Bug 1325227 - Part 3: Allow child process to share semaphore handles with the parent/gpu processes. r=bobowen
authorMatt Woodrow <mwoodrow@mozilla.com>
Sat, 04 Feb 2017 23:19:03 +1300
changeset 391743 383f86d1c80372ff18c8aeab88ebd70775f06d3b
parent 391742 070b40fcd8d120d0ab10b177d7572bdc2772d64a
child 391744 695b307d3df24bdf8083a54b04dfb14094340422
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbobowen
bugs1325227
milestone54.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1325227 - Part 3: Allow child process to share semaphore handles with the parent/gpu processes. r=bobowen
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -217,16 +217,29 @@ SandboxBroker::SetSecurityLevelForConten
                             L"Section");
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "With these static arguments AddRule should never fail, what happened?");
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
                             sandbox::TargetPolicy::HANDLES_DUP_ANY,
                             L"Section");
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "With these static arguments AddRule should never fail, what happened?");
+
+  // The content process needs to be able to duplicate semaphore handles,
+  // to the broker process and other child processes.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
+                            sandbox::TargetPolicy::HANDLES_DUP_BROKER,
+                            L"Semaphore");
+  MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
+                     "With these static arguments AddRule should never fail, what happened?");
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
+                            sandbox::TargetPolicy::HANDLES_DUP_ANY,
+                            L"Semaphore");
+  MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
+                     "With these static arguments AddRule should never fail, what happened?");
 }
 #endif
 
 #define SANDBOX_ENSURE_SUCCESS(result, message) \
   do { \
     MOZ_ASSERT(sandbox::SBOX_ALL_OK == result, message); \
     if (sandbox::SBOX_ALL_OK != result) \
       return false; \