Bug 1201438 - Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy, a=sledru
authorBob Owen <bobowencode@gmail.com>
Tue, 08 Sep 2015 11:18:12 +0100
changeset 289238 d3fb09ff0a1af3a319eb5aa650fdd9ecd045b22c
parent 289237 136110a23c39c3b123151f4e7dac6cc89b68ce87
child 289239 46cad514f07326ab16d1a0c7e168033370f3f9c3
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbbondy, sledru
bugs1201438
milestone42.0a2
Bug 1201438 - Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy, a=sledru
ipc/glue/GeckoChildProcessHost.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.h
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -978,16 +978,24 @@ GeckoChildProcessHost::PerformAsyncLaunc
     mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
                              cmdLine.command_line_string().c_str(),
                              mEnableSandboxLogging,
                              &process);
   } else
 #endif
   {
     base::LaunchApp(cmdLine, false, false, &process);
+
+    // We need to be able to duplicate handles to non-sandboxed content
+    // processes, so add it as a target peer.
+    if (mProcessType == GeckoProcessType_Content) {
+      if (!mSandboxBroker.AddTargetPeer(process)) {
+        NS_WARNING("Failed to add content process as target peer.");
+      }
+    }
   }
 
 #else
 #  error Sorry
 #endif
 
   if (!process) {
     MonitorAutoLock lock(mMonitor);
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -428,16 +428,23 @@ SandboxBroker::AllowDirectory(wchar_t co
 {
   auto result =
     mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                      sandbox::TargetPolicy::FILES_ALLOW_DIR_ANY,
                      dir);
   return (sandbox::SBOX_ALL_OK == result);
 }
 
+bool
+SandboxBroker::AddTargetPeer(HANDLE aPeerProcess)
+{
+  sandbox::ResultCode result = sBrokerService->AddTargetPeer(aPeerProcess);
+  return (sandbox::SBOX_ALL_OK == result);
+}
+
 SandboxBroker::~SandboxBroker()
 {
   if (mPolicy) {
     mPolicy->Release();
     mPolicy = nullptr;
   }
 }
 
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -9,16 +9,17 @@
 
 #ifdef SANDBOX_EXPORTS
 #define SANDBOX_EXPORT __declspec(dllexport)
 #else
 #define SANDBOX_EXPORT __declspec(dllimport)
 #endif
 
 #include <stdint.h>
+#include <windows.h>
 
 namespace sandbox {
   class BrokerServices;
   class TargetPolicy;
 }
 
 namespace mozilla {
 
@@ -40,16 +41,19 @@ public:
   bool SetSecurityLevelForIPDLUnitTestProcess();
   bool SetSecurityLevelForGMPlugin();
 
   // File system permissions
   bool AllowReadFile(wchar_t const *file);
   bool AllowReadWriteFile(wchar_t const *file);
   bool AllowDirectory(wchar_t const *dir);
 
+  // Exposes AddTargetPeer from broker services, so that none sandboxed
+  // processes can be added as handle duplication targets.
+  bool AddTargetPeer(HANDLE aPeerProcess);
 private:
   static sandbox::BrokerServices *sBrokerService;
   sandbox::TargetPolicy *mPolicy;
 };
 
 } // mozilla
 
 #endif