summaryrefslogtreecommitdiffstats
path: root/security/sandbox/win/src/sandboxbroker
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox/win/src/sandboxbroker')
-rw-r--r--security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp65
-rw-r--r--security/sandbox/win/src/sandboxbroker/sandboxBroker.h3
2 files changed, 29 insertions, 39 deletions
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index 9b9ed97262..3e2ce617bd 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -30,7 +30,6 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WinDllServices.h"
#include "mozilla/WindowsVersion.h"
-#include "mozilla/WinHeaderOnlyUtils.h"
#include "mozilla/ipc/LaunchError.h"
#include "nsAppDirectoryServiceDefs.h"
#include "nsCOMPtr.h"
@@ -116,11 +115,27 @@ static sandbox::ResultCode AddWin32kLockdownPolicy(
return result;
}
+static void CacheDirAndAutoClear(const nsAString& aDir,
+ StaticAutoPtr<nsString>* cacheVar) {
+ *cacheVar = new nsString(aDir);
+ ClearOnShutdown(cacheVar);
+
+ // Convert network share path to format for sandbox policy.
+ if (Substring(**cacheVar, 0, 2).Equals(u"\\\\"_ns)) {
+ (*cacheVar)->InsertLiteral(u"??\\UNC", 1);
+ }
+}
+
/* static */
-void SandboxBroker::Initialize(sandbox::BrokerServices* aBrokerServices) {
+void SandboxBroker::Initialize(sandbox::BrokerServices* aBrokerServices,
+ const nsAString& aBinDir) {
sBrokerService = aBrokerServices;
sRunningFromNetworkDrive = widget::WinUtils::RunningFromANetworkDrive();
+
+ if (!aBinDir.IsEmpty()) {
+ CacheDirAndAutoClear(aBinDir, &sBinDir);
+ }
}
static void CacheDirAndAutoClear(nsIProperties* aDirSvc, const char* aDirKey,
@@ -135,14 +150,9 @@ static void CacheDirAndAutoClear(nsIProperties* aDirSvc, const char* aDirKey,
return;
}
- *cacheVar = new nsString();
- ClearOnShutdown(cacheVar);
- MOZ_ALWAYS_SUCCEEDS(dirToCache->GetPath(**cacheVar));
-
- // Convert network share path to format for sandbox policy.
- if (Substring(**cacheVar, 0, 2).Equals(u"\\\\"_ns)) {
- (*cacheVar)->InsertLiteral(u"??\\UNC", 1);
- }
+ nsAutoString dirPath;
+ MOZ_ALWAYS_SUCCEEDS(dirToCache->GetPath(dirPath));
+ CacheDirAndAutoClear(dirPath, cacheVar);
}
/* static */
@@ -166,7 +176,6 @@ void SandboxBroker::GeckoDependentInitialize() {
return;
}
- CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
@@ -481,33 +490,11 @@ static sandbox::ResultCode AllowProxyLoadFromBinDir(
sandbox::TargetPolicy* aPolicy) {
// Allow modules in the directory containing the executable such as
// mozglue.dll, nss3.dll, etc.
- static UniquePtr<nsString> sInstallDir;
- if (!sInstallDir) {
- // Since this function can be called before sBinDir is initialized,
- // we cache the install path by ourselves.
- UniquePtr<wchar_t[]> appDirStr;
- if (GetInstallDirectory(appDirStr)) {
- sInstallDir = MakeUnique<nsString>(appDirStr.get());
- sInstallDir->Append(u"\\*");
-
- auto setClearOnShutdown = [ptr = &sInstallDir]() -> void {
- ClearOnShutdown(ptr);
- };
- if (NS_IsMainThread()) {
- setClearOnShutdown();
- } else {
- SchedulerGroup::Dispatch(NS_NewRunnableFunction(
- "InitSignedPolicyRulesToBypassCig", std::move(setClearOnShutdown)));
- }
- }
-
- if (!sInstallDir) {
- return sandbox::SBOX_ERROR_GENERIC;
- }
- }
+ nsAutoString rulePath(*sBinDir);
+ rulePath.Append(u"\\*"_ns);
return aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_SIGNED_BINARY,
sandbox::TargetPolicy::SIGNED_ALLOW_LOAD,
- sInstallDir->get());
+ rulePath.get());
}
static sandbox::ResultCode AddCigToPolicy(
@@ -1084,6 +1071,10 @@ void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
sandbox::TargetPolicy::FILES_ALLOW_ANY,
L"\\??\\pipe\\gecko-crash-server-pipe.*"));
+ // Add rule to allow read access to installation directory.
+ AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
+ sBinDir, u"\\*"_ns);
+
// The GPU process needs to write to a shader cache for performance reasons
if (sProfileDir) {
AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_DIR_ANY,
@@ -1833,8 +1824,6 @@ void SandboxBroker::ApplyLoggingPolicy() {
L"HKEY_CURRENT_USER\\dummy");
mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
sandbox::TargetPolicy::EVENTS_ALLOW_READONLY, L"dummy");
- mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
- sandbox::TargetPolicy::HANDLES_DUP_BROKER, L"dummy");
}
SandboxBroker::~SandboxBroker() {
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
index 45a0cbb38b..40b3cf1501 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -75,7 +75,8 @@ class SandboxBroker : public AbstractSandboxBroker {
public:
SandboxBroker();
- static void Initialize(sandbox::BrokerServices* aBrokerServices);
+ static void Initialize(sandbox::BrokerServices* aBrokerServices,
+ const nsAString& aBinDir);
static void EnsureLpacPermsissionsOnDir(const nsString& aDir);