Bug 1505482: Disable restricting SIDs in Windows 7 NPAPI process sandbox. r=jimm a=jcristau
authorDavid Parks <dparks@mozilla.com>
Fri, 16 Nov 2018 15:24:00 -0800
changeset 498597 767930fe66d2
parent 498596 e68e1025c028
child 498598 d4d9fbf1b6e4
push id10236
push userncsoregi@mozilla.com
push dateTue, 20 Nov 2018 12:54:47 +0000
treeherdermozilla-beta@d4d9fbf1b6e4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm, jcristau
bugs1505482
milestone64.0
Bug 1505482: Disable restricting SIDs in Windows 7 NPAPI process sandbox. r=jimm a=jcristau Restricting SIDs increase the power of the sandbox. They cause problems that require us to patch the Windows GetFileAttributesW function. On Windows 7, this is not currently possible with out DLL interceptor so we do not use restricting SIDs there.
dom/plugins/ipc/FunctionHook.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/dom/plugins/ipc/FunctionHook.cpp
+++ b/dom/plugins/ipc/FunctionHook.cpp
@@ -7,16 +7,17 @@
 #include "FunctionHook.h"
 #include "FunctionBroker.h"
 #include "nsClassHashtable.h"
 #include "mozilla/ClearOnShutdown.h"
 
 #if defined(XP_WIN)
 #include <shlobj.h>
 #include "PluginModuleChild.h"
+#include "mozilla/WindowsVersion.h"
 #endif
 
 namespace mozilla {
 namespace plugins {
 
 StaticAutoPtr<FunctionHookArray> FunctionHook::sFunctionHooks;
 
 bool AlwaysHook(int) { return true; }
@@ -310,16 +311,21 @@ void FunctionHook::HookProtectedMode()
 }
 
 #if defined(MOZ_SANDBOX)
 
 /* GetFileAttributesW */
 
 typedef BasicFunctionHook<ID_GetFileAttributesW, decltype(GetFileAttributesW)> GetFileAttributesWFH;
 
+// Do not hook GetFileAttributesW in Win7 because the interceptor can't handle it.
+template<>
+ShouldHookFunc* const
+GetFileAttributesWFH::mShouldHook = [](int) { return IsWin8OrLater(); };
+
 DWORD WINAPI GetFileAttributesWHook(LPCWSTR aFilename)
 {
   MOZ_ASSERT(ID_GetFileAttributesW < FunctionHook::GetHooks()->Length());
   GetFileAttributesWFH* functionHook =
     static_cast<GetFileAttributesWFH*>(FunctionHook::GetHooks()->ElementAt(ID_GetFileAttributesW));
   if (!functionHook->OriginalFunction()) {
     NS_ASSERTION(FALSE, "Something is horribly wrong in GetFileAttributesWHook!");
     return FALSE;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -743,16 +743,21 @@ SandboxBroker::SetSecurityLevelForPlugin
 
   sandbox::MitigationFlags delayedMitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   result = mPolicy->SetDelayedProcessMitigations(delayedMitigations);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Invalid flags for SetDelayedProcessMitigations.");
 
+  // Restricting SIDs break some Flash functionality in Windows 7.
+  if (!IsWin8OrLater()) {
+    mPolicy->SetDoNotUseRestrictingSIDs();
+  }
+
   // Add rule to allow read / write access to a special plugin temp dir.
   AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                    sPluginTempDir, NS_LITERAL_STRING("\\*"));
 
   if (aSandboxLevel >= 2) {
     // Level 2 and above uses low integrity, so we need to give write access to
     // the Flash directories.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,