Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
authorBob Owen <bobowencode@gmail.com>
Tue, 08 Sep 2015 11:18:12 +0100
changeset 293957 d56cd50e14618db3dac3a35d81003ec49eb6239e
parent 293956 5e54b1671de465cac7813bf20afdfa0ab46647d3
child 293958 f9097a2659c61cdf7c11ef4a35285d9f5776ba33
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbbondy
bugs1201438
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
ipc/glue/GeckoChildProcessHost.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.h
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -978,16 +978,24 @@ GeckoChildProcessHost::PerformAsyncLaunc
     mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
                              cmdLine.command_line_string().c_str(),
                              mEnableSandboxLogging,
                              &process);
   } else
 #endif
   {
     base::LaunchApp(cmdLine, false, false, &process);
+
+    // We need to be able to duplicate handles to non-sandboxed content
+    // processes, so add it as a target peer.
+    if (mProcessType == GeckoProcessType_Content) {
+      if (!mSandboxBroker.AddTargetPeer(process)) {
+        NS_WARNING("Failed to add content process as target peer.");
+      }
+    }
   }
 
 #else
 #  error Sorry
 #endif
 
   if (!process) {
     MonitorAutoLock lock(mMonitor);
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -434,16 +434,23 @@ SandboxBroker::AllowDirectory(wchar_t co
 {
   auto result =
     mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                      sandbox::TargetPolicy::FILES_ALLOW_DIR_ANY,
                      dir);
   return (sandbox::SBOX_ALL_OK == result);
 }
 
+bool
+SandboxBroker::AddTargetPeer(HANDLE aPeerProcess)
+{
+  sandbox::ResultCode result = sBrokerService->AddTargetPeer(aPeerProcess);
+  return (sandbox::SBOX_ALL_OK == result);
+}
+
 SandboxBroker::~SandboxBroker()
 {
   if (mPolicy) {
     mPolicy->Release();
     mPolicy = nullptr;
   }
 }
 
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -9,16 +9,17 @@
 
 #ifdef SANDBOX_EXPORTS
 #define SANDBOX_EXPORT __declspec(dllexport)
 #else
 #define SANDBOX_EXPORT __declspec(dllimport)
 #endif
 
 #include <stdint.h>
+#include <windows.h>
 
 namespace sandbox {
   class BrokerServices;
   class TargetPolicy;
 }
 
 namespace mozilla {
 
@@ -40,16 +41,19 @@ public:
   bool SetSecurityLevelForIPDLUnitTestProcess();
   bool SetSecurityLevelForGMPlugin();
 
   // File system permissions
   bool AllowReadFile(wchar_t const *file);
   bool AllowReadWriteFile(wchar_t const *file);
   bool AllowDirectory(wchar_t const *dir);
 
+  // Exposes AddTargetPeer from broker services, so that none sandboxed
+  // processes can be added as handle duplication targets.
+  bool AddTargetPeer(HANDLE aPeerProcess);
 private:
   static sandbox::BrokerServices *sBrokerService;
   sandbox::TargetPolicy *mPolicy;
 };
 
 } // mozilla
 
 #endif