbox::USER_UNPROTECTED ||
      accessTokenLevel == sandbox::USER_NON_ADMIN)