cd8de5d51f4e6e1c481592332f7284ffa27aa372: Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:13:15 +0000 - rev 2522020
Push 461825 by reviewbot at Fri, 06 Dec 2019 22:14:05 +0000
Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell Summary: * We change `InitializeDllBlocklistOOP` to be able to set the correct flags when initializing a sandbox child process. * We change the freestanding DLL blocklist code to be sensitive to the `CHILD_PROCESSES_ONLY` flag; * We move the declaration of `gBlocklistInitFlags` to `WindowsDllBlocklist.h` so that it is visible to more code. Differential Revision: https://phabricator.services.mozilla.com/D53674 Depends on D53672 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-2ywbjjdl2evldhv247ub
708af2f239dddaf7d4282f43c19464607d40f8a0: Bug 1522830: Part 1 - Init legacy blocklist using gBlocklistInitFlags; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:13:12 +0000 - rev 2522019
Push 461825 by reviewbot at Fri, 06 Dec 2019 22:14:05 +0000
Bug 1522830: Part 1 - Init legacy blocklist using gBlocklistInitFlags; r=mhowell Summary: When we initialize the legacy blocklisting code, we should carry forward any flags that were set by the launcher process and/or sandbox launcher. Differential Revision: https://phabricator.services.mozilla.com/D53672 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-4cqv5nj2t4ultb4re3m2
cf2a5084749b2d4f18abb091f1676788961499a4: try_task_config for https://phabricator.services.mozilla.com/D50881 draft
libmozevent <release-mgmt-analysis@mozilla.com> - Fri, 06 Dec 2019 22:13:40 +0000 - rev 2522018
Push 461824 by reviewbot at Fri, 06 Dec 2019 22:13:53 +0000
try_task_config for https://phabricator.services.mozilla.com/D50881 Differential Diff: PHID-DIFF-2et5satu3ezz2npcyvsf
1f98f6cc1c51e00ebf7927923ec691914f51821a: None draft
Kris Maglione <maglione.k@gmail.com> - Fri, 06 Dec 2019 22:13:37 +0000 - rev 2522017
Push 461824 by reviewbot at Fri, 06 Dec 2019 22:13:53 +0000
None Differential Diff: PHID-DIFF-2et5satu3ezz2npcyvsf
2894d445a9287ba9c4d0a26f1083a4eb09f216c5: None draft
Kris Maglione <maglione.k@gmail.com> - Fri, 06 Dec 2019 22:13:33 +0000 - rev 2522016
Push 461824 by reviewbot at Fri, 06 Dec 2019 22:13:53 +0000
None Differential Diff: PHID-DIFF-whcx6f2tsluzicdjxl5w
fcf3899bec117332dea8463f2f4d2a6620bd9aba: try_task_config for https://phabricator.services.mozilla.com/D56250 draft
libmozevent <release-mgmt-analysis@mozilla.com> - Fri, 06 Dec 2019 22:12:09 +0000 - rev 2522015
Push 461823 by reviewbot at Fri, 06 Dec 2019 22:12:27 +0000
try_task_config for https://phabricator.services.mozilla.com/D56250 Differential Diff: PHID-DIFF-mvctwepcmavjsz6azswy
d5f18b7c348faf6ad0c4c4df9d99012703ebd8f6: bug 1601912 - "use" CRLite fields in NSSCertDBTrustDomain to silence compiler warnings r?jcj draft
Dana Keeler <dkeeler@mozilla.com> - Fri, 06 Dec 2019 22:12:04 +0000 - rev 2522014
Push 461823 by reviewbot at Fri, 06 Dec 2019 22:12:27 +0000
bug 1601912 - "use" CRLite fields in NSSCertDBTrustDomain to silence compiler warnings r?jcj When cert_storage is disabled, the CRLite mode and telemetry fields don't get used by NSSCertDBTrustDomain, so we get warnings-as-errors about unused fields. This uses Unused to silence the warnings. This also adds a missing #include to CertBlocklist.cpp. Differential Diff: PHID-DIFF-mvctwepcmavjsz6azswy
573d99131709820c022a5ce998b454e8b4bc9ab7: try_task_config for https://phabricator.services.mozilla.com/D53681 draft
libmozevent <release-mgmt-analysis@mozilla.com> - Fri, 06 Dec 2019 22:11:36 +0000 - rev 2522013
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
try_task_config for https://phabricator.services.mozilla.com/D53681 Differential Diff: PHID-DIFF-os3oydeh6zxpy5l3ip5w
2eb2d6c8157ba31ad98e5b0198cad99c862eeae2: Bug 1522830: Part 9 - Add IPC for untrusted modules to Content; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:32 +0000 - rev 2522012
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 9 - Add IPC for untrusted modules to Content; r=mhowell Summary: * The parent needs to be able to request the child to provide its untrusted modules telemetry. This is done via `GetUntrustedModulesData`. * The child needs to be able to determine which of its module loads are trusted, and which are not. Since the child is sandboxed, it must delegate that work to the parent process. This is done via `GetModulesTrust`. Differential Revision: https://phabricator.services.mozilla.com/D53681 Depends on D53680 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-os3oydeh6zxpy5l3ip5w
8c697c8401c691e2e986e6790b64830d96605fe6: Bug 1522830: Part 8 - Update UntrustedModulesProcessor to support processing child processes; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:29 +0000 - rev 2522011
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 8 - Update UntrustedModulesProcessor to support processing child processes; r=mhowell Summary: This patch contains the core changes to make this all work across e10s: * We clarify the naming of path variables to be more specific as to whether they are NT paths or DOS paths; * We add IPC `ParamTraits` that are necessary for `UntrustedModulesData` types; * We implement `ProcessModuleLoadQueue` for child processes. Because of sandboxing, we need to split this sequence into multiple async operations: ** Initial queue processing; ** Sending the list of modules to the parent process to determine trustworthiness (via `GetModulesTrust`); ** Receiving the results from the parent process and producing a final result (via `CompleteProcessing`). * We implement the `GetModulesTrust` function for the parent process, which evaluates the trust of child process modules; * We change all hash tables to be keyed using NT paths. Because resolving DOS paths may not be permitted in sandboxed processes, we need to standardize on NT paths as the "universal path" across processes. * We add `WinDllServices::StartUntrustedModulesProcessor` to separate untrusted modules startup from `WinDllServices` construction: ** While we now start `WinDllServices` across all child process types, only specific process types will support untrusted modules. ** Furthermore, untrusted modules must be started at a very specific point that is dependent on the type of child process. ** We add those calls to `StartUntrustedModulesProcessor` in subsequent patches. Differential Revision: https://phabricator.services.mozilla.com/D53680 Depends on D53679 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-ocp4ddtathtw7dppf2hq
4580d0293946e92c037c26e76e2219391013fcf9: Bug 1522830: Part 7 - Initialize launcher process blocklist during launch of sandboxed child process; r=bobowen draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:26 +0000 - rev 2522010
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 7 - Initialize launcher process blocklist during launch of sandboxed child process; r=bobowen Summary: When launching a sandboxed child process that uses `firefox.exe`, we now perform early initialization of the DLL blocklist. Differential Revision: https://phabricator.services.mozilla.com/D53679 Depends on D53678 Test Plan: Reviewers: bobowen Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-55hsz7fvh2o5z3s4p2cc
b6d91b04aa33a4d671d638849c0f742ff4edba65: Bug 1522830: Part 6 - Add API to be able to initialize launcher dll blocklist during spawning of child process; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:23 +0000 - rev 2522009
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 6 - Add API to be able to initialize launcher dll blocklist during spawning of child process; r=mhowell Summary: We need a way for the sandbox broker to be able to initialize the launcher DLL blocklist when starting a new content process. This patch adds the ability to resolve the initialization function through DLL services. Differential Revision: https://phabricator.services.mozilla.com/D53678 Depends on D53677 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-eytggl4lksvtu33nnw33
577b91305e7bdc6bb215bb8dedf36615ca6e0df7: Bug 1522830: Part 5 - Provide a launcher result type that unconditionally includes file and line info; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:20 +0000 - rev 2522008
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 5 - Provide a launcher result type that unconditionally includes file and line info; r=mhowell Summary: `LauncherResult` only includes file and line info when built into the launcher process. Now that there will be `xul.dll`-based code calling into launcher process startup, this would create an ABI mismatch. This patch creates a new type, `LauncherResultWithLineInfo`, that unconditionally includes the file and line so that APIs called by both `xul` and non-`xul` code can have the same ABI for both. Differential Revision: https://phabricator.services.mozilla.com/D53677 Depends on D53676 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-pybj6gs2h7zoqxnfvuqb
2433468561cab483d66ad1d3ebc58dbf276c263d: Bug 1522830: Part 4 - Add constexpr constructor and assignment operator from uint64_t to ModuleVersion; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:16 +0000 - rev 2522007
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 4 - Add constexpr constructor and assignment operator from uint64_t to ModuleVersion; r=mhowell Summary: Differential Revision: https://phabricator.services.mozilla.com/D53676 Depends on D53675 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-srmmhtpd5zzgx3dq3i6w
b99a35a0b19d960e17c395d82e2d25b8963e9326: Bug 1522830: Part 3 - Change launcher blocklist generation to include child processes; r=bytesized draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:13 +0000 - rev 2522006
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 3 - Change launcher blocklist generation to include child processes; r=bytesized Summary: Now that the launcher blocklist will support child processes, we need to add them to the launcher blocklist. The revised criteria the `Launcher` blocklist matches the criteria already in use by the `Legacy` blocklist. Differential Revision: https://phabricator.services.mozilla.com/D53675 Depends on D53674 Test Plan: Reviewers: bytesized Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-bgxx47vajowfli4yjlzm
26c19da0686d1483c2101ebef9c31586e9444aa4: Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:09 +0000 - rev 2522005
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 2 - Make launcher blocklist work in child processes; r=mhowell Summary: * We change `InitializeDllBlocklistOOP` to be able to set the correct flags when initializing a sandbox child process. * We change the freestanding DLL blocklist code to be sensitive to the `CHILD_PROCESSES_ONLY` flag; * We move the declaration of `gBlocklistInitFlags` to `WindowsDllBlocklist.h` so that it is visible to more code. Differential Revision: https://phabricator.services.mozilla.com/D53674 Depends on D53672 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-2ywbjjdl2evldhv247ub
53bcdb03669b01110a61898bea44de9f91d70ceb: Bug 1522830: Part 1 - Init legacy blocklist using gBlocklistInitFlags; r=mhowell draft
Aaron Klotz <aklotz@mozilla.com> - Fri, 06 Dec 2019 22:11:06 +0000 - rev 2522004
Push 461822 by reviewbot at Fri, 06 Dec 2019 22:11:54 +0000
Bug 1522830: Part 1 - Init legacy blocklist using gBlocklistInitFlags; r=mhowell Summary: When we initialize the legacy blocklisting code, we should carry forward any flags that were set by the launcher process and/or sandbox launcher. Differential Revision: https://phabricator.services.mozilla.com/D53672 Test Plan: Reviewers: mhowell Subscribers: Bug #: 1522830 Differential Diff: PHID-DIFF-4cqv5nj2t4ultb4re3m2
59894abb2f86f723463a8f8fde9501f6d2c6cc70: try_task_config for https://phabricator.services.mozilla.com/D56243 draft
libmozevent <release-mgmt-analysis@mozilla.com> - Fri, 06 Dec 2019 22:10:45 +0000 - rev 2522003
Push 461821 by reviewbot at Fri, 06 Dec 2019 22:11:04 +0000
try_task_config for https://phabricator.services.mozilla.com/D56243 Differential Diff: PHID-DIFF-3tqjhi4pbs6xxmquvhag
dfe8ee476e8ec433ca2029e6b56fae8b942e700b: Bug 1601837 - Using current available slot to access controllerState instead of hand index in OpenVR. draft
Daosheng Mu <daoshengmu@gmail.com> - Fri, 06 Dec 2019 22:10:40 +0000 - rev 2522002
Push 461821 by reviewbot at Fri, 06 Dec 2019 22:11:04 +0000
Bug 1601837 - Using current available slot to access controllerState instead of hand index in OpenVR. Summary: We notice we didn't write states info ControllerState correctly before because sometimes there is only one controller (right hand), it will try to access the slot 1 instead of the current available slot 0. That makes us can't see this controller is available. Reviewers: kip! Tags: #secure-revision Bug #: 1601837 Differential Revision: https://phabricator.services.mozilla.com/D56243 Differential Diff: PHID-DIFF-3tqjhi4pbs6xxmquvhag
a618ccf130f36c7d7c806f6601211b87f252c218: try_task_config for https://phabricator.services.mozilla.com/D54113 draft
libmozevent <release-mgmt-analysis@mozilla.com> - Fri, 06 Dec 2019 22:09:37 +0000 - rev 2522001
Push 461820 by reviewbot at Fri, 06 Dec 2019 22:09:52 +0000
try_task_config for https://phabricator.services.mozilla.com/D54113 Differential Diff: PHID-DIFF-b6rwsl432wcrzq4vnbcy
(0) -1000000 -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 +100000 +300000 +1000000 tip