Closed Bug 1021233 Opened 10 years ago Closed 10 years ago

EME Sandbox for Windows

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mreavy, Assigned: bobowen)

References

(Blocks 1 open bug)

Details

For security reasons, we need to sandbox the CDM. This bug focuses on Windows sandboxing.
Component: WebRTC → Video/Audio
Additional things we'll need for EME: * We will probably need to have a set of syetem DLLs that are loaded into the plugin-container before we drop privileges. This set of DLLs will vary between plugins. For example, for the ClearKey CDM implementation on Windows, we'll need Windows Media Foundation DLLs loaded. The Adobe CDM may also need some system DLLs loaded. * Eventually we will need to enable DXVA inside the sandbox. I imagine we'll have to do what Chromium does, which is to do a bunch of setup in the plugin container before dropping privileges. * We'll need to calculate the "node ID", and then scrub the memory used to determine this before dropping priviledges. * We'll need the plugin-container "voucher" passed into the sandbox somehow.
Assignee: nobody → tabraldes
Status: NEW → ASSIGNED
Do we expect the WMF DLLs to work inside a restrictive sandbox? Have we tested that?
Flags: needinfo?(cpearce)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #2) > Do we expect the WMF DLLs to work inside a restrictive sandbox? Have we > tested that? I don't know whether we expect them to work, but it's likely that attempting to load them will fail currently. If I can get a list of the DLLs we need I can work on getting the sandbox to allow them
(In reply to Benjamin Smedberg [:bsmedberg] from comment #2) > Do we expect the WMF DLLs to work inside a restrictive sandbox? Have we > tested that? Adobe will need WMF to work inside the sandbox. Eventually they'll need WMF DXVA support too. I assume the DLLs they need are mfplat.dll, mf.dll, dxva2.dll, and possibly propsys.dll.
Flags: needinfo?(cpearce)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #2) > Do we expect the WMF DLLs to work inside a restrictive sandbox? Chromium uses WMF/DXVA inside their sandbox, though they initialize their DXVA/D3D devices before they drop privileges. So we should expect them to work with the same privileges that Chromium uses. > Have we tested that? I haven't tested.
Re-assigning to :bobowen so this doesn't get lost as I transition out of sandboxing land. Bob - feel free to unassign this and/or track however you see fit!
Assignee: tabraldes → bobowencode
These bugs are necessary for vouching and sandboxing a third-party CDM.
Blocks: eme-m2
No longer blocks: eme-m2
Bob: is there any remaining Windows sandbox work that should block the Adobe EME MVP? Any fixes in Nightly 39 that should be uplifted to Aurora 38 before we start public beta testing in Beta 38?
Flags: needinfo?(bobowen.code)
(In reply to Chris Peterson [:cpeterson] from comment #8) > Bob: is there any remaining Windows sandbox work that should block the Adobe > EME MVP? Any fixes in Nightly 39 that should be uplifted to Aurora 38 before > we start public beta testing in Beta 38? Nothing functional, but I should probably get the license added in bug 1135051 uplifted. I'll get that requested.
Flags: needinfo?(bobowen.code)
Resolving fixed. Thanks, Bob!
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Depends on: 1135051
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.