Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
authorBob Owen <bobowencode@gmail.com>
Fri, 20 Mar 2015 07:53:37 +0000
changeset 263555 1c6d4f4dc12fdeb82326ddf07fdaa903db29d428
parent 263554 d111d64d9f0f186e9dd8eeaa327c1a209e8c6e18
child 263556 f30be176edfd2ab07663b0429db260471f84fca2
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz
bugs1145432
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -267,16 +267,22 @@ SandboxBroker::SetSecurityLevelForGMPlug
   // Add the policy for the client side of a pipe. It is just a file
   // in the \pipe\ namespace. We restrict it to pipes that start with
   // "chrome." so the sandboxed process cannot connect to system services.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                             sandbox::TargetPolicy::FILES_ALLOW_ANY,
                             L"\\??\\pipe\\chrome.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
+  // Add the policy for the client side of the crash server pipe.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                            sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                            L"\\??\\pipe\\gecko-crash-server-pipe.*");
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
+
 #ifdef DEBUG
   // The plugin process can't create named events, but we'll
   // make an exception for the events used in logging. Removing
   // this will break EME in debug builds.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
                             sandbox::TargetPolicy::EVENTS_ALLOW_ANY,
                             L"ChromeIPCLog.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);