Bug 1068000 - Add client side chrome.* pipe rule for Windows content sandbox. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Tue, 16 Sep 2014 15:44:25 +0100
changeset 230490 b1280bbd4a0317146fdf18833374305b53e5f946
parent 230489 1b7329c2d3d331f7d73ca79419fc78b187c85581
child 230491 91ed3a014b140ad8b6216825d91f7388672addd0
push id4187
push userbhearsum@mozilla.com
push dateFri, 28 Nov 2014 15:29:12 +0000
treeherdermozilla-beta@f23cc6a30c11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes
bugs1068000
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1068000 - Add client side chrome.* pipe rule for Windows content sandbox. r=tabraldes
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -81,16 +81,24 @@ SandboxBroker::SetSecurityLevelForConten
   // If the delayed integrity level is changed then SetUpSandboxEnvironment and
   // CleanUpSandboxEnvironment in ContentChild should be changed or removed.
   result = mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   result = mPolicy->SetAlternateDesktop(true);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
+  // Add the policy for the client side of a pipe. It is just a file
+  // in the \pipe\ namespace. We restrict it to pipes that start with
+  // "chrome." so the sandboxed process cannot connect to system services.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                            sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                            L"\\??\\pipe\\chrome.*");
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
+
   if (inWarnOnlyMode) {
     mozilla::warnonlysandbox::ApplyWarnOnlyPolicy(*mPolicy);
   }
   return ret;
 }
 #endif
 
 bool