Closed
Bug 1759408
Opened 3 years ago
Closed 3 years ago
[macOS] Add sandboxing tests to more process types
Categories
(Core :: Security: Process Sandboxing, enhancement, P2)
Tracking
()
RESOLVED
FIXED
100 Branch
| Tracking | Status | |
|---|---|---|
| firefox100 | --- | fixed |
People
(Reporter: haik, Assigned: haik)
References
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
We have macOS content process sandboxing tests (in security/sandbox/test and in security/sandbox/common/test/SandboxTestingChildTests.h), but no sandboxing tests for other process types.
|
Assignee | |
Comment 1•3 years ago
|
||
Add the WindowServer test and process launch tests to each Mac child process type.
|
||
Updated•3 years ago
|
Assignee: nobody → haftandilian
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•3 years ago
|
Severity: -- → S4
Priority: -- → P2
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/49a22cd6d6ee
[macOS] Add sandboxing tests to more process types r=gerard-majax
|
||
Comment 3•3 years ago
|
||
Backed out for causing build bustages on SandboxTestingChildTests.h
Failure log: https://treeherder.mozilla.org/logviewer?job_id=371065035&repo=autoland
Backout link: https://hg.mozilla.org/integration/autoland/rev/0f85ffd4fbfd3ca1e9a02b86f8433bffb98271ac
[task 2022-03-15T06:01:04.161Z] 06:01:04 INFO - gmake[4]: Entering directory '/builds/worker/workspace/obj-build/toolkit/components/remote'
[task 2022-03-15T06:01:04.162Z] 06:01:04 INFO - toolkit/components/remote/nsDBusRemoteClient.o
[task 2022-03-15T06:01:04.162Z] 06:01:04 INFO - gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/toolkit/components/remote'
[task 2022-03-15T06:01:04.162Z] 06:01:04 INFO - gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/sandbox/common'
[task 2022-03-15T06:01:04.165Z] 06:01:04 INFO - /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu -std=gnu++17 -o Unified_cpp_sandbox_common0.o -c -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -ftrivial-auto-var-init=pattern -DDEBUG=1 -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/sandbox/common -I/builds/worker/workspace/obj-build/security/sandbox/common -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wdeprecated-this-capture -Wempty-body -Wformat-type-confusion -Wignored-qualifiers -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wno-error=tautological-type-limit-compare -Wunreachable-code -Wunreachable-code-return -Wunused-but-set-parameter -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wno-range-loop-analysis -Wc++2a-compat -Wcomma -Wenum-compare-conditional -Wimplicit-fallthrough -Werror=non-literal-null-conversion -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=free-nonheap-object -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fPIC -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -gdwarf-4 -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -Os -fno-omit-frame-pointer -funwind-tables -Werror -fno-strict-aliasing -MD -MP -MF .deps/Unified_cpp_sandbox_common0.o.pp Unified_cpp_sandbox_common0.cpp
[task 2022-03-15T06:01:04.165Z] 06:01:04 INFO - In file included from Unified_cpp_sandbox_common0.cpp:20:
[task 2022-03-15T06:01:04.166Z] 06:01:04 INFO - In file included from /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChild.cpp:8:
[task 2022-03-15T06:01:04.166Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:172:12: error: use of undeclared identifier 'posix_spawnp'
[task 2022-03-15T06:01:04.166Z] 06:01:04 INFO - int rv = posix_spawnp(NULL, "/bin/bash", NULL, NULL, argv, NULL);
[task 2022-03-15T06:01:04.166Z] 06:01:04 INFO - ^
[task 2022-03-15T06:01:04.166Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:187:7: error: use of undeclared identifier 'nsCocoaFeatures'
[task 2022-03-15T06:01:04.167Z] 06:01:04 INFO - if (nsCocoaFeatures::OnCatalinaOrLater()) {
[task 2022-03-15T06:01:04.167Z] 06:01:04 INFO - ^
[task 2022-03-15T06:01:04.167Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:192:3: error: unknown type name 'CFStringRef'
[task 2022-03-15T06:01:04.167Z] 06:01:04 INFO - CFStringRef filePath = ::CFStringCreateWithCString(kCFAllocatorDefault, uri,
[task 2022-03-15T06:01:04.167Z] 06:01:04 INFO - ^
[task 2022-03-15T06:01:04.167Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:192:28: error: no member named 'CFStringCreateWithCString' in the global namespace
[task 2022-03-15T06:01:04.168Z] 06:01:04 INFO - CFStringRef filePath = ::CFStringCreateWithCString(kCFAllocatorDefault, uri,
[task 2022-03-15T06:01:04.168Z] 06:01:04 INFO - ~~^
[task 2022-03-15T06:01:04.168Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:192:54: error: use of undeclared identifier 'kCFAllocatorDefault'
[task 2022-03-15T06:01:04.168Z] 06:01:04 INFO - CFStringRef filePath = ::CFStringCreateWithCString(kCFAllocatorDefault, uri,
[task 2022-03-15T06:01:04.168Z] 06:01:04 INFO - ^
[task 2022-03-15T06:01:04.168Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:193:54: error: use of undeclared identifier 'kCFStringEncodingUTF8'
[task 2022-03-15T06:01:04.168Z] 06:01:04 INFO - kCFStringEncodingUTF8);
[task 2022-03-15T06:01:04.169Z] 06:01:04 INFO - ^
[task 2022-03-15T06:01:04.169Z] 06:01:04 ERROR - /builds/worker/checkouts/gecko/security/sandbox/common/test/SandboxTestingChildTests.h:194:3: error: unknown type name 'CFURLRef'
[task 2022-03-15T06:01:04.169Z] 06:01:04 INFO - CFURLRef urlRef = ::CFURLCreateWithFileSystemPath(
Flags: needinfo?(haftandilian)
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d67e83068906
[macOS] Add sandboxing tests to more process types r=gerard-majax
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox100:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
|
|
Assignee | |
Updated•3 years ago
|
Flags: needinfo?(haftandilian)
You need to log in
before you can comment on or make changes to this bug.
Description
•