Bug 1145432 - Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz, a=sledru
authorBob Owen <bobowencode@gmail.com>
Fri, 20 Mar 2015 07:53:37 +0000
changeset 257896 d885f561788f38c68c0a9e03d91b43c282430147
parent 257895 0936a835649d0f2332a4e7864c2f3a7f34662027
child 257897 071fb28e4ef7ca3238f48244563981915dd43335
push id4610
push userjlund@mozilla.com
push dateMon, 30 Mar 2015 18:32:55 +0000
treeherdermozilla-beta@4df54044d9ef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz, sledru
bugs1145432
milestone38.0a2
Bug 1145432 - Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz, a=sledru
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -247,16 +247,22 @@ SandboxBroker::SetSecurityLevelForGMPlug
   // Add the policy for the client side of a pipe. It is just a file
   // in the \pipe\ namespace. We restrict it to pipes that start with
   // "chrome." so the sandboxed process cannot connect to system services.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                             sandbox::TargetPolicy::FILES_ALLOW_ANY,
                             L"\\??\\pipe\\chrome.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
+  // Add the policy for the client side of the crash server pipe.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                            sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                            L"\\??\\pipe\\gecko-crash-server-pipe.*");
+  ret = ret && (sandbox::SBOX_ALL_OK == result);
+
 #ifdef DEBUG
   // The plugin process can't create named events, but we'll
   // make an exception for the events used in logging. Removing
   // this will break EME in debug builds.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
                             sandbox::TargetPolicy::EVENTS_ALLOW_ANY,
                             L"ChromeIPCLog.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);