Bug 1575906: Allow the GMP process to duplicate Section handles to the main process. r=handyman
authorBob Owen <bobowencode@gmail.com>
Fri, 30 Aug 2019 21:39:57 +0000
changeset 554794 54dcc1dc10c72771c95164cfaab03544a2e86a98
parent 554793 b3cc8963e8718dbd40761f14664f45320c258bbd
child 554795 fe25291a6919fda43493b21746564283ad1fa775
push id2165
push userffxbld-merge
push dateMon, 14 Oct 2019 16:30:58 +0000
treeherdermozilla-release@0eae18af659f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershandyman
bugs1575906
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1575906: Allow the GMP process to duplicate Section handles to the main process. r=handyman Differential Revision: https://phabricator.services.mozilla.com/D44237
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -1224,16 +1224,25 @@ bool SandboxBroker::SetSecurityLevelForG
   result = mPolicy->AddRule(
       sandbox::TargetPolicy::SUBSYS_REGISTRY,
       sandbox::TargetPolicy::REG_ALLOW_READONLY,
       L"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\\\GP\\");
   SANDBOX_ENSURE_SUCCESS(
       result,
       "With these static arguments AddRule should never fail, what happened?");
 
+  // The GMP process needs to be able to share memory with the main process for
+  // crash reporting.
+  result =
+      mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
+                       sandbox::TargetPolicy::HANDLES_DUP_BROKER, L"Section");
+  SANDBOX_ENSURE_SUCCESS(
+      result,
+      "With these static arguments AddRule should never fail, what happened?");
+
   return true;
 }
 #undef SANDBOX_ENSURE_SUCCESS
 
 bool SandboxBroker::AllowReadFile(wchar_t const* file) {
   if (!mPolicy) {
     return false;
   }