Bug 1513101 - Re-add L section for HANDLES_DUP_BROKER to RDD Win sanbox to fix mochitest crashes. r=bobowen, a=RyanVM
authorMichael Froman <mfroman@mozilla.com>
Tue, 11 Dec 2018 18:50:21 +0000
changeset 508978 1ad308897e69c198246e75507d5252b8e6146725
parent 508977 b5a033723f0e3f52688564e5b817b19fd1e8de91
child 508979 160a8da4777dddba75edcda085bf8e5e728046ce
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbobowen, RyanVM
bugs1513101
milestone65.0
Bug 1513101 - Re-add L section for HANDLES_DUP_BROKER to RDD Win sanbox to fix mochitest crashes. r=bobowen, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D14109
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -748,16 +748,26 @@ bool SandboxBroker::SetSecurityLevelForR
   // The process needs to be able to duplicate shared memory handles,
   // which are Section handles, to the content processes.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
                             sandbox::TargetPolicy::HANDLES_DUP_ANY, L"Section");
   SANDBOX_ENSURE_SUCCESS(
       result,
       "With these static arguments AddRule should never fail, what happened?");
 
+  // This section is needed to avoid an assert during crash reporting code
+  // when running mochitests.  The assertion is here:
+  // toolkit/crashreporter/nsExceptionHandler.cpp:2041
+  result =
+      mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
+                       sandbox::TargetPolicy::HANDLES_DUP_BROKER, L"Section");
+  SANDBOX_ENSURE_SUCCESS(
+      result,
+      "With these static arguments AddRule should never fail, what happened?");
+
   return true;
 }
 
 bool SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) {
   if (!mPolicy) {
     return false;
   }