Closed Bug 1145432 Opened 8 years ago Closed 8 years ago

The GMP sandbox is blocking crash reporting on Windows


(Core :: Security: Process Sandboxing, defect)

Windows 7
Not set



Tracking Status
firefox37 --- wontfix
firefox38 + fixed
firefox39 --- fixed


(Reporter: bobowen, Assigned: bobowen)




(1 file)

The GMP sandbox is blocking crash reporting on Windows.
This appears to have been the case since bug 1027902.
Looks like I broke this when setting the initial integrity level to low.
Doesn't look like it is tested.
Attachment #8580378 - Flags: review?(aklotz)
Attachment #8580378 - Flags: review?(aklotz) → review+

Thanks for the quick review Aaron.
Comment on attachment 8580378 [details] [diff] [review]
Add the policy for the client side of the crash server pipe to the GMP Windows sandbox.

Approval Request Comment
[Feature/regressing bug #]:
I believe Bug 1027902, which I landed, caused the crash reporting setup in the GMP process to start failing.
It appears that there is not a crash test for this, at least not one that catches this.

[User impact if declined]:
Crash reporting will at least be partially broken (e.g. I believe no crash dumps) for GMP processes.
The UI does still indicate a crash from a chrome drop down, but I'm not sure whether the reporting to crash-stats is working at all.

[Describe test coverage new/current, TreeHerder]:
OpenH264 and EME both have mochitests.

[Risks and why]: 
Low: This setup would have been working pre-Fx36 and we already have a very similar rule for the client side of chrome.* pipes used for the IPC, so this doesn't represent a weakening of the sandbox.
My only concern for Beta is that this is very late.

[String/UUID change made/needed]:
Attachment #8580378 - Flags: approval-mozilla-beta?
Attachment #8580378 - Flags: approval-mozilla-aurora?
After irc discussion with jesup and bobowen, I think this is a must-have for Fx38 (Aurora) and not for Fx37 (Beta).  EME is targeted for Fx38 and it uses GMP. In Fx37, only WebRTC is using GMP and H.264 is only used by a small percentage of users currently.  I expect that to change, but not in the Fx37 time frame.   Looking across all platforms for Fx36 and before, bobowen isn't see any crash reports at all for openh264 on crash-stats.  So I would be ok with this just getting uplifted to Fx38, but we must have it for Fx38.

I'm also talking with gfritzche about Bug 1046052 -- which would give us test coverage.  We have a patch.  If we can land and uplift it to Fx38, we're good.  In the meantime, I'm going to reach out to QA about manual coverage (a moztrap) until we are satisfied with our automated coverage for GMP crash reporting.
No worries. I was planning to take this patch in 38. I am waiting for the change to be in m-c :)
Comment on attachment 8580378 [details] [diff] [review]
Add the policy for the client side of the crash server pipe to the GMP Windows sandbox.

Maire, thank you for the very reasoned comment 4. Beta-
Attachment #8580378 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Attachment #8580378 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.