Bug 1377555 - Part 1: Back out changesets 04edb03fb817 and d17ac655cc51. r=jimm, a=jcristau
authorBob Owen <bobowencode@gmail.com>
Tue, 11 Jul 2017 09:44:20 +0100
changeset 411979 60fdd29667adb68cbe84c7a2dbe53dbfee63e7e6
parent 411978 589b643648db507f01d4c68f3234138567bdcb58
child 411980 4d917a319e6fe3e04fd98156bc776adfe64fb686
push id7514
push userryanvm@gmail.com
push dateMon, 17 Jul 2017 13:37:24 +0000
treeherdermozilla-beta@e26b1f5d635e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm, jcristau
bugs1377555
milestone55.0
Bug 1377555 - Part 1: Back out changesets 04edb03fb817 and d17ac655cc51. r=jimm, a=jcristau This backouts the previous change to detect and change the sandbox policy when running from a network drive.
browser/app/nsBrowserApp.cpp
security/sandbox/chromium/sandbox/win/src/restricted_token.cc
security/sandbox/chromium/sandbox/win/src/restricted_token.h
security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
security/sandbox/win/SandboxInitialization.cpp
security/sandbox/win/SandboxInitialization.h
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -211,17 +211,16 @@ static int do_main(int argc, char* argv[
     // no -app flag so we use the compiled-in app data
     config.appData = &sAppData;
     config.appDataPath = kDesktopFolder;
   }
 
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
   sandbox::BrokerServices* brokerServices =
     sandboxing::GetInitializedBrokerServices();
-  sandboxing::NetworkDriveCheck();
   sandboxing::PermissionsService* permissionsService =
     sandboxing::GetPermissionsService();
 #if defined(MOZ_CONTENT_SANDBOX)
   if (!brokerServices) {
     Output("Couldn't initialize the broker services.\n");
     return 255;
   }
 #endif
--- a/security/sandbox/chromium/sandbox/win/src/restricted_token.cc
+++ b/security/sandbox/chromium/sandbox/win/src/restricted_token.cc
@@ -38,19 +38,16 @@ std::unique_ptr<BYTE[]> GetTokenInfo(con
   *error = ERROR_SUCCESS;
   return buffer;
 }
 
 }  // namespace
 
 namespace sandbox {
 
-// We want to use restricting SIDs in the tokens by default.
-bool gUseRestricting = true;
-
 RestrictedToken::RestrictedToken()
     : integrity_level_(INTEGRITY_LEVEL_LAST),
       init_(false),
       lockdown_default_dacl_(false) {}
 
 RestrictedToken::~RestrictedToken() {
 }
 
@@ -81,17 +78,17 @@ DWORD RestrictedToken::Init(const HANDLE
 
 DWORD RestrictedToken::GetRestrictedToken(
     base::win::ScopedHandle* token) const {
   DCHECK(init_);
   if (!init_)
     return ERROR_NO_TOKEN;
 
   size_t deny_size = sids_for_deny_only_.size();
-  size_t restrict_size = gUseRestricting ? sids_to_restrict_.size() : 0;
+  size_t restrict_size = sids_to_restrict_.size();
   size_t privileges_size = privileges_to_disable_.size();
 
   SID_AND_ATTRIBUTES *deny_only_array = NULL;
   if (deny_size) {
     deny_only_array = new SID_AND_ATTRIBUTES[deny_size];
 
     for (unsigned int i = 0; i < sids_for_deny_only_.size() ; ++i) {
       deny_only_array[i].Attributes = SE_GROUP_USE_FOR_DENY_ONLY;
@@ -224,41 +221,33 @@ DWORD RestrictedToken::GetRestrictedToke
   return ERROR_SUCCESS;
 }
 
 DWORD RestrictedToken::AddAllSidsForDenyOnly(std::vector<Sid> *exceptions) {
   DCHECK(init_);
   if (!init_)
     return ERROR_NO_TOKEN;
 
-  // If this is normally a token with restricting SIDs, but we're not allowing
-  // them, then use the sids_to_restrict_ as an exceptions list to give a
-  // similar effect.
-  std::vector<Sid>* localExpections =
-    gUseRestricting || !sids_to_restrict_.size() ? exceptions : &sids_to_restrict_;
-
   DWORD error;
   std::unique_ptr<BYTE[]> buffer =
       GetTokenInfo(effective_token_, TokenGroups, &error);
 
   if (!buffer)
     return error;
 
   TOKEN_GROUPS* token_groups = reinterpret_cast<TOKEN_GROUPS*>(buffer.get());
 
-  // Build the list of the deny only group SIDs.  We want to be able to have
-  // logon SID as deny only, if we're not allowing restricting SIDs.
+  // Build the list of the deny only group SIDs
   for (unsigned int i = 0; i < token_groups->GroupCount ; ++i) {
     if ((token_groups->Groups[i].Attributes & SE_GROUP_INTEGRITY) == 0 &&
-        (!gUseRestricting ||
-         (token_groups->Groups[i].Attributes & SE_GROUP_LOGON_ID) == 0)) {
+        (token_groups->Groups[i].Attributes & SE_GROUP_LOGON_ID) == 0) {
       bool should_ignore = false;
-      if (localExpections) {
-        for (unsigned int j = 0; j < localExpections->size(); ++j) {
-          if (::EqualSid(const_cast<SID*>((*localExpections)[j].GetPSID()),
+      if (exceptions) {
+        for (unsigned int j = 0; j < exceptions->size(); ++j) {
+          if (::EqualSid(const_cast<SID*>((*exceptions)[j].GetPSID()),
                           token_groups->Groups[i].Sid)) {
             should_ignore = true;
             break;
           }
         }
       }
       if (!should_ignore) {
         sids_for_deny_only_.push_back(
--- a/security/sandbox/chromium/sandbox/win/src/restricted_token.h
+++ b/security/sandbox/chromium/sandbox/win/src/restricted_token.h
@@ -20,19 +20,16 @@
 #define SE_GROUP_INTEGRITY (0x00000020L)
 #endif
 #ifndef SE_GROUP_INTEGRITY_ENABLED
 #define SE_GROUP_INTEGRITY_ENABLED (0x00000040L)
 #endif
 
 namespace sandbox {
 
-// Whether we are allowing restricting SIDs in the access tokens or not.
-extern bool gUseRestricting;
-
 // Handles the creation of a restricted token using the effective token or
 // any token handle.
 // Sample usage:
 //    RestrictedToken restricted_token;
 //    DWORD err_code = restricted_token.Init(NULL);  // Use the current
 //                                                   // effective token
 //    if (ERROR_SUCCESS != err_code) {
 //      // handle error.
--- a/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
+++ b/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
@@ -78,21 +78,16 @@ DWORD CreateRestrictedToken(TokenLevel s
       restricted_token.AddRestrictingSidLogonSession();
       break;
     }
     case USER_LIMITED: {
       sid_exceptions.push_back(WinBuiltinUsersSid);
       sid_exceptions.push_back(WinWorldSid);
       sid_exceptions.push_back(WinInteractiveSid);
       privilege_exceptions.push_back(SE_CHANGE_NOTIFY_NAME);
-      // This breaks web audio, so we don't want to do this in the restricting
-      // SIDs (normal) case. See bug 1378061.
-      if (!gUseRestricting) {
-        restricted_token.AddUserSidForDenyOnly();
-      }
       restricted_token.AddRestrictingSid(WinBuiltinUsersSid);
       restricted_token.AddRestrictingSid(WinWorldSid);
       restricted_token.AddRestrictingSid(WinRestrictedCodeSid);
 
       // This token has to be able to create objects in BNO.
       // Unfortunately, on Vista+, it needs the current logon sid
       // in the token to achieve this. You should also set the process to be
       // low integrity level so it can't access object created by other
--- a/security/sandbox/win/SandboxInitialization.cpp
+++ b/security/sandbox/win/SandboxInitialization.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "SandboxInitialization.h"
 
-#include "sandbox/win/src/restricted_token.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "mozilla/sandboxing/permissionsService.h"
 
 namespace mozilla {
 namespace sandboxing {
 
 static sandbox::TargetServices*
 InitializeTargetServices()
@@ -74,31 +73,15 @@ sandbox::BrokerServices*
 GetInitializedBrokerServices()
 {
   static sandbox::BrokerServices* sInitializedBrokerServices =
     InitializeBrokerServices();
 
   return sInitializedBrokerServices;
 }
 
-void
-NetworkDriveCheck()
-{
-  wchar_t exePath[MAX_PATH];
-  if (!::GetModuleFileNameW(nullptr, exePath, MAX_PATH)) {
-    return;
-  }
-
-  wchar_t volPath[MAX_PATH];
-  if (!::GetVolumePathNameW(exePath, volPath, MAX_PATH)) {
-    return;
-  }
-
-  sandbox::gUseRestricting = (::GetDriveTypeW(volPath) != DRIVE_REMOTE);
-}
-
 PermissionsService* GetPermissionsService()
 {
   return PermissionsService::GetInstance();
 }
 
 } // sandboxing
 } // mozilla
--- a/security/sandbox/win/SandboxInitialization.h
+++ b/security/sandbox/win/SandboxInitialization.h
@@ -38,22 +38,14 @@ void LowerSandbox();
 
 /**
  * Initializes (if required) and returns the Chromium sandbox BrokerServices.
  *
  * @return the BrokerServices or null if the creation or initialization failed.
  */
 sandbox::BrokerServices* GetInitializedBrokerServices();
 
-/**
- * Checks to see if we are running from a network drive and sets a flag in
- * sandbox code to disable the use of restricting SIDs.
- * Using restricting SIDs blocks access to network drives and prevents DLL
- * loading during initial sandboxed child process start-up.
- */
-void NetworkDriveCheck();
-
 PermissionsService* GetPermissionsService();
 
 } // sandboxing
 } // mozilla
 
 #endif // mozilla_sandboxing_SandboxInitialization_h