https://wiki.mozilla.org/api.php?action=feedcontributions&user=Twalker&feedformat=atom
MozillaWiki - User contributions [en]
2024-03-29T08:07:27Z
User contributions
MediaWiki 1.27.4
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186288
Security/Sandbox
2018-01-04T18:05:36Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores previously triaged into either sb- or sb+<br />
** Ignores meta bugs and bugs with needinfos<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?f1=flagtypes.name&o3=notsubstring&list_id=13952603&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&query_format=advanced&f3=keywords&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb?<br />
** Ignores bugs with needinfos<br />
* sb+ [https://mzl.la/2CSaniE triage list]<br />
** Previously triaged bugs that have no milestone and no priority set<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186287
Security/Sandbox
2018-01-04T18:03:04Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores previously triaged into either sb- or sb+<br />
** Ignores meta bugs and bugs with needinfos<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?f1=flagtypes.name&o3=notsubstring&list_id=13952603&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&query_format=advanced&f3=keywords&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb?<br />
** Ignores meta bugs and bugs with needinfos<br />
* sb+ [https://mzl.la/2CSaniE triage list]<br />
** Previously triaged bugs that have no milestone and no priority set<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186286
Security/Sandbox
2018-01-04T17:49:53Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores previously triaged into either sb- or sb+<br />
** Ignores meta bugs and bugs with needinfos<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13952552&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bugs and bugs with needinfos<br />
* sb+ [https://mzl.la/2CSaniE triage list]<br />
** Previously triaged bugs that have no milestone and no priority set<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186285
Security/Sandbox
2018-01-04T17:48:57Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores previously triaged into either sb- or sb+<br />
** Ignores meta bug and bugs with needinfos<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13952552&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* sb+ [https://mzl.la/2CSaniE triage list]<br />
** Previously triaged bugs that have no milestone and no priority set<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186284
Security/Sandbox
2018-01-04T17:45:22Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
*** not listed are bugs either sb- or sb+<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13952552&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* [https://mzl.la/2CSaniE sb+ list]<br />
** Previously triaged bugs that have no milestone and no priority set<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186283
Security/Sandbox
2018-01-04T17:41:10Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
*** not listed are bugs either sb- or sb+<br />
*** [ sb+ list]<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13952552&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186282
Security/Sandbox
2018-01-04T17:36:51Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13952552&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&status_whiteboard=sb%3F&v1=needinfo Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186281
Security/Sandbox
2018-01-04T17:35:27Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CSylu2<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186280
Security/Sandbox
2018-01-04T17:32:36Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186279
Security/Sandbox
2018-01-04T17:24:30Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* Global [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug in the database with sb? that do not have a priority assigned<br />
** Ignores meta bug and bugs with needinfos<br />
* Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186278
Security/Sandbox
2018-01-04T17:20:45Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Sandboxing Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug in the datbase with sb?<br />
** Ignores meta bug and bugs with needinfos<br />
* Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1186277
Security/Sandbox
2018-01-04T17:18:46Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug in the datbase with sb?<br />
** Ignores meta bug and bugs with needinfos<br />
* sb? Triage List: https://mzl.la/2CRxxWd<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** does not include needinfo or meta bugs<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1186159
Platform/Integration
2018-01-03T14:37:17Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2BWwGSq LIST ] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2BWz8s4 LIST] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2BUCGv1 LIST] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2CNwZRl LIST] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2CJ9KYl LIST] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2BXEHXr LIST] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2BWA93m LIST] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2iYIvzM P1 LIST] || [https://mzl.la/2j22iOu P2 LIST] || [https://mzl.la/2j0I47N P3 LIST] || [https://mzl.la/2j0SeFQ P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1185720
Platform/Integration
2017-12-12T22:27:09Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2BWwGSq LIST ] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2BWz8s4 LIST] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2BUCGv1 LIST] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm LIST] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2BXEHXr LIST] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2BWA93m LIST] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2iYIvzM P1 LIST] || [https://mzl.la/2j22iOu P2 LIST] || [https://mzl.la/2j0I47N P3 LIST] || [https://mzl.la/2j0SeFQ P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1185719
Platform/Integration
2017-12-12T22:23:39Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2BWwGSq LIST ] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2BWz8s4 LIST] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2BUCGv1 LIST] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm LIST] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2iYIvzM P1 LIST] || [https://mzl.la/2j22iOu P2 LIST] || [https://mzl.la/2j0I47N P3 LIST] || [https://mzl.la/2j0SeFQ P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1185538
Security/Sandbox
2017-12-07T17:30:08Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 Triage List]<br />
** Lists any bug with sb?<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores sb+, sb-, and sb? bugs with needinfos<br />
** meta bugs<br />
* sb? Triage List: http://is.gd/B3KscF<br />
** does not include needinfo bugs<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Security/Sandbox&diff=1185537
Security/Sandbox
2017-12-07T17:29:41Z
<p>Twalker: /* Triage Lists */</p>
<hr />
<div>= Overview =<br />
<br />
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]<br />
<br />
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.<br />
<br />
== Technical Docs ==<br />
<br />
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]<br />
* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set OSX Filter Rule Set]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]<br />
<br />
= Current Status =<br />
<br />
{| class="wikitable"<br />
|-<br />
!Sandbox<br />
!colspan="2"|Trunk<br />
!colspan="2"|Beta<br />
!colspan="2"|Release<br />
|-<br />
!<br />
!colspan="2"|Level<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
!colspan="1"|Level<br />
!colspan="1"|Version<br />
|-<br />
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]<br />
|style='text-align:center;' colspan="2"|Level 4<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]<br />
|style='text-align:center;' colspan="2"|Level 0 [1]<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|style='text-align:center;' colspan="1"|<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"|Fx56<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h OSX (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]<br />
|style='text-align:center;' colspan="2"|Level 3<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|style='text-align:center;' colspan="1"|Level 3<br />
|style='text-align:center;' colspan="1"| Fx57<br />
|-<br />
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|style='text-align:center;' colspan="2"|enabled<br />
|}<br />
<br />
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.<br />
<br />
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.<br />
<br />
[1] Level 1 available but disabled due to various regressions, see {{bug|1347710}}<br />
<br />
== Windows ==<br />
<br />
=== Content ===<br />
<br />
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2<br />
|-<br />
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE<br />
|-<br />
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE<br />
|-<br />
| Alternate Desktop || no || no || no<br />
|-<br />
| Alternate Windows Station || no || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || None ||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations || None ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level 3 !! Level 4<br />
|-<br />
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LIMITED || USER_LIMITED<br />
|-<br />
| Alternate Desktop || no || YES<br />
|-<br />
| Alternate Windows Station || no || no<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Mitigations || <br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br><br />
MITIGATION_EXTENSION_POINT_DISABLE<br><br />
MITIGATION_IMAGE_LOAD_NO_REMOTE<br><br />
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br />
|-<br />
| Delayed Mitigations ||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
<br />
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_LOCKDOWN<br />
|-<br />
| Access Token Level || USER_LOCKDOWN, USER_RESTRICTED[1]<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_UNTRUSTED<br />
|-<br />
| Alternate desktop || yes<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
MITIGATION_STRICT_HANDLE_CHECKS<br><br />
MITIGATION_DLL_SEARCH_ORDER<br />
|}<br />
<br />
[1] depends on the media plugin<br />
<br />
=== 64-bit Plugin ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Sandbox Feature !! Level<br />
|-<br />
| Job Level || JOB_UNPROTECTED<br />
|-<br />
| Access Token Level || USER_INTERACTIVE<br />
|-<br />
| Initial Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW<br />
|-<br />
| Alternate desktop || no<br />
|-<br />
| Mitigations<br />
||<br />
MITIGATION_BOTTOM_UP_ASLR<br><br />
MITIGATION_HEAP_TERMINATE<br><br />
MITIGATION_SEHOP<br><br />
MITIGATION_DEP_NO_ATL_THUNK<br><br />
MITIGATION_DEP<br />
|-<br />
| Delayed Mitigations<br />
||<br />
|}<br />
<br />
* [[Firefox/win64]] Wiki Page<br />
* [https://blog.mozilla.org/futurereleases/2015/12/15/firefox-64-bit-for-windows-available/ Release Announcement]<br />
* [https://www.mozilla.org/en-US/firefox/all/ Windows 64-bit builds]<br />
<br />
== OSX ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 [1] ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|-<br />
| Level 2 ||<br />
* write access to most of the filesystem<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
* read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
* read access to ~/Library<br />
|-<br />
| Level 3 || <br />
* write access to most of the filesystem<br />
* read access to most of the filesystem<br />
** read access to the profile directory (apart from the chrome and extensions subdirectories)<br />
** read access to the home directory<br />
* inbound/outbound network I/O<br />
* exec, fork<br />
* printing<br />
|}<br />
<br />
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.<br />
<br />
=== Gecko Media Plugins ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]<br />
<br />
== Linux ==<br />
<br />
=== Content Levels ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Job Level !! What's Blocked by the Sandbox?<br />
|-<br />
| Level 1 ||<br />
* Many syscalls, including process creation<br />
|-<br />
| Level 2 ||<br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
|-<br />
| Level 3 || <br />
* Many syscalls, including process creation<br />
* Write access to the filesystem<br />
** Excludes shared memory, tempdir, video hardware<br />
* Read access to most of the filesystem<br />
** Excludes themes/GTK configuration, fonts, shared data and libraries<br />
|}<br />
<br />
=== Content Rules ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]<br />
<br />
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 Filesystem access policy]<br />
<br />
=== Gecko Media Plugin ===<br />
<br />
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]<br />
<br />
=== Customization Settings ===<br />
<br />
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.<br />
<br />
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.<br />
<br />
security.sandbox.content.level<br />
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.<br />
<br />
security.sandbox.content.read_path_whitelist<br/><br />
security.sandbox.content.write_path_whitelist<br />
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively.<br />
<br />
security.sandbox.content.syscall_whitelist<br />
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.<br />
<br />
= Preferences =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Process Type !! Preference Type !! Preference<br />
|-<br />
| Content || numerical || security.sandbox.content.level<br />
|-<br />
| NPAPI Plugin || boolean || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype><br />
|-<br />
| Compositor || numerical || security.sandbox.gpu.level<br />
|-<br />
| Media || Embedded || N/A<br />
|}<br />
<br />
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong><br />
<br />
= File System Restrictions =<br />
<br />
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process. <br />
<br />
File system access rules for content processes, reverse precedence:<br />
<br />
{| class="wikitable"<br />
|-<br />
! Location !! Access Type !! Restriction<br />
|-<br />
| file system || read/write || deny by default<br />
|-<br />
| install location || write || deny<br />
|-<br />
| install location || read || allow<br />
|-<br />
| system library locations || write || deny<br />
|-<br />
| system library locations || read || allow<br />
|-<br />
| profile/* || read/write || deny by default<br />
|-<br />
| profile/extensions || write || deny<br />
|-<br />
| profile/extensions || read || allow<br />
|}<br />
<br />
= Debugging Features =<br />
<br />
== Activity Logging ==<br />
<br />
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/><br />
<br />
security.sandbox.logging.enabled (boolean)<br/><br />
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/><br />
<br />
The following environment variables also triggers sandbox logging output: <br/><br />
<br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
=== OSX Specific Sandbox Logging ===<br />
<br />
On Mac, sandbox violation logging is disabled by default. To enable logging,<br />
<br />
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".<br />
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.<br />
<br />
* If Console.app is not already running at the time of the sandbox violation, the violation is not reliably logged.<br />
* As of build 56, where filesystem read access restrictions were tightened, running Firefox always triggers sandbox violations and these will be logged. For example, plugin-container attempts to access /Applications and /Users (bug 1378968). We want to address these when possible, but some violations are complicated to avoid or are triggered by OS X library code that can't be avoided yet.<br />
<br />
=== Linux specific Sandbox Logging ===<br />
<br />
The following environment variable triggers extra sandbox debugging output: <br/><br />
MOZ_SANDBOX_LOGGING=1<br />
<br />
== Environment variables ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM<br />
|-<br />
|MOZ_DISABLE_CONTENT_SANDBOX<br />
|Disables content process sandboxing for debugging purposes.<br />
|All<br />
|-<br />
|MOZ_DISABLE_GMP_SANDBOX<br />
|Disable media plugin sandbox for debugging purposes<br />
|All<br />
|-<br />
|MOZ_DISABLE_NPAPI_SANDBOX<br />
|Disable 64-bit NPAPI process sandbox<br />
|Windows<br />
|-<br />
|MOZ_DISABLE_GPU_SANDBOX<br />
|Disable GPU process sandbox<br />
|Windows<br />
|}<br />
<br />
=== Setting a custom environment in Windows ===<br />
<br />
1) Close Firefox <br/><br />
2) Browser to the location of your Firefox install using Explorer <br/><br />
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/><br />
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/><br />
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/><br />
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/><br />
<br />
== Local Build Options ==<br />
<br />
To disable building the sandbox completely build with this in your mozconfig:<br />
<br />
<code>ac_add_options --disable-sandbox</code><br />
<br />
To disable just the content sandbox parts:<br />
<br />
<code>ac_add_options --disable-content-sandbox</code><br />
<br />
= Bug Lists =<br />
<br />
== Priorities ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]<br />
<br />
== Security/Process Sandboxing Lists ==<br />
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]<br />
<br />
== Triage Lists ==<br />
* Triage [https://bugzilla.mozilla.org/buglist.cgi?v4=P&f1=flagtypes.name&o3=notsubstring&list_id=13921258&v3=meta&o1=notsubstring&resolution=---&o2=nowordssubstr&status_whiteboard_type=substring&f4=priority&query_format=advanced&f3=keywords&o4=notsubstring&f2=status_whiteboard&status_whiteboard=sb%3F&v1=needinfo&v2=sb-%2Csb%2B%2Csbwc1%2Csbwc2%2Csbwn1%2Csbwn2%2Csbmc1%2Csbmc2%2Csblc1%2Csblc2 List]<br />
** Lists any bug with sb?<br />
** Lists sandboxing component bugs that are not tracked by a milestone<br />
** Ignores sb+, sb-, and sb? bugs with needinfos<br />
** meta bugs<br />
* sb? Triage List: http://is.gd/B3KscF<br />
** does not include needinfo bugs<br />
* sb? needinfos: http://is.gd/dnSyBs<br />
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6<br />
** sb tracking + 'webrtc'<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday at 8:00am PT<br />
* Vidyo: "PlatInt" room<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #boxing]<br />
|-<br />
| Newsgroup/Mailing List<br />
|| <br />
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]<br />
|-<br />
|}<br />
<br />
= People =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Engineering Management<br />
||<br />
* Jim Mathies (jimm)<br />
|-<br />
| Project Management<br />
||<br />
* TBD<br />
|-<br />
| QA<br />
||<br />
* Tracy Walker (Quality Assurance Lead)<br />
|-<br />
| Development Team<br />
|| <br />
* Haik Aftandilian (haik)<br />
* Jed Davis (jld)<br />
* Alex Gaynor (Alex_Gaynor)<br />
* Bob Owen (bobowen)<br />
* David Parks (handyman)<br />
* Stephen Pohl (spohl)<br />
* Gian-Carlo Pascutto (gcp)<br />
|}<br />
<br />
= Repo Module Ownership =<br />
* [[Modules/Core#Sandboxing|Cross platform]]<br />
* [[Modules/Core#Sandboxing_-_Windows|Windows]]<br />
* [[Modules/Core#Sandboxing_-_OSX|OSX]]<br />
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]<br />
<br />
= Links =<br />
<br />
* [[Electrolysis]] Wiki Page (lot of additional resource links)<br />
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]<br />
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]<br />
* [http://blog.cr0.org/2012/09/introducing-chromes-next-generation.html "Introducing Chrome's next-generation Linux sandbox"] (seccomp-bpf related)<br />
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)<br />
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]<br />
<br />
== Research ==<br />
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]<br />
<br />
== B2G Archive ==<br />
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security Firefox OS System Security page on MDN]<br />
* [https://wiki.mozilla.org/Security/Sandbox/Seccomp Sandboxing on b2g overview]<br />
* [[B2G/Architecture/System_Security/Seccomp|seccomp b2g filter perf data]]<br />
<br />
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.<br />
<br />
== Older ==<br />
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184302
Platform/Integration
2017-11-16T13:34:36Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2iYIvzM P1 LIST] || [https://mzl.la/2j22iOu P2 LIST] || [https://mzl.la/2j0I47N P3 LIST] || [https://mzl.la/2j0SeFQ P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184301
Platform/Integration
2017-11-16T13:33:56Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2iYIvzM P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2j0I47N P3 LIST] || [https://mzl.la/2j0SeFQ P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184300
Platform/Integration
2017-11-16T13:31:15Z
<p>Twalker: /* Bugzilla Tracking flags */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
* Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
* ''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184299
Platform/Integration
2017-11-16T13:30:40Z
<p>Twalker: /* Bugzilla Tracking flags */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
'''These flags have been mothballed (8/30/2017).''' <br />
Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. <br />
''tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration.'' <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184298
Platform/Integration
2017-11-16T13:28:13Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2j0kGYo P1 LIST] || [https://mzl.la/2j0GLWr P2 LIST] || [https://mzl.la/2j0G2EZ P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184297
Platform/Integration
2017-11-16T13:25:20Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [https://mzl.la/2iYVDoB P1 LIST] || [https://mzl.la/2iZln41 P2 LIST] || [https://mzl.la/2j1NEXB P3 LIST] || [https://mzl.la/2iYUkGd P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184296
Platform/Integration
2017-11-16T13:16:52Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2iZihgm 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1184295
Platform/Integration
2017-11-16T13:15:00Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=delta_ts&o3=notsubstring&v6=needinfo&list_id=13814157&v3=tpi%3A-&o1=greaterthan&resolution=---&o2=notsubstring&o6=notsubstring&chfieldto=Now&chfield=status_whiteboard&query_format=advanced&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=2017-01-01&component=Widget&f6=flagtypes.name&v2=P&product=Core 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2iYE3B4 P1 LIST] || [https://mzl.la/2iZhWu6 P2 LIST] || [https://mzl.la/2iYUkGd P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1181819
Platform/Integration
2017-10-04T20:18:41Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2fL7d5p 2017-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2fKuFj7 2017-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2fL2Yqu 2017-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=delta_ts&o3=notsubstring&v6=needinfo&list_id=13814157&v3=tpi%3A-&o1=greaterthan&resolution=---&o2=notsubstring&o6=notsubstring&chfieldto=Now&chfield=status_whiteboard&query_format=advanced&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=2017-01-01&component=Widget&f6=flagtypes.name&v2=P&product=Core 2017-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2aMMniW P1 LIST] || [https://mzl.la/2aMLgjr P2 LIST] || [https://mzl.la/2aMMsDg P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2fMIptU 2017-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2fLmRh6 2017-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2fLoYBH 2017-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1180991
Platform/Integration
2017-09-21T20:37:42Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2wTeOJw 2016-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2wSO2Bd 2016-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fEnTMq P1 LIST] || [https://mzl.la/2fDxJxM P2 LIST] || [https://mzl.la/2fD5247 P3 LIST] || [https://mzl.la/2fCQMIG P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2wT24mj 2016-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2wTeSZT 2016-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2aMMniW P1 LIST] || [https://mzl.la/2aMLgjr P2 LIST] || [https://mzl.la/2aMMsDg P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2wSU1pA 2016-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2wSV3lp 2016-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2wT5NjO 2016-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1180990
Platform/Integration
2017-09-21T20:35:12Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2wTeOJw 2016-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom:Content Process || [https://mzl.la/2wSO2Bd 2016-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fCyEyA P1 LIST] || [https://mzl.la/2fDe15s P2 LIST] || [https://mzl.la/2fDFyDP P3 LIST] || [https://mzl.la/2fDkCNh P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2wT24mj 2016-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2wTeSZT 2016-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2aMMniW P1 LIST] || [https://mzl.la/2aMLgjr P2 LIST] || [https://mzl.la/2aMMsDg P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2wSU1pA 2016-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2wSV3lp 2016-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2wT5NjO 2016-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1180907
Platform/Integration
2017-09-21T15:43:44Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2wTeOJw 2016-01-01] || [https://mzl.la/2wSNvzd NI LIST] || [https://mzl.la/2fCVlma P1 LIST] || [https://mzl.la/2fCb98S P2 LIST] || [https://mzl.la/2fCyV4r P3 LIST] || [https://mzl.la/2fDEOyx P5 LIST]<br />
|-<br />
|| Core:Dom || [https://mzl.la/2wSO2Bd 2016-01-01] || [https://mzl.la/2wThzKW NI LIST] || [https://mzl.la/2fCyEyA P1 LIST] || [https://mzl.la/2fDe15s P2 LIST] || [https://mzl.la/2fDFyDP P3 LIST] || [https://mzl.la/2fDkCNh P5 LIST]<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2wT24mj 2016-01-01] || [https://mzl.la/2wT3s8D NI LIST] || [https://mzl.la/2fDeJiU P1 LIST] || [https://mzl.la/2fDhxNg P2 LIST] || [https://mzl.la/2fDKf0s P3 LIST] || [https://mzl.la/2fDeCEe P5 LIST]<br />
|-<br />
|| Widget || [https://mzl.la/2wTeSZT 2016-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2aMMniW P1 LIST] || [https://mzl.la/2aMLgjr P2 LIST] || [https://mzl.la/2aMMsDg P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2wSU1pA 2016-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2wSV3lp 2016-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2wT5NjO 2016-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1180906
Platform/Integration
2017-09-21T15:31:10Z
<p>Twalker: /* Development management */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
== Cycle tracking ==<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
=== Priority field as a classification ===<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce, polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
== Triage Links ==<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2wTeOJw 2016-01-01] || [https://mzl.la/2wSNvzd NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Core:Dom || [https://mzl.la/2wSO2Bd 2016-01-01] || [https://mzl.la/2wThzKW NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2wT24mj 2016-01-01] || [https://mzl.la/2wT3s8D NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Widget || [https://mzl.la/2wTeSZT 2016-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || [https://mzl.la/2aMMniW P1 LIST] || [https://mzl.la/2aMLgjr P2 LIST] || [https://mzl.la/2aMMsDg P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2wSU1pA 2016-01-01] || [https://mzl.la/2wSZInI NI LIST] || [http://mzl.la/1WD9K2M P1 LIST] || [http://mzl.la/1WD9VLj P2 LIST] || [http://mzl.la/1WD9ZKZ P3 LIST] || [http://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2wSV3lp 2016-01-01] || [https://mzl.la/2wT0cdp NI LIST] || [https://mzl.la/2aMIz1n P1 LIST] || [https://mzl.la/2aMIGKe P2 LIST] || [https://mzl.la/2aMJhf4 P3 LIST] || [https://mzl.la/1WD9Zux P5 LIST]<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2wT5NjO 2016-01-01] || [https://mzl.la/2wSYWqt NI LIST] || [https://mzl.la/2bIeX9w P1 LIST] || [https://mzl.la/2bIfJ6r P2 LIST] || [https://mzl.la/2bIgOLp P3 LIST] || [https://mzl.la/2bPeOOp P5 LIST]<br />
|}<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1180903
Platform/Integration
2017-09-21T15:19:32Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Triage Links ==<br />
<br />
{| class="wikitable"<br />
|-<br />
! Component || Un-triaged since || NeedInfo || P1 || P2 || P3 || P5<br />
|-<br />
|| Core:IPC || [https://mzl.la/2wTeOJw 2016-01-01] || [https://mzl.la/2wSNvzd NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Core:Dom || [https://mzl.la/2wSO2Bd 2016-01-01] || [https://mzl.la/2wThzKW NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Core:Plug-ins || [https://mzl.la/2wT24mj 2016-01-01] || [https://mzl.la/2wT3s8D NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Widget || [https://mzl.la/2wTeSZT 2016-01-01] || [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Widget:Cocoa (OSX) || [https://mzl.la/2wSU1pA 2016-01-01] || [https://mzl.la/2wSZInI NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Widget:Win32 (Windows) || [https://mzl.la/2wSV3lp 2016-01-01] || [https://mzl.la/2wT0cdp NI LIST] || LIST || LIST || LIST || LIST<br />
|-<br />
|| Widget:Gtk (Linux) || [https://mzl.la/2wT5NjO 2016-01-01] || [https://mzl.la/2wSYWqt NI LIST] || LIST || LIST || LIST || LIST<br />
|}<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179631
Platform/Integration
2017-08-30T18:48:16Z
<p>Twalker: /* Communication */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Triage Links ==<br />
<br />
=== Core:IPC ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Dom: Content Processes ===<br />
* Un-triaged and changed since [https://mzl.la/2wSO2Bd 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wThzKW triage list]<br />
<br />
=== Core:Plug-ins ===<br />
* Un-triaged and changed since [https://mzl.la/2wT24mj 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT3s8D triage list]<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Thursday 11am-12pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179624
Platform/Integration
2017-08-30T17:59:47Z
<p>Twalker: /* Development management */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Triage Links ==<br />
<br />
=== Core:IPC ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Dom: Content Processes ===<br />
* Un-triaged and changed since [https://mzl.la/2wSO2Bd 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wThzKW triage list]<br />
<br />
=== Core:Plug-ins ===<br />
* Un-triaged and changed since [https://mzl.la/2wT24mj 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT3s8D triage list]<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179619
Platform/Integration
2017-08-30T16:50:52Z
<p>Twalker: /* Core:Plug-ins */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Core:IPC ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Dom: Content Processes ===<br />
* Un-triaged and changed since [https://mzl.la/2wSO2Bd 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wThzKW triage list]<br />
<br />
=== Core:Plug-ins ===<br />
* Un-triaged and changed since [https://mzl.la/2wT24mj 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT3s8D triage list]<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179618
Platform/Integration
2017-08-30T16:49:19Z
<p>Twalker: /* Core:Dom: Content Processes */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Core:IPC ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Dom: Content Processes ===<br />
* Un-triaged and changed since [https://mzl.la/2wSO2Bd 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wThzKW triage list]<br />
<br />
=== Core:Plug-ins ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179617
Platform/Integration
2017-08-30T16:47:18Z
<p>Twalker: /* Triage Links */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Core:IPC ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Dom: Content Processes ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Core:Plug-ins ===<br />
* Un-triaged and changed since [https://mzl.la/2wTeOJw 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSNvzd triage list]<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179616
Platform/Integration
2017-08-30T16:38:49Z
<p>Twalker: /* Bugzilla Tracking flags */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
These flags have been mothballed (8/30/2017). Instead, "tpi:+" is assumed to be true when a bug is assigned a Priority. tpi:- will still be used to indicate a bug is not going to be tracked at all by platform integration. <br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179615
Platform/Integration
2017-08-30T16:34:34Z
<p>Twalker: /* Widget:Gtk (Linux) */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2wT5NjO 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSYWqt triage list]<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179614
Platform/Integration
2017-08-30T16:31:43Z
<p>Twalker: /* Widget:Win32 (Windows) */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2wSV3lp 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wT0cdp triage list]<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2cNl2xC 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXGJON<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179613
Platform/Integration
2017-08-30T16:29:28Z
<p>Twalker: /* Widget:Cocoa (OSX) */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2wSU1pA 2016-01-01]<br />
* NeedInfo [https://mzl.la/2wSZInI triage list]<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2cNjxiW 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXHYxl<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2cNl2xC 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXGJON<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179612
Platform/Integration
2017-08-30T16:26:35Z
<p>Twalker: /* Widget */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta%2C%20&keywords_type=nowords&f1=flagtypes.name&o3=notsubstring&list_id=13752821&v3=tpi%3A-&o1=substring&resolution=---&o2=notsubstring&chfieldto=Now&query_format=advanced&chfield=status_whiteboard&f3=status_whiteboard&f2=priority&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&v1=needinfo&component=Widget&v2=P&product=Core triage list]<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2cNkvvr 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXH2sL<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2cNjxiW 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXHYxl<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2cNl2xC 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXGJON<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=Platform/Integration&diff=1179611
Platform/Integration
2017-08-30T16:23:48Z
<p>Twalker: /* Widget */</p>
<hr />
<div><br />
= Planning =<br />
<br />
== Areas of Interest ==<br />
<br />
* General overall quality of the desktop apps<br />
* Friendlier basic widgets<br />
** inline html5 widgets (color, date and time inputs, range, url, email) (telemetry here)<br />
** better input field validation feedback<br />
** peekaboo passwords<br />
** quick clear text<br />
* Improved desktop notifications and integration<br />
* OSX trackpad gestures<br />
* Windows soft keyboard support<br />
** better physical keyboard detection<br />
* Windows Cortana / Apple Siri integration?<br />
* Touch/pointer events support<br />
** currently event model works but violates the spec in some ways<br />
** Swipe / thumbnail navigation<br />
** floating scrollbars<br />
** content selection<br />
** zoom<br />
** pen input<br />
* Universal Windows Platform api support<br />
** Project Centennial<br />
* Improvements in accessibility on Windows (UIA support?)<br />
* Virtual desktop support bugs<br />
* Multiple monitor bugs<br />
* Investigate using native spell checking for better support<br />
<br />
= Development management =<br />
<br />
== Cycle tracking ==<br />
<br />
* Match up with release cycles, no open ended development<br />
* The idea is to pick enough bugs to fill a release cycle<br />
* Limits the amount of work people have on their plate<br />
* Each cycle has polish bugs mixed in in addition to normal bug work<br />
<br />
== Priority Lists ==<br />
=== Priority field as a classification ===<br />
<br />
* p1 - serious bugs, show stoppers, release blockers<br />
* p2 - general bugs, really want to fix, easy to reproduce <br />
* p3 - corner case bugs, low occurrence, hard to reproduce<br />
* p4 - polish bugs, non-breaking <br />
* p5 - future, fix optional, community, good first bug<br />
<br />
==== Specialty ====<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578077&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=%5Bqf%5D&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13578080&status_whiteboard_type=allwordssubstr&status_whiteboard=%5Bqf%3Ap1%5D&resolution=---&query_format=advanced&component=Widget&component=Widget%3A%20Cocoa&component=Widget%3A%20Gtk&component=Widget%3A%20Win32&product=Core QF:P1]<br />
* [https://bugzilla.mozilla.org/buglist.cgi?j_top=AND_G&f1=status_whiteboard&list_id=13578113&o1=substring&resolution=---&o2=substring&query_format=advanced&f2=status_whiteboard&v1=photon&v2=tpi Photon bugs requiring PlatInt work], including those filed outside of widget.<br />
<br />
==== Widget ====<br />
* photon - https://is.gd/4EiV1r<br />
* p1 - https://mzl.la/2aMMniW<br />
* p2 - https://mzl.la/2aMLgjr<br />
* p3 - https://mzl.la/2aMMsDg<br />
* p4 - https://mzl.la/2aMMwD0<br />
* p5 - https://mzl.la/2aMKtyP<br />
<br />
==== Widget:Cocoa ====<br />
* photon - https://is.gd/15nZKq<br />
* p1 - http://mzl.la/1WD9K2M<br />
* p2 - http://mzl.la/1WD9VLj<br />
* p3 - http://mzl.la/1WD9ZKZ<br />
* p4 - http://mzl.la/1WDa2qc<br />
* p5 - http://mzl.la/1WD9Zux<br />
<br />
==== Widget:Win32 ====<br />
* photon - https://is.gd/urdotP<br />
* p1 - https://mzl.la/2aMIz1n<br />
* p2 - https://mzl.la/2aMIGKe<br />
* p3 - https://mzl.la/2aMJhf4<br />
* p4 - https://mzl.la/1WDa2qc<br />
* p5 - https://mzl.la/1WD9Zux<br />
<br />
==== Widget:Gtk ====<br />
* photon - https://is.gd/nPeAvW<br />
* p1 - https://mzl.la/2bIeX9w<br />
* p2 - https://mzl.la/2bIfJ6r<br />
* p3 - https://mzl.la/2bIgOLp<br />
* p4 - https://mzl.la/2bIgfBj<br />
* p5 - https://mzl.la/2bPeOOp<br />
<br />
== Triage Links ==<br />
<br />
=== Widget ===<br />
* un-triaged and changed since [https://mzl.la/2wTeSZT 2016-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXIICw<br />
<br />
=== Widget:Cocoa (OSX) ===<br />
* un-triaged and changed since [https://mzl.la/2cNkvvr 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXH2sL<br />
<br />
=== Widget:Win32 (Windows) ===<br />
* un-triaged and changed since [https://mzl.la/2cNjxiW 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXHYxl<br />
<br />
=== Widget:Gtk (Linux) ===<br />
* un-triaged and changed since [https://mzl.la/2cNl2xC 2015-01-01]<br />
* NeedInfo triage list: https://mzl.la/2dXGJON<br />
<br />
== Tracking Lists ==<br />
=== Bugzilla Tracking flags ===<br />
<br />
* flag name: tracking-pi (or) tpi:x<br />
* whiteboard tag: 'tpi:x'<br />
** flag values: ?, -, +, a (active)<br />
<br />
==== tpi:+ ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlegi<br />
* all other components - https://mzl.la/2bxWFaL<br />
<br />
==== tpi:? ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNlufj<br />
* all other components - https://mzl.la/2bJxQFH<br />
<br />
==== tpi:- ====<br />
* Widget, Widget:cocoa, Widget:Win32 and Widget:Gtk - https://mzl.la/2cNmRKP<br />
<br />
= Communication =<br />
<br />
{| class="wikitable fullwidth-table"<br />
| Weekly Team Meeting<br />
|| Wednesday 3pm-4pm, Eastern<br />
* Vidyo: 'PlatInt'<br />
* Invitation: Contact Jim Mathies to get added to the meeting invite list.<br />
|-<br />
| IRC<br />
|| <br />
* Server: irc.mozilla.org<br />
* Channel: [irc://irc.mozilla.org/e10s #platform]<br />
|-<br />
|}<br />
<br />
== Other Information ==</div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/e10s_Multi&diff=1172650
QA/e10s Multi
2017-06-05T13:55:29Z
<p>Twalker: /* Schedule */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
This wiki details the testing that will be performed by QA and other teams for e10s-multi. It defines the overall testing requirements and provides an integrated view of the project test activities. Its purpose is to document:<br />
* Areas of risk<br />
* What will be tested<br />
* How testing will be performed<br />
** criteria<br />
** deliverables<br />
** ownership<br />
** schedule<br />
* What data will be monitored<br />
<br />
To help ensure the best possible release and long term maintenance of this feature.<br />
<br />
== Risk Analysis ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Performance || No browser responsiveness regressions || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Memory Usage || No regressions in comparable system memory usage || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Stability || No regressions in crash rate || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Major site compatibility || No regressions at target websites || style="background-color:lightgreen;" | PASS<br />
|}<br />
<br />
= Testing Strategy =<br />
== Scope ==<br />
{| class="wikitable" style="width:80%"<br />
|-<br />
! Test Areas !! Covered <br />
|-<br />
| Private Window <br />
|style="text-align:center;" | Yes <br />
|-<br />
| Multi-Process Enabled <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Single-Content Process Enabled <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| non-e10s <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| Stability<br />
|style="text-align:center;" | Yes<br />
|-<br />
| '''UI''' <br />
|| <br />
|-<br />
| Interraction (scroll, zoom) <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Multi-Tab/Window<br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Web Compatibility ''' <br />
|| <br />
|-<br />
| Testing against target sites <br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Data Monitoring ''' <br />
|| <br />
<br />
|-<br />
| Temporary or permanent telemetry monitoring <br />
|style="text-align:center;" | Yes <br />
|}<br />
<br />
If it's not listed above, it is currently out of scope.<br />
<br />
== Objectives ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! Single-Content Process<br />
! Multi-Content Process<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing <br />
| Tests passed<br />
| Passed in e10s release<br />
| [https://drive.google.com/file/d/0BzOV3ybvBASXOEt3RFB3c3J5eE0/view results] (1)<br />
| style="background-color:lightgreen;" | Pass (20170405)<br />
| style="background-color:lightgreen;" | SV - Andrei <br />
|-<br />
| Unit testing<br />
| [https://bugzilla.mozilla.org/show_bug.cgi?id=1315042 Automated tests pass]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| style="background-color:lightgreen;" | YES (20170509)<br />
| style="background-color:lightgreen;" | Gabor<br />
|-<br />
| UI<br />
| Tab/Window responsiveness<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Jank Jank Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Jank Jank Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Memory monitoring<br />
| System memory use<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Stability<br />
| Crash rate stable<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Stability Stability Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Stability Stability Analysis]<br />
| style="background-color:lightgreen;" | YES (20170516)<br />
| style="background-color:lightgreen;" | jimm<br />
|}<br />
<br />
(1) Manual test results indicate known bugs. Those are not e10s-multi specific.<br />
<br />
== Manual Testcases ==<br />
* Focus on observed performance of target sites notorious for performance issues; Broadly, these tend to be webmail services ( GMail ), social networks ( Facebook, Twitter ) or productivity tools ( Google Apps, Office 365 )<br />
* Test around multiple content process creation and assignment <br />
** Check for reasonable load balance across processes when opening many tabs from various sources.<br />
<br />
== Environments ==<br />
Full Testing will be performed using Nightly for Desktop builds on:<br />
* Windows<br />
* Mac OS X<br />
* Linux<br />
<br />
== Channel dependent settings (configs) and environment setups ==<br />
* In Nightly dom.ipc.processCount should be 4 by default<br />
<br />
= Project Information =<br />
== Ownership ==<br />
Project Manager: [mailto:elancaster@mozilla.com Erin Lancaster] <br /><br />
Developer contacts: [mailto:mrbkap@mozilla.com Blake Kaplan], [mailto:gkrizsanits@mozilla.com Gabor Krizsanits] <br /><br />
QA: [mailto:twalker@mozilla.com Tracy Walker] <br /><br />
QA Peer: [mailto:andrei.vaida@softvisioninc.eu Andrei Vaida] (SV)<br />
<br />
== Builds ==<br />
This section should contain links for builds with the feature <br />
* [https://nightly.mozilla.org/ Links for Nightly builds]<br />
<br />
== Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project <br />
|style="text-align:center;" | Q3/2016 || Q3/2017<br />
|-<br />
| QA - Test plan creation <br />
|style="text-align:center;" | Q1/2017 || Q1/2017<br />
|-<br />
| QA - Test cases/Env preparation <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Nightly Testing <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Aurora Testing<br />
|style="text-align:center;" | Q2/2017 || Q2/2017<br />
|-<br />
| QA - Beta Testing (1)<br />
|style="text-align:center;" | Q2/2017 || Q3/2017<br />
|-<br />
| Release Date (1)<br />
|style="text-align:center;" | FF54 || 2017-06-13<br />
|}<br />
(1) Note: beta testing targeted for 54, if everything looks great, e10s-multi could go to release with FF54 on 2017-06-13. Otherwise target is 55.<br />
<br />
== References ==<br />
* List and links for specs<br />
** [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes e10s multi wiki page]<br />
** [https://docs.google.com/document/d/1iK_n-wd4xl4b_31D2vUmEM_Pt5wfRn1gHD3dlLcg3gs/edit?ts=58a35366#heading=h.39uznhta9mkg e10s multi release strategy]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria e10s release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria e10s-multi release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria/UI_Smoothness e10s UI smoothness]<br />
<br />
* Meta bug: [https://bugzilla.mozilla.org/show_bug.cgi?id=1303113 Turn e10s-multi on in Nightly]</div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/Async_Drawing_Test_Plan&diff=1172649
QA/Async Drawing Test Plan
2017-06-05T13:54:50Z
<p>Twalker: /* Test Execution Schedule */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
Quality assurance plan to ensure Flash content on Windows with asyncDrawing enabled is ready for public release.<br />
<br />
== Quality Criteria ==<br />
<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Flash videos and apps || No significant regression in site correctness, video performance or app/gaming performance || style="background-color:Tomato;" | 49 Total Bugs, 7 Open (14.29%), 2 Blockers remain<br />
|-<br />
| General performance || Overall performance of asyncDrawing enabled Firefox Adobe Flash Player should not be notably worse than with asyncDrawing not enabled|| style="background-color:#CEF2F2;" | [https://wiki.mozilla.org/QA/asyncDrawing#General_Performance TBD]<br />
|}<br />
<br />
= Testing summary =<br />
== Scope of Testing ==<br />
=== In Scope ===<br />
The scope of our testing is the async drawing functionality and performance of the most popular sites and games with latest Adobe Flash Player. <br />
<br />
* Integration: Verify the integration with the current browser functionalities and UI;<br />
* Functionality: Basic and advanced functionality to be verified according to the existing requirements;<br />
* Performance: Reference, where applicable, observed and collected performance data.<br />
<br />
=== Out of Scope ===<br />
We will not be testing on obscure web sites nor in conjunction with popular add-ons<br />
<br />
= Requirements for testing =<br />
== Environments ==<br />
Testing will be performed on following OSes:<br />
<br />
* Windows 10 (64bit and 32bit)<br />
* Windows 7<br />
<br />
= Quality Assurance Strategy =<br />
== Test Items ==<br />
=== Flash Video and Apps ===<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! asyncDrawing disabled<br />
! asyncDrawing enabled<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing<br />
| Test cases passed<br />
| style="background-color:LightGreen;" | 100%[1]<br />
| style="background-color:Coral;" | 49 Total Bugs, 7 Open (14.29%), 2 Blockers remain<br />
| style="" | [https://wiki.mozilla.org/QA/asyncDrawing#Bug_Work Bug List]<br />
| StephanG<br />
|}<br />
<br />
[https://docs.google.com/spreadsheets/d/1R841DnaGHROvUZA1MKTz26YbsajSqxycWAtJgNBibtc/edit#gid=0 Bug Triage Spreadsheet] - Includes results from various SoftVision testing rounds and analysis.<br />
<br />
[1] All open bugs triaged against both settings. Any bug that was reproducible in both modes removed from bug lists.<br />
<br />
=== General Performance ===<br />
<br />
Acceptable regression ranges, if any, need to be determined through testing. In general, where slow path bitmap based painting is in use (wmode=windowless) we have always had performance issues. As such those sites do not play into our decision making here. We now convert all flash that defaults or is set to use window mode, to direct. In general we haven't seen major performance issues on these sites.<br />
<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! asyncDrawing disabled<br />
! asyncDrawing enabled<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| CPU usage (observed)<br />
| Average % CPU<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| style="background-color:lightgreen;" | PASS<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Memory usage (observed)<br />
| Peak memory usage<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| style="background-color:lightgreen;" | PASS<br />
| style="background-color:lightgreen;" | tracy<br />
|}<br />
<br />
== Builds ==<br />
* Current [https://get.adobe.com/flashplayer/ Adobe Flash Player]<br />
* [http://labs.adobe.com/ Flash Beta Builds]<br />
<br />
== Test Execution Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project<br />
|style="text-align:center;" | December 2016<br />
|style="text-align:center;" | June 2017<br />
|-<br />
| QA - Test plan creation<br />
|style="text-align:center;" | 20170120<br />
|style="text-align:center;" | 20170207<br />
|-<br />
| QA - Test cases/Env preparation<br />
|style="text-align:center;" | 20170120<br />
|style="text-align:center;" | 20170127<br />
|-<br />
| QA - Nightly Testing<br />
|style="text-align:center;" | Dec. 2016<br />
|style="text-align:center;" | Mar. 2017 <br />
|-<br />
| QA - Beta Testing<br />
|style="text-align:center;" | April 2017<br />
|style="text-align:center;" | June 2017<br />
|-<br />
| Release Date<br />
|style="text-align:center;" | <br />
|style="text-align:center;" | 2017-06-13<br />
|}<br />
<br />
== Testing Tools ==<br />
Detail the tools to be used for testing, for example see the following table:<br />
{| class="wikitable" style="width:50%"<br />
|-<br />
! Process !! Tool<br />
|-<br />
| Test plan creation || Mozilla wiki<br />
|-<br />
| Test case creation || TestRail<br />
|-<br />
| Test case execution || TestRail<br />
|-<br />
| Bugs management || Bugzilla <br />
|}<br />
<br />
= Status =<br />
== Overview ==<br />
* Track the dates and build number where feature was released to Nightly<br /><br />
* Track the dates and build number where feature was merged to Aurora<br /><br />
* Track the dates and build number where feature was merged to Release/Beta<br /><br />
<br />
= References =<br />
Early testing tracked [https://docs.google.com/spreadsheets/d/1R841DnaGHROvUZA1MKTz26YbsajSqxycWAtJgNBibtc/edit#gid=0 here]<br />
<br />
= Testcases =<br />
Available on TestRail or [https://docs.google.com/spreadsheets/d/13BU2fvI7dcWJdQSLDnlCuUissJAMn1eFnuhoOjk_M_A/edit#gid=0 Google Doc] format<br />
<br />
== Overview ==<br />
* Summary of testing scenarios<br />
<br />
== Test suite ==<br />
* Full Test suite - Test Rail - ([https://docs.google.com/spreadsheets/d/13BU2fvI7dcWJdQSLDnlCuUissJAMn1eFnuhoOjk_M_A/edit#gid=0 google doc])<br />
** We should make sure the full test suite includes bugs that have whiteboard STR from the list below<br />
<br />
= Bug Work =<br />
<br />
* Bugzilla Meta Bug<br />
** [https://bugzilla.mozilla.org/show_bug.cgi?id=1229961 1229961] <br><br />
** [https://bugzilla.mozilla.org/show_bug.cgi?id=1340934 1340934] <br><br />
<br />
<br />
* Bugzilla logged bugs -<br />
<br />
[https://bugzilla.mozilla.org/showdependencytree.cgi?id=1229961&hide_resolved=1 Main List]<br />
<br />
<bugzilla><br />
{<br />
"f1":"blocked",<br />
"o1":"anywords",<br />
"v1":"1229961,1340934",<br />
"status":["NEW","REOPENED","UNCONFIRMED", "RESOLVED"],<br />
"include_fields":"id,summary,status,resolution,whiteboard"<br />
}<br />
</bugzilla><br />
<br />
= Sign off =<br />
== Criteria ==<br />
Check list<br />
* All Criteria under each section of Quality Assurance Strategy should be green.<br />
* All test cases should be executed<br />
* All blockers, critical bugs must be fixed and verified or have an agreed-upon timeline for being fixed (as determined by engineering/RelMan/QA)<br />
<br />
== Checklist ==<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Exit Criteria !! Status !! Notes/Details<br />
|-<br />
| Testing Prerequisites (specs, use cases)<br />
| style="text-align:center; background-color:LightGreen;" | Done<br />
| style="text-align:center;" |<br />
|-<br />
| Testing Infrastructure setup<br />
|style="text-align:center; background-color:LightGreen;" | None ||<br />
|-<br />
| Test Plan Creation<br />
| style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Test Cases Creation<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Full Functional Tests Execution<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Automation Coverage<br />
|style="text-align:center; background-color:LightGreen;" | N/A ||<br />
|-<br />
| Performance Testing<br />
|style="text-align:center; background-color:Lightyellow;" | {{mprog}} ||<br />
|-<br />
| All Defects Logged<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Critical/Blockers Fixed and Verified<br />
|style="text-align:center; background-color:Tomato;" | {{mprog}} ||<br />
|-<br />
| Metrics/Telemetry ||<br />
|style="text-align:center;" | Beta<br />
|-<br />
| QA Signoff - Nightly Release ||<br />
|style="text-align:center;" | Email to be sent<br />
|-<br />
| QA Beta - Full Testing ||<br />
|style="text-align:center;" | Email to be sent<br />
|-<br />
| QA Signoff - Beta Release ||<br />
|style="text-align:center;" | Email to be sent<br />
|}<br />
<br />
== Ownership ==<br />
Product contact:<br /><br />
<br />
Engineering contact:<br /><br />
[mailto:jimm@mozilla.com Jim Mathies]<br /><br />
<br />
QA contact:<br /><br />
[mailto:stefan.georgiev@softvision.com Stefan Georgiev]<br /><br />
[mailto:twalker@mozilla.com Tracy Walker] (IRC: tracy)<br /></div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/Async_Drawing_Test_Plan&diff=1172648
QA/Async Drawing Test Plan
2017-06-05T13:49:44Z
<p>Twalker: /* General Performance */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
Quality assurance plan to ensure Flash content on Windows with asyncDrawing enabled is ready for public release.<br />
<br />
== Quality Criteria ==<br />
<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Flash videos and apps || No significant regression in site correctness, video performance or app/gaming performance || style="background-color:Tomato;" | 49 Total Bugs, 7 Open (14.29%), 2 Blockers remain<br />
|-<br />
| General performance || Overall performance of asyncDrawing enabled Firefox Adobe Flash Player should not be notably worse than with asyncDrawing not enabled|| style="background-color:#CEF2F2;" | [https://wiki.mozilla.org/QA/asyncDrawing#General_Performance TBD]<br />
|}<br />
<br />
= Testing summary =<br />
== Scope of Testing ==<br />
=== In Scope ===<br />
The scope of our testing is the async drawing functionality and performance of the most popular sites and games with latest Adobe Flash Player. <br />
<br />
* Integration: Verify the integration with the current browser functionalities and UI;<br />
* Functionality: Basic and advanced functionality to be verified according to the existing requirements;<br />
* Performance: Reference, where applicable, observed and collected performance data.<br />
<br />
=== Out of Scope ===<br />
We will not be testing on obscure web sites nor in conjunction with popular add-ons<br />
<br />
= Requirements for testing =<br />
== Environments ==<br />
Testing will be performed on following OSes:<br />
<br />
* Windows 10 (64bit and 32bit)<br />
* Windows 7<br />
<br />
= Quality Assurance Strategy =<br />
== Test Items ==<br />
=== Flash Video and Apps ===<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! asyncDrawing disabled<br />
! asyncDrawing enabled<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing<br />
| Test cases passed<br />
| style="background-color:LightGreen;" | 100%[1]<br />
| style="background-color:Coral;" | 49 Total Bugs, 7 Open (14.29%), 2 Blockers remain<br />
| style="" | [https://wiki.mozilla.org/QA/asyncDrawing#Bug_Work Bug List]<br />
| StephanG<br />
|}<br />
<br />
[https://docs.google.com/spreadsheets/d/1R841DnaGHROvUZA1MKTz26YbsajSqxycWAtJgNBibtc/edit#gid=0 Bug Triage Spreadsheet] - Includes results from various SoftVision testing rounds and analysis.<br />
<br />
[1] All open bugs triaged against both settings. Any bug that was reproducible in both modes removed from bug lists.<br />
<br />
=== General Performance ===<br />
<br />
Acceptable regression ranges, if any, need to be determined through testing. In general, where slow path bitmap based painting is in use (wmode=windowless) we have always had performance issues. As such those sites do not play into our decision making here. We now convert all flash that defaults or is set to use window mode, to direct. In general we haven't seen major performance issues on these sites.<br />
<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! asyncDrawing disabled<br />
! asyncDrawing enabled<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| CPU usage (observed)<br />
| Average % CPU<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| style="background-color:lightgreen;" | PASS<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Memory usage (observed)<br />
| Peak memory usage<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| [https://wiki.mozilla.org/QA/asyncDrawing/perf_Testing results]<br />
| style="background-color:lightgreen;" | PASS<br />
| style="background-color:lightgreen;" | tracy<br />
|}<br />
<br />
== Builds ==<br />
* Current [https://get.adobe.com/flashplayer/ Adobe Flash Player]<br />
* [http://labs.adobe.com/ Flash Beta Builds]<br />
<br />
== Test Execution Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project<br />
|style="text-align:center;" | December 2016<br />
|style="text-align:center;" | -<br />
|-<br />
| QA - Test plan creation<br />
|style="text-align:center;" | 20170120<br />
|style="text-align:center;" | 20170207<br />
|-<br />
| QA - Test cases/Env preparation<br />
|style="text-align:center;" | 20170120<br />
|style="text-align:center;" | 20170127<br />
|-<br />
| QA - Nightly Testing<br />
|style="text-align:center;" | - Dec. 2016<br />
|style="text-align:center;" | Mar. 2017 <br />
|-<br />
| QA - Beta Testing<br />
|style="text-align:center;" | <br />
|style="text-align:center;" |<br />
|-<br />
| Release Date<br />
|style="text-align:center;" | <br />
|style="text-align:center;" |<br />
|}<br />
<br />
== Testing Tools ==<br />
Detail the tools to be used for testing, for example see the following table:<br />
{| class="wikitable" style="width:50%"<br />
|-<br />
! Process !! Tool<br />
|-<br />
| Test plan creation || Mozilla wiki<br />
|-<br />
| Test case creation || TestRail<br />
|-<br />
| Test case execution || TestRail<br />
|-<br />
| Bugs management || Bugzilla <br />
|}<br />
<br />
= Status =<br />
== Overview ==<br />
* Track the dates and build number where feature was released to Nightly<br /><br />
* Track the dates and build number where feature was merged to Aurora<br /><br />
* Track the dates and build number where feature was merged to Release/Beta<br /><br />
<br />
= References =<br />
Early testing tracked [https://docs.google.com/spreadsheets/d/1R841DnaGHROvUZA1MKTz26YbsajSqxycWAtJgNBibtc/edit#gid=0 here]<br />
<br />
= Testcases =<br />
Available on TestRail or [https://docs.google.com/spreadsheets/d/13BU2fvI7dcWJdQSLDnlCuUissJAMn1eFnuhoOjk_M_A/edit#gid=0 Google Doc] format<br />
<br />
== Overview ==<br />
* Summary of testing scenarios<br />
<br />
== Test suite ==<br />
* Full Test suite - Test Rail - ([https://docs.google.com/spreadsheets/d/13BU2fvI7dcWJdQSLDnlCuUissJAMn1eFnuhoOjk_M_A/edit#gid=0 google doc])<br />
** We should make sure the full test suite includes bugs that have whiteboard STR from the list below<br />
<br />
= Bug Work =<br />
<br />
* Bugzilla Meta Bug<br />
** [https://bugzilla.mozilla.org/show_bug.cgi?id=1229961 1229961] <br><br />
** [https://bugzilla.mozilla.org/show_bug.cgi?id=1340934 1340934] <br><br />
<br />
<br />
* Bugzilla logged bugs -<br />
<br />
[https://bugzilla.mozilla.org/showdependencytree.cgi?id=1229961&hide_resolved=1 Main List]<br />
<br />
<bugzilla><br />
{<br />
"f1":"blocked",<br />
"o1":"anywords",<br />
"v1":"1229961,1340934",<br />
"status":["NEW","REOPENED","UNCONFIRMED", "RESOLVED"],<br />
"include_fields":"id,summary,status,resolution,whiteboard"<br />
}<br />
</bugzilla><br />
<br />
= Sign off =<br />
== Criteria ==<br />
Check list<br />
* All Criteria under each section of Quality Assurance Strategy should be green.<br />
* All test cases should be executed<br />
* All blockers, critical bugs must be fixed and verified or have an agreed-upon timeline for being fixed (as determined by engineering/RelMan/QA)<br />
<br />
== Checklist ==<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Exit Criteria !! Status !! Notes/Details<br />
|-<br />
| Testing Prerequisites (specs, use cases)<br />
| style="text-align:center; background-color:LightGreen;" | Done<br />
| style="text-align:center;" |<br />
|-<br />
| Testing Infrastructure setup<br />
|style="text-align:center; background-color:LightGreen;" | None ||<br />
|-<br />
| Test Plan Creation<br />
| style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Test Cases Creation<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Full Functional Tests Execution<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Automation Coverage<br />
|style="text-align:center; background-color:LightGreen;" | N/A ||<br />
|-<br />
| Performance Testing<br />
|style="text-align:center; background-color:Lightyellow;" | {{mprog}} ||<br />
|-<br />
| All Defects Logged<br />
|style="text-align:center; background-color:LightGreen;" | Done ||<br />
|-<br />
| Critical/Blockers Fixed and Verified<br />
|style="text-align:center; background-color:Tomato;" | {{mprog}} ||<br />
|-<br />
| Metrics/Telemetry ||<br />
|style="text-align:center;" | Beta<br />
|-<br />
| QA Signoff - Nightly Release ||<br />
|style="text-align:center;" | Email to be sent<br />
|-<br />
| QA Beta - Full Testing ||<br />
|style="text-align:center;" | Email to be sent<br />
|-<br />
| QA Signoff - Beta Release ||<br />
|style="text-align:center;" | Email to be sent<br />
|}<br />
<br />
== Ownership ==<br />
Product contact:<br /><br />
<br />
Engineering contact:<br /><br />
[mailto:jimm@mozilla.com Jim Mathies]<br /><br />
<br />
QA contact:<br /><br />
[mailto:stefan.georgiev@softvision.com Stefan Georgiev]<br /><br />
[mailto:twalker@mozilla.com Tracy Walker] (IRC: tracy)<br /></div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/e10s_Multi&diff=1172561
QA/e10s Multi
2017-06-02T16:25:49Z
<p>Twalker: /* Risk Analysis */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
This wiki details the testing that will be performed by QA and other teams for e10s-multi. It defines the overall testing requirements and provides an integrated view of the project test activities. Its purpose is to document:<br />
* Areas of risk<br />
* What will be tested<br />
* How testing will be performed<br />
** criteria<br />
** deliverables<br />
** ownership<br />
** schedule<br />
* What data will be monitored<br />
<br />
To help ensure the best possible release and long term maintenance of this feature.<br />
<br />
== Risk Analysis ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Performance || No browser responsiveness regressions || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Memory Usage || No regressions in comparable system memory usage || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Stability || No regressions in crash rate || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Major site compatibility || No regressions at target websites || style="background-color:lightgreen;" | PASS<br />
|}<br />
<br />
= Testing Strategy =<br />
== Scope ==<br />
{| class="wikitable" style="width:80%"<br />
|-<br />
! Test Areas !! Covered <br />
|-<br />
| Private Window <br />
|style="text-align:center;" | Yes <br />
|-<br />
| Multi-Process Enabled <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Single-Content Process Enabled <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| non-e10s <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| Stability<br />
|style="text-align:center;" | Yes<br />
|-<br />
| '''UI''' <br />
|| <br />
|-<br />
| Interraction (scroll, zoom) <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Multi-Tab/Window<br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Web Compatibility ''' <br />
|| <br />
|-<br />
| Testing against target sites <br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Data Monitoring ''' <br />
|| <br />
<br />
|-<br />
| Temporary or permanent telemetry monitoring <br />
|style="text-align:center;" | Yes <br />
|}<br />
<br />
If it's not listed above, it is currently out of scope.<br />
<br />
== Objectives ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! Single-Content Process<br />
! Multi-Content Process<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing <br />
| Tests passed<br />
| Passed in e10s release<br />
| [https://drive.google.com/file/d/0BzOV3ybvBASXOEt3RFB3c3J5eE0/view results] (1)<br />
| style="background-color:lightgreen;" | Pass (20170405)<br />
| style="background-color:lightgreen;" | SV - Andrei <br />
|-<br />
| Unit testing<br />
| [https://bugzilla.mozilla.org/show_bug.cgi?id=1315042 Automated tests pass]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| style="background-color:lightgreen;" | YES (20170509)<br />
| style="background-color:lightgreen;" | Gabor<br />
|-<br />
| UI<br />
| Tab/Window responsiveness<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Jank Jank Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Jank Jank Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Memory monitoring<br />
| System memory use<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Stability<br />
| Crash rate stable<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Stability Stability Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Stability Stability Analysis]<br />
| style="background-color:lightgreen;" | YES (20170516)<br />
| style="background-color:lightgreen;" | jimm<br />
|}<br />
<br />
(1) Manual test results indicate known bugs. Those are not e10s-multi specific.<br />
<br />
== Manual Testcases ==<br />
* Focus on observed performance of target sites notorious for performance issues; Broadly, these tend to be webmail services ( GMail ), social networks ( Facebook, Twitter ) or productivity tools ( Google Apps, Office 365 )<br />
* Test around multiple content process creation and assignment <br />
** Check for reasonable load balance across processes when opening many tabs from various sources.<br />
<br />
== Environments ==<br />
Full Testing will be performed using Nightly for Desktop builds on:<br />
* Windows<br />
* Mac OS X<br />
* Linux<br />
<br />
== Channel dependent settings (configs) and environment setups ==<br />
* In Nightly dom.ipc.processCount should be 4 by default<br />
<br />
= Project Information =<br />
== Ownership ==<br />
Project Manager: [mailto:elancaster@mozilla.com Erin Lancaster] <br /><br />
Developer contacts: [mailto:mrbkap@mozilla.com Blake Kaplan], [mailto:gkrizsanits@mozilla.com Gabor Krizsanits] <br /><br />
QA: [mailto:twalker@mozilla.com Tracy Walker] <br /><br />
QA Peer: [mailto:andrei.vaida@softvisioninc.eu Andrei Vaida] (SV)<br />
<br />
== Builds ==<br />
This section should contain links for builds with the feature <br />
* [https://nightly.mozilla.org/ Links for Nightly builds]<br />
<br />
== Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project <br />
|style="text-align:center;" | Q3/2016 || Q3/2017<br />
|-<br />
| QA - Test plan creation <br />
|style="text-align:center;" | Q1/2017 || Q1/2017<br />
|-<br />
| QA - Test cases/Env preparation <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Nightly Testing <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Aurora Testing<br />
|style="text-align:center;" | Q2/2017 || Q2/2017<br />
|-<br />
| QA - Beta Testing (1)<br />
|style="text-align:center;" | Q2/2017 || Q3/2017<br />
|-<br />
| Release Date (1)<br />
|style="text-align:center;" | FF55 || 2017-08-08<br />
|}<br />
(1) Note: beta testing targeted for 54, if everything looks great, e10s-multi could go to release with FF54 on 2017-06-13. Otherwise target is 55.<br />
<br />
== References ==<br />
* List and links for specs<br />
** [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes e10s multi wiki page]<br />
** [https://docs.google.com/document/d/1iK_n-wd4xl4b_31D2vUmEM_Pt5wfRn1gHD3dlLcg3gs/edit?ts=58a35366#heading=h.39uznhta9mkg e10s multi release strategy]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria e10s release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria e10s-multi release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria/UI_Smoothness e10s UI smoothness]<br />
<br />
* Meta bug: [https://bugzilla.mozilla.org/show_bug.cgi?id=1303113 Turn e10s-multi on in Nightly]</div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/e10s_Multi&diff=1172560
QA/e10s Multi
2017-06-02T16:25:08Z
<p>Twalker: /* Objectives */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
This wiki details the testing that will be performed by QA and other teams for e10s-multi. It defines the overall testing requirements and provides an integrated view of the project test activities. Its purpose is to document:<br />
* Areas of risk<br />
* What will be tested<br />
* How testing will be performed<br />
** criteria<br />
** deliverables<br />
** ownership<br />
** schedule<br />
* What data will be monitored<br />
<br />
To help ensure the best possible release and long term maintenance of this feature.<br />
<br />
== Risk Analysis ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Performance || No browser responsiveness regressions || style="background-color:lightyellow;" | in progress<br />
|-<br />
| Memory Usage || No regressions in comparable system memory usage || style="background-color:lightyellow;" | in progress<br />
|-<br />
| Stability || No regressions in crash rate || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Major site compatibility || No regressions at target websites || style="background-color:lightgreen;" | PASS<br />
|}<br />
<br />
= Testing Strategy =<br />
== Scope ==<br />
{| class="wikitable" style="width:80%"<br />
|-<br />
! Test Areas !! Covered <br />
|-<br />
| Private Window <br />
|style="text-align:center;" | Yes <br />
|-<br />
| Multi-Process Enabled <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Single-Content Process Enabled <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| non-e10s <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| Stability<br />
|style="text-align:center;" | Yes<br />
|-<br />
| '''UI''' <br />
|| <br />
|-<br />
| Interraction (scroll, zoom) <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Multi-Tab/Window<br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Web Compatibility ''' <br />
|| <br />
|-<br />
| Testing against target sites <br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Data Monitoring ''' <br />
|| <br />
<br />
|-<br />
| Temporary or permanent telemetry monitoring <br />
|style="text-align:center;" | Yes <br />
|}<br />
<br />
If it's not listed above, it is currently out of scope.<br />
<br />
== Objectives ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! Single-Content Process<br />
! Multi-Content Process<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing <br />
| Tests passed<br />
| Passed in e10s release<br />
| [https://drive.google.com/file/d/0BzOV3ybvBASXOEt3RFB3c3J5eE0/view results] (1)<br />
| style="background-color:lightgreen;" | Pass (20170405)<br />
| style="background-color:lightgreen;" | SV - Andrei <br />
|-<br />
| Unit testing<br />
| [https://bugzilla.mozilla.org/show_bug.cgi?id=1315042 Automated tests pass]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| style="background-color:lightgreen;" | YES (20170509)<br />
| style="background-color:lightgreen;" | Gabor<br />
|-<br />
| UI<br />
| Tab/Window responsiveness<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Jank Jank Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Jank Jank Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Memory monitoring<br />
| System memory use<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:lightgreen;" | tracy<br />
|-<br />
| Stability<br />
| Crash rate stable<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Stability Stability Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Stability Stability Analysis]<br />
| style="background-color:lightgreen;" | YES (20170516)<br />
| style="background-color:lightgreen;" | jimm<br />
|}<br />
<br />
(1) Manual test results indicate known bugs. Those are not e10s-multi specific.<br />
<br />
== Manual Testcases ==<br />
* Focus on observed performance of target sites notorious for performance issues; Broadly, these tend to be webmail services ( GMail ), social networks ( Facebook, Twitter ) or productivity tools ( Google Apps, Office 365 )<br />
* Test around multiple content process creation and assignment <br />
** Check for reasonable load balance across processes when opening many tabs from various sources.<br />
<br />
== Environments ==<br />
Full Testing will be performed using Nightly for Desktop builds on:<br />
* Windows<br />
* Mac OS X<br />
* Linux<br />
<br />
== Channel dependent settings (configs) and environment setups ==<br />
* In Nightly dom.ipc.processCount should be 4 by default<br />
<br />
= Project Information =<br />
== Ownership ==<br />
Project Manager: [mailto:elancaster@mozilla.com Erin Lancaster] <br /><br />
Developer contacts: [mailto:mrbkap@mozilla.com Blake Kaplan], [mailto:gkrizsanits@mozilla.com Gabor Krizsanits] <br /><br />
QA: [mailto:twalker@mozilla.com Tracy Walker] <br /><br />
QA Peer: [mailto:andrei.vaida@softvisioninc.eu Andrei Vaida] (SV)<br />
<br />
== Builds ==<br />
This section should contain links for builds with the feature <br />
* [https://nightly.mozilla.org/ Links for Nightly builds]<br />
<br />
== Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project <br />
|style="text-align:center;" | Q3/2016 || Q3/2017<br />
|-<br />
| QA - Test plan creation <br />
|style="text-align:center;" | Q1/2017 || Q1/2017<br />
|-<br />
| QA - Test cases/Env preparation <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Nightly Testing <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Aurora Testing<br />
|style="text-align:center;" | Q2/2017 || Q2/2017<br />
|-<br />
| QA - Beta Testing (1)<br />
|style="text-align:center;" | Q2/2017 || Q3/2017<br />
|-<br />
| Release Date (1)<br />
|style="text-align:center;" | FF55 || 2017-08-08<br />
|}<br />
(1) Note: beta testing targeted for 54, if everything looks great, e10s-multi could go to release with FF54 on 2017-06-13. Otherwise target is 55.<br />
<br />
== References ==<br />
* List and links for specs<br />
** [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes e10s multi wiki page]<br />
** [https://docs.google.com/document/d/1iK_n-wd4xl4b_31D2vUmEM_Pt5wfRn1gHD3dlLcg3gs/edit?ts=58a35366#heading=h.39uznhta9mkg e10s multi release strategy]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria e10s release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria e10s-multi release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria/UI_Smoothness e10s UI smoothness]<br />
<br />
* Meta bug: [https://bugzilla.mozilla.org/show_bug.cgi?id=1303113 Turn e10s-multi on in Nightly]</div>
Twalker
https://wiki.mozilla.org/index.php?title=QA/e10s_Multi&diff=1172559
QA/e10s Multi
2017-06-02T16:24:31Z
<p>Twalker: /* Objectives */</p>
<hr />
<div>= Overview =<br />
== Purpose ==<br />
This wiki details the testing that will be performed by QA and other teams for e10s-multi. It defines the overall testing requirements and provides an integrated view of the project test activities. Its purpose is to document:<br />
* Areas of risk<br />
* What will be tested<br />
* How testing will be performed<br />
** criteria<br />
** deliverables<br />
** ownership<br />
** schedule<br />
* What data will be monitored<br />
<br />
To help ensure the best possible release and long term maintenance of this feature.<br />
<br />
== Risk Analysis ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Risk area !! Requirement !! Status<br />
|-<br />
| Performance || No browser responsiveness regressions || style="background-color:lightyellow;" | in progress<br />
|-<br />
| Memory Usage || No regressions in comparable system memory usage || style="background-color:lightyellow;" | in progress<br />
|-<br />
| Stability || No regressions in crash rate || style="background-color:lightgreen;" | PASS<br />
|-<br />
| Major site compatibility || No regressions at target websites || style="background-color:lightgreen;" | PASS<br />
|}<br />
<br />
= Testing Strategy =<br />
== Scope ==<br />
{| class="wikitable" style="width:80%"<br />
|-<br />
! Test Areas !! Covered <br />
|-<br />
| Private Window <br />
|style="text-align:center;" | Yes <br />
|-<br />
| Multi-Process Enabled <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Single-Content Process Enabled <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| non-e10s <br />
|style="text-align:center;" | Yes (baseline)<br />
|-<br />
| Stability<br />
|style="text-align:center;" | Yes<br />
|-<br />
| '''UI''' <br />
|| <br />
|-<br />
| Interraction (scroll, zoom) <br />
|style="text-align:center;" | Yes<br />
|-<br />
| Multi-Tab/Window<br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Web Compatibility ''' <br />
|| <br />
|-<br />
| Testing against target sites <br />
|style="text-align:center;" | Yes<br />
<br />
|-<br />
| ''' Data Monitoring ''' <br />
|| <br />
<br />
|-<br />
| Temporary or permanent telemetry monitoring <br />
|style="text-align:center;" | Yes <br />
|}<br />
<br />
If it's not listed above, it is currently out of scope.<br />
<br />
== Objectives ==<br />
{| class="wikitable" style="width:95%"<br />
|-<br />
! Criteria Description<br />
! Metric<br />
! Single-Content Process<br />
! Multi-Content Process<br />
! Criteria Met?<br />
! QA Owner<br />
|-<br />
| Manual testing <br />
| Tests passed<br />
| Passed in e10s release<br />
| [https://drive.google.com/file/d/0BzOV3ybvBASXOEt3RFB3c3J5eE0/view results] (1)<br />
| style="background-color:lightgreen;" | Pass (20170405)<br />
| style="background-color:lightgreen;" | SV - Andrei <br />
|-<br />
| Unit testing<br />
| [https://bugzilla.mozilla.org/show_bug.cgi?id=1315042 Automated tests pass]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| [https://treeherder.mozilla.org/perf.html#/graphs perfherder]<br />
| style="background-color:lightgreen;" | YES (20170509)<br />
| style="background-color:lightgreen;" | Gabor<br />
|-<br />
| UI<br />
| Tab/Window responsiveness<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Jank Jank Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Jank Jank Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:white;" | tracy<br />
|-<br />
| Memory monitoring<br />
| System memory use<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Memory_Usage Memory Use Analysis]<br />
| style="background-color:lightgreen;" | YES (20170602)<br />
| style="background-color:white;" | tracy<br />
|-<br />
| Stability<br />
| Crash rate stable<br />
| [https://wiki.mozilla.org/Electrolysis/Release_Criteria#Stability Stability Analysis]<br />
| [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria#Stability Stability Analysis]<br />
| style="background-color:lightgreen;" | YES (20170516)<br />
| style="background-color:lightgreen;" | jimm<br />
|}<br />
<br />
(1) Manual test results indicate known bugs. Those are not e10s-multi specific.<br />
<br />
== Manual Testcases ==<br />
* Focus on observed performance of target sites notorious for performance issues; Broadly, these tend to be webmail services ( GMail ), social networks ( Facebook, Twitter ) or productivity tools ( Google Apps, Office 365 )<br />
* Test around multiple content process creation and assignment <br />
** Check for reasonable load balance across processes when opening many tabs from various sources.<br />
<br />
== Environments ==<br />
Full Testing will be performed using Nightly for Desktop builds on:<br />
* Windows<br />
* Mac OS X<br />
* Linux<br />
<br />
== Channel dependent settings (configs) and environment setups ==<br />
* In Nightly dom.ipc.processCount should be 4 by default<br />
<br />
= Project Information =<br />
== Ownership ==<br />
Project Manager: [mailto:elancaster@mozilla.com Erin Lancaster] <br /><br />
Developer contacts: [mailto:mrbkap@mozilla.com Blake Kaplan], [mailto:gkrizsanits@mozilla.com Gabor Krizsanits] <br /><br />
QA: [mailto:twalker@mozilla.com Tracy Walker] <br /><br />
QA Peer: [mailto:andrei.vaida@softvisioninc.eu Andrei Vaida] (SV)<br />
<br />
== Builds ==<br />
This section should contain links for builds with the feature <br />
* [https://nightly.mozilla.org/ Links for Nightly builds]<br />
<br />
== Schedule ==<br />
The following table identifies the anticipated testing period available for test execution.<br />
{| class="wikitable" style="width:60%"<br />
|-<br />
! Project phase !! Start Date !! End Date<br />
|-<br />
| Start project <br />
|style="text-align:center;" | Q3/2016 || Q3/2017<br />
|-<br />
| QA - Test plan creation <br />
|style="text-align:center;" | Q1/2017 || Q1/2017<br />
|-<br />
| QA - Test cases/Env preparation <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Nightly Testing <br />
|style="text-align:center;" | Q1/2017 || Q2/2017<br />
|-<br />
| QA - Aurora Testing<br />
|style="text-align:center;" | Q2/2017 || Q2/2017<br />
|-<br />
| QA - Beta Testing (1)<br />
|style="text-align:center;" | Q2/2017 || Q3/2017<br />
|-<br />
| Release Date (1)<br />
|style="text-align:center;" | FF55 || 2017-08-08<br />
|}<br />
(1) Note: beta testing targeted for 54, if everything looks great, e10s-multi could go to release with FF54 on 2017-06-13. Otherwise target is 55.<br />
<br />
== References ==<br />
* List and links for specs<br />
** [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes e10s multi wiki page]<br />
** [https://docs.google.com/document/d/1iK_n-wd4xl4b_31D2vUmEM_Pt5wfRn1gHD3dlLcg3gs/edit?ts=58a35366#heading=h.39uznhta9mkg e10s multi release strategy]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria e10s release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Multi_Release_Criteria e10s-multi release criteria]<br />
** [https://wiki.mozilla.org/Electrolysis/Release_Criteria/UI_Smoothness e10s UI smoothness]<br />
<br />
* Meta bug: [https://bugzilla.mozilla.org/show_bug.cgi?id=1303113 Turn e10s-multi on in Nightly]</div>
Twalker
https://wiki.mozilla.org/index.php?title=Electrolysis/Multi_Release_Criteria&diff=1171816
Electrolysis/Multi Release Criteria
2017-05-23T15:01:36Z
<p>Twalker: /* UI Smoothness */</p>
<hr />
<div>Page to collect and track Electrolysis Multi Process release criteria.<br />
= Rollout Criteria =<br />
<br />
We plan to ship e10s-multi in Firefox 54 / 55 using a staged rollout. See elan's e10s-multi [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes#Release_Plan release plan].<br />
<br />
== Report / Dashboards ==<br />
<br />
* [https://sql.telemetry.mozilla.org/dashboard/e10s-client-count-beta-e10scontrol- E10s Cohort Count Graphs] - number of clients running with various cohort settings.<br />
* [https://treeherder.mozilla.org/perf.html#/dashboard?topic=e10s Perfherder e10s comparison dashboard]<br />
* [https://treeherder.mozilla.org/perf.html#/graphs Perfherder Compare]<br />
* [https://calendar.google.com/calendar/embed?src=bW96aWxsYS5jb21fZGJxODRhbnI5aTh0Y25taGFiYXRzdHY1Y29AZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ&pli=1 Beta release calendar]<br />
<br />
== Rollout Status ==<br />
<br />
* Nightly: 4 processes<br />
* Beta: experiments running, user default is 1 content process<br />
* Release: 1 content process<br />
<br />
== Notes ==<br />
<br />
1) We can't rely on Talos numbers generated in automation for beta builds. The default there is one content process. We'll have to use try runs of the beta code base to generate comparisons.<br />
<br />
== AWSY Notes ==<br />
<br />
1) Maximum number of tabs set by automation is [https://dxr.mozilla.org/mozilla-beta/source/testing/awsy/awsy/__init__.py currently 30].<br />
<br />
2) [http://searchfox.org/mozilla-central/source/testing/awsy/awsy/test_memory_usage.py test source]<br />
<br />
= Release Criteria =<br />
<br />
== Stability ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| <br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="1"|Metric<br />
!rowspan="1"|Description<br />
!rowspan="1"|Report Links<br />
!rowspan="1"|Analysis By<br />
!rowspan="1"|Criteria Met?<br />
!rowspan="1"|Criteria Met Signed-off By<br />
|-<br />
| Crash Rate<br />
| style="background-color: White;width:250px;"|(chrome crashes + (content process(es) - content process(es) shutdown termination crash reports)) / 1000 use hours<br />
| style="background-color: White;" | [https://sql.telemetry.mozilla.org/queries/4355#8685 beta 54 (redash)]<br />
| style="background-color: White;" | jimm<br />
| style="background-color: LightGreen;width:150px;" | SO FAR - multi1 / multi4 rates track <br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Jank ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| GC_MAX_PAUSE_MS<br />
| style="background-color: White;width:250px;" | Longest GC slice in a single GC cycle in milliseconds, broken down by parent and child process(es).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| CYCLE_COLLECTOR_MAX_PAUSE<br />
| style="background-color: White;width:250px;" | Longest pause for an individual slice of one cycle collection, including preparation in milliseconds, broken down by parent and child process(es).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| INPUT_EVENT_RESPONSE_MS<br />
| style="background-color: White;width:250px;" | Time in milliseconds for input event lifetime (created -> fully handled) including traversal to a child process and back. <br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_TOTAL_MS<br />
| style="background-color: White;width:250px;" | Time in milliseconds a tab switch takes, including first paint of the tab.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| tp5o_responsiveness [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,6be9b4d8231c4ed2bccfcc497c5af51317f67552,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| style="background-color: White;width:250px;" | TP5O Talos numbers, comparing current single process beta builds with try runs using the beta code base and four content processes.<br/>Targets: 64-bit opt/pgo builds<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 Comparison 20170522]<br />
[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 Comparison 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 6.11<br/><br />
Win8 64bit: 4.93<br/><br />
OSX: n/a<br/><br />
Linux: 4.55<br />
| style="background-color: White;" | <br />
Win7 32bit: 6.25 (+2.39%)<br/><br />
Win8 64bit: 4.86 (-1.40%)<br/><br />
OSX: n/a<br/><br />
Linux: 4.52 (-0.59)<br />
| style="background-color: #99FF99;" | YES - note: {{bug|1362920}}<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Page Load ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| FX_PAGE_LOAD_MS<br />
| style="background-color: White;width:250px;"|Time taken to load a page (ms). This includes all static contents, no dynamic content. Loading of about: pages is not counted.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== UI Smoothness ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| TART [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,f36eb8fccce4dc7259b699af75ddd07d63cd914e,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Tab animation regression test (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 7.36<br/><br />
Win8 64bit: 6.26<br/><br />
OSX: 11.18<br/><br />
Linux: 6.31<br />
| style="background-color: White;" | <br />
Win7 32bit: 7.34 (-0.27%)<br/><br />
Win8 64bit: 6.21 (-0.81%)<br/><br />
OSX: 11.35 (+1.54%)<br/><br />
Linux: 6.32 (+0.17%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|-<br />
| TPAINT [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| First paint for a new window (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 298.80<br/><br />
Win8 64bit: 283.82<br/><br />
OSX: 323.16<br/><br />
Linux: 277.12<br />
| style="background-color: White;" | <br />
Win7 32bit: 296.06 (-0.92%)<br/><br />
Win8 64bit: 287.60 (+1.33%)<br/><br />
OSX: 322.43 (-0.23%)<br/><br />
Linux: 277.34 (+0.08%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|-<br />
| TRESIZE [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,4ac681a39a4caefb56468c5bc86fa23b8cee4c4f,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Window resize responsiveness (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 11.99<br/><br />
Win8 64bit: 10.65<br/><br />
OSX: 28.87<br/><br />
Linux: 23.34<br />
| style="background-color: White;" | <br />
Win7 32bit: 11.95 (-0.33%)<br/><br />
Win8 64bit: 10.61 (-0.42%)<br/><br />
OSX: 28.89 (+0.07%)<br/><br />
Linux: 23.90 (+2.38%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Memory Usage ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| MEMORY_TOTAL<br />
| style="background-color: White;width:250px;"| Total memory across all processes (KB).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| MEMORY_VSIZE_MAX_CONTIGUOUS<br />
| style="background-color: White;width:250px;"| Maximum-sized block of contiguous virtual memory (KB).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
=== Are We Slim Yet (AWSY) ===<br />
RSS chrome process + USS content processes (Talos)<br />
<br />
{| class="wikitable"<br />
|-<br />
|5/10/2017<br />
|[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=cb576b0a6f6c&newProject=try&newRevision=21b57ab72ca9&framework=4&showOnlyImportant=0 Perfherder]<br />
|}<br />
<br />
(insert passing criteria declaration)<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Windows 7 Opt 32-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightGreen;"| -0.47%<br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightGreen;"| -0.67%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 29.80% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 32.87%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 26.59%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -29.74% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -18.40% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -12.14% <br />
|<br />
|<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Linux Opt 32-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightYellow;"| 0.11% <br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightYellow;"| 0.27%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 19.87% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 18.98%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 13.15%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -20.46%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -10.59% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -7.76% <br />
|<br />
|<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Linux Opt 64-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightGreen;"| -1.76% <br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightGreen;"| -1.80% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 22.51%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 21.92% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 15.06% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -21.38% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -10.48%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -7.23% <br />
|<br />
|<br />
|}<br />
<br />
* erahm's blog post: [http://www.erahm.org/2016/02/11/memory-usage-of-firefox-with-e10s-enabled/ Memory Usage of Firefox with e10s Enabled]<br />
* Currently using AWSY 'Resident Memory summary opt' values from Perfherder, which should be (RSS + (USS for children)).<br />
<br />
== Tab Switching ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits, Mike Conley<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| FX_TAB_SWITCH_UPDATE_MS<br />
| style="background-color: White;width:250px;"| Time in ms spent updating UI in response to a tab switch.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_TOTAL_E10S_MS<br />
| style="background-color: White;width:250px;"| Time in ms between tab selection and tab content paint.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_SPINNER_VISIBLE_MS<br />
| style="background-color: White;width:250px;"| Time in ms spent updating UI in response to a tab switch.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_SPINNER_VISIBLE_LONG_MS<br />
| style="background-color: White;width:250px;"| If the spinner interstitial displays during tab switching, records the time in ms the graphic is visible. This probe is similar to FX_TAB_SWITCH_SPINNER_VISIBLE_MS, but is for truly degenerate cases.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_REMOTE_NAVIGATION_DELAY_MS<br/><br />
| style="background-color: White;width:250px;"| Time taken in milliseconds between the browser sending a naviagion event to content and content receiving it. This message can be either SessionStore:restoreTabContent or WebNavigation:LoadURI and these names are used as keys for this histogram. This is e10s only and recorded in the content process. Measures delays associated with child process creation. [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86&cumulative=0&e10s=true&end_date=2017-05-16&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=nightly%252F55&processType=*&product=Firefox&sanitize=0&sort_keys=submissions&start_date=2017-04-20&table=0&trim=0&use_submission_date=0 TELEMETRY LINK]<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: lightgreen;" | <br />
Win: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86&cumulative=0&e10s=true&end_date=2017-05-15&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Windows_NT&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br/><br />
OSX: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86-64!x86&cumulative=0&e10s=true&end_date=2017-05-15&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Darwin&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br/><br />
Linux: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86-64!x86&cumulative=0&e10s=true&end_date=2017-05-16&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Linux&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| TPS Test [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,d96c356354e1d01835f87142841749ee6d353184,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Tab switch timing (Talos)<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7-32bit: 26.87<br/><br />
Win8-64bit: 24.06<br/><br />
OSX: 29.39<br/><br />
Linux: 29.74<br />
| style="background-color: White;" | <br />
Win7-32bit: 28.80 (+10.92%)<br/><br />
Win8-64bit: 22.83 (-5.11%)<br/><br />
OSX: 25.48 (-13.30%)<br/><br />
Linux: 28.66 (-3.65%)<br />
| style="background-color: #99FF99;" | YES - note: {{bug|1362920}}<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Slow Scripts ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| SLOW_SCRIPT_NOTICE_COUNT<br />
| style="background-color: White;width:250px;"| Total count of slow script notices displayed to user.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| SLOW_SCRIPT_PAGE_COUNT<br />
| style="background-color: White;width:250px;"| The number of pages that trigger slow script notices.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| SLOW_SCRIPT_NOTIFY_DELAY<br />
| style="background-color: White;width:250px;"| The difference between the js slow script timeout for content set in prefs and the actual time we waited before displaying the notification in milliseconds.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Tests ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Blake Kaplan / Gabor Krizsanits<br />
|-<br />
! Accountable<br />
| Everyone<br />
|-<br />
! Sign Off<br />
| Module Owners / Jeff Griffiths<br />
|}<br />
<br />
All unit tests disabled for e10s-multi must be triaged and:<br />
<br />
* re-enabled (and fixed, if necessary)<br />
* or annotated that the test is irrelevant for e10s-multi<br />
* or deleted<br />
<br />
We want each test directory to be signed-off by the feature area's owner.<br />
<br />
* e10s-multi test meta {{bug|1315042}}<br />
<br />
== QA Test Plan ==<br />
<br />
{| class="wikitable"<br />
! Responsible<br />
| Erin Lancaster<br />
|-<br />
! Accountable<br />
| SoftVision / tracy<br />
|-<br />
! Sign Off<br />
| Jeff Griffiths / tracy<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Task<br />
! Owner<br />
! Criteria Met?<br />
! Criteria Met Signed-off By<br />
|-<br />
| [https://wiki.mozilla.org/QA/e10s_Multi Write test plan]<br />
| Tracy<br />
| style="background-color: LightGreen;" | Done<br />
| style="background-color: LightGreen;" | tracy<br />
|-<br />
| [https://wiki.mozilla.org/QA/e10s_Multi Execute test plan]<br />
| Tracy, Ben M, SV<br />
| style="background-color: LightGreen;" | on going perf testing. so far so good<br />
| style="background-color: white;" | tbd<br />
|}</div>
Twalker
https://wiki.mozilla.org/index.php?title=Electrolysis/Multi_Release_Criteria&diff=1171815
Electrolysis/Multi Release Criteria
2017-05-23T15:01:08Z
<p>Twalker: /* UI Smoothness */</p>
<hr />
<div>Page to collect and track Electrolysis Multi Process release criteria.<br />
= Rollout Criteria =<br />
<br />
We plan to ship e10s-multi in Firefox 54 / 55 using a staged rollout. See elan's e10s-multi [https://wiki.mozilla.org/Electrolysis/Multiple_content_processes#Release_Plan release plan].<br />
<br />
== Report / Dashboards ==<br />
<br />
* [https://sql.telemetry.mozilla.org/dashboard/e10s-client-count-beta-e10scontrol- E10s Cohort Count Graphs] - number of clients running with various cohort settings.<br />
* [https://treeherder.mozilla.org/perf.html#/dashboard?topic=e10s Perfherder e10s comparison dashboard]<br />
* [https://treeherder.mozilla.org/perf.html#/graphs Perfherder Compare]<br />
* [https://calendar.google.com/calendar/embed?src=bW96aWxsYS5jb21fZGJxODRhbnI5aTh0Y25taGFiYXRzdHY1Y29AZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ&pli=1 Beta release calendar]<br />
<br />
== Rollout Status ==<br />
<br />
* Nightly: 4 processes<br />
* Beta: experiments running, user default is 1 content process<br />
* Release: 1 content process<br />
<br />
== Notes ==<br />
<br />
1) We can't rely on Talos numbers generated in automation for beta builds. The default there is one content process. We'll have to use try runs of the beta code base to generate comparisons.<br />
<br />
== AWSY Notes ==<br />
<br />
1) Maximum number of tabs set by automation is [https://dxr.mozilla.org/mozilla-beta/source/testing/awsy/awsy/__init__.py currently 30].<br />
<br />
2) [http://searchfox.org/mozilla-central/source/testing/awsy/awsy/test_memory_usage.py test source]<br />
<br />
= Release Criteria =<br />
<br />
== Stability ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| <br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="1"|Metric<br />
!rowspan="1"|Description<br />
!rowspan="1"|Report Links<br />
!rowspan="1"|Analysis By<br />
!rowspan="1"|Criteria Met?<br />
!rowspan="1"|Criteria Met Signed-off By<br />
|-<br />
| Crash Rate<br />
| style="background-color: White;width:250px;"|(chrome crashes + (content process(es) - content process(es) shutdown termination crash reports)) / 1000 use hours<br />
| style="background-color: White;" | [https://sql.telemetry.mozilla.org/queries/4355#8685 beta 54 (redash)]<br />
| style="background-color: White;" | jimm<br />
| style="background-color: LightGreen;width:150px;" | SO FAR - multi1 / multi4 rates track <br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Jank ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| GC_MAX_PAUSE_MS<br />
| style="background-color: White;width:250px;" | Longest GC slice in a single GC cycle in milliseconds, broken down by parent and child process(es).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| CYCLE_COLLECTOR_MAX_PAUSE<br />
| style="background-color: White;width:250px;" | Longest pause for an individual slice of one cycle collection, including preparation in milliseconds, broken down by parent and child process(es).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| INPUT_EVENT_RESPONSE_MS<br />
| style="background-color: White;width:250px;" | Time in milliseconds for input event lifetime (created -> fully handled) including traversal to a child process and back. <br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_TOTAL_MS<br />
| style="background-color: White;width:250px;" | Time in milliseconds a tab switch takes, including first paint of the tab.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| tp5o_responsiveness [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,6be9b4d8231c4ed2bccfcc497c5af51317f67552,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| style="background-color: White;width:250px;" | TP5O Talos numbers, comparing current single process beta builds with try runs using the beta code base and four content processes.<br/>Targets: 64-bit opt/pgo builds<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 Comparison 20170522]<br />
[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 Comparison 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 6.11<br/><br />
Win8 64bit: 4.93<br/><br />
OSX: n/a<br/><br />
Linux: 4.55<br />
| style="background-color: White;" | <br />
Win7 32bit: 6.25 (+2.39%)<br/><br />
Win8 64bit: 4.86 (-1.40%)<br/><br />
OSX: n/a<br/><br />
Linux: 4.52 (-0.59)<br />
| style="background-color: #99FF99;" | YES - note: {{bug|1362920}}<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Page Load ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| FX_PAGE_LOAD_MS<br />
| style="background-color: White;width:250px;"|Time taken to load a page (ms). This includes all static contents, no dynamic content. Loading of about: pages is not counted.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== UI Smoothness ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| TART [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,f36eb8fccce4dc7259b699af75ddd07d63cd914e,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Tab animation regression test (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 7.36<br/><br />
Win8 64bit: 6.26<br/><br />
OSX: 11.18<br/><br />
Linux: 6.31<br />
| style="background-color: White;" | <br />
Win7 32bit: 7.34 (-0.27%)<br/><br />
Win8 64bit: 6.21 (-0.81%)<br/><br />
OSX: 11.35 (+1.54%)<br/><br />
Linux: 6.32 (+0.17%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|-<br />
| TPAINT [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| First paint for a new window (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 298.80<br/><br />
Win8 64bit: 283.82<br/><br />
OSX: 323.16<br/><br />
Linux: 277.12<br />
| style="background-color: White;" | <br />
Win7 32bit: 296.06 (-0.92)<br/><br />
Win8 64bit: 287.60 (+1.33%)<br/><br />
OSX: 322.43 (-0.23%)<br/><br />
Linux: 277.34 (+0.08%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|-<br />
| TRESIZE [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,4ac681a39a4caefb56468c5bc86fa23b8cee4c4f,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Window resize responsiveness (Talos).<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7 32bit: 11.99<br/><br />
Win8 64bit: 10.65<br/><br />
OSX: 28.87<br/><br />
Linux: 23.34<br />
| style="background-color: White;" | <br />
Win7 32bit: 11.95 (-0.33%)<br/><br />
Win8 64bit: 10.61 (-0.42%)<br/><br />
OSX: 28.89 (+0.07%)<br/><br />
Linux: 23.90 (+2.38%)<br />
| style="background-color: #99FF99;" | YES<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Memory Usage ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| MEMORY_TOTAL<br />
| style="background-color: White;width:250px;"| Total memory across all processes (KB).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| MEMORY_VSIZE_MAX_CONTIGUOUS<br />
| style="background-color: White;width:250px;"| Maximum-sized block of contiguous virtual memory (KB).<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
=== Are We Slim Yet (AWSY) ===<br />
RSS chrome process + USS content processes (Talos)<br />
<br />
{| class="wikitable"<br />
|-<br />
|5/10/2017<br />
|[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=cb576b0a6f6c&newProject=try&newRevision=21b57ab72ca9&framework=4&showOnlyImportant=0 Perfherder]<br />
|}<br />
<br />
(insert passing criteria declaration)<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Windows 7 Opt 32-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightGreen;"| -0.47%<br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightGreen;"| -0.67%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 29.80% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 32.87%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 26.59%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -29.74% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -18.40% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -12.14% <br />
|<br />
|<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Linux Opt 32-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightYellow;"| 0.11% <br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightYellow;"| 0.27%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 19.87% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 18.98%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 13.15%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -20.46%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -10.59% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -7.76% <br />
|<br />
|<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!colspan="5"|Linux Opt 64-bit<br />
|-<br />
!colspan="1"|Metric<br />
!colspan="1"|Regression<br />
!colspan="1"|Criteria Met?<br />
!colspan="1"|Sign-off<br />
|-<br />
|Resident Memory Fresh start<br />
|style="background-color: LightGreen;"| -1.76% <br />
|<br />
|<br />
|-<br />
|Resident Memory Fresh start [+30s]<br />
|style="background-color: LightGreen;"| -1.80% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open<br />
|style="background-color: Tomato;"| 22.51%<br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s] <br />
|style="background-color: Tomato;"| 21.92% <br />
|<br />
|<br />
|-<br />
|Resident Memory After tabs open [+30s, forced GC]<br />
|style="background-color: Tomato;"| 15.06% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed <br />
|style="background-color: LightGreen;"| -21.38% <br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s]<br />
|style="background-color: LightGreen;"| -10.48%<br />
|<br />
|<br />
|-<br />
|Resident Memory Tabs closed [+30s, forced GC]<br />
|style="background-color: LightGreen;"| -7.23% <br />
|<br />
|<br />
|}<br />
<br />
* erahm's blog post: [http://www.erahm.org/2016/02/11/memory-usage-of-firefox-with-e10s-enabled/ Memory Usage of Firefox with e10s Enabled]<br />
* Currently using AWSY 'Resident Memory summary opt' values from Perfherder, which should be (RSS + (USS for children)).<br />
<br />
== Tab Switching ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits, Mike Conley<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| FX_TAB_SWITCH_UPDATE_MS<br />
| style="background-color: White;width:250px;"| Time in ms spent updating UI in response to a tab switch.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_TOTAL_E10S_MS<br />
| style="background-color: White;width:250px;"| Time in ms between tab selection and tab content paint.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_SPINNER_VISIBLE_MS<br />
| style="background-color: White;width:250px;"| Time in ms spent updating UI in response to a tab switch.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_SWITCH_SPINNER_VISIBLE_LONG_MS<br />
| style="background-color: White;width:250px;"| If the spinner interstitial displays during tab switching, records the time in ms the graphic is visible. This probe is similar to FX_TAB_SWITCH_SPINNER_VISIBLE_MS, but is for truly degenerate cases.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: White;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: limited data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| FX_TAB_REMOTE_NAVIGATION_DELAY_MS<br/><br />
| style="background-color: White;width:250px;"| Time taken in milliseconds between the browser sending a naviagion event to content and content receiving it. This message can be either SessionStore:restoreTabContent or WebNavigation:LoadURI and these names are used as keys for this histogram. This is e10s only and recorded in the content process. Measures delays associated with child process creation. [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86&cumulative=0&e10s=true&end_date=2017-05-16&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=nightly%252F55&processType=*&product=Firefox&sanitize=0&sort_keys=submissions&start_date=2017-04-20&table=0&trim=0&use_submission_date=0 TELEMETRY LINK]<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: lightgreen;" | <br />
Win: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86&cumulative=0&e10s=true&end_date=2017-05-15&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Windows_NT&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br/><br />
OSX: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86-64!x86&cumulative=0&e10s=true&end_date=2017-05-15&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Darwin&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br/><br />
Linux: [https://telemetry.mozilla.org/new-pipeline/dist.html#!arch=x86-64!x86&cumulative=0&e10s=true&end_date=2017-05-16&keys=WebNavigation%253ALoadURI!SessionStore%253ArestoreTabContent!__none__!__none__&max_channel_version=beta%252F54&measure=FX_TAB_REMOTE_NAVIGATION_DELAY_MS&min_channel_version=beta%252F51&os=Linux&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-04&table=0&trim=1&use_submission_date=0 YES]<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!rowspan="2"|Metric<br />
!rowspan="2"|Description<br />
!rowspan="2"|Report Links<br />
!rowspan="2"|Analysis By<br />
!rowspan="1" colspan="2"|Results for Child Process Cohorts<br />
!rowspan="2"|Criteria Met?<br />
!rowspan="2"|Criteria Met Signed-off By<br />
|-<br />
! 1<br />
! 4<br />
|-<br />
| TPS Test [https://treeherder.mozilla.org/perf.html#/graphs?timerange=604800&series=%5Btry,d96c356354e1d01835f87142841749ee6d353184,1,1%5D&highlightedRevisions=4aeff94a7fc8&highlightedRevisions=abd843dd9c40 graph]<br />
| Tab switch timing (Talos)<br />
| style="background-color: White;" | [https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=96e5124a8a1c&newProject=try&newRevision=4c1f1a121337&framework=1&showOnlyImportant=0 20170522]<br />
<br/>[https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=4aeff94a7fc872e4716def28f89647fd0d0b4488&newProject=try&newRevision=abd843dd9c400aa08a06a64bf886e5fc972e407a&framework=1&filter=e10s&showOnlyImportant=0 20170510]<br />
| style="background-color: White;" | tracy<br />
| style="background-color: White;" | <br />
Win7-32bit: 26.87<br/><br />
Win8-64bit: 24.06<br/><br />
OSX: 29.39<br/><br />
Linux: 29.74<br />
| style="background-color: White;" | <br />
Win7-32bit: 28.80 (+10.92%)<br/><br />
Win8-64bit: 22.83 (-5.11%)<br/><br />
OSX: 25.48 (-13.30%)<br/><br />
Linux: 28.66 (-3.65%)<br />
| style="background-color: #99FF99;" | YES - note: {{bug|1362920}}<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Slow Scripts ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Jim Mathies<br />
|-<br />
! Data Wrangler<br />
| Ben Miroglio<br />
|-<br />
! Regression(s)<br />
| Blake Kaplan, Gabor Krizsanits<br />
|-<br />
! Report Link<br />
|[https://metrics.mozilla.com/protected/bmiroglio/multi/e10sMulti_experiment.html e10s-multi performance in Telemetry]<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
!Metric<br />
!Description<br />
!Analysis By<br />
!Criteria Met?<br />
!Criteria Met Signed-off By<br />
|-<br />
| SLOW_SCRIPT_NOTICE_COUNT<br />
| style="background-color: White;width:250px;"| Total count of slow script notices displayed to user.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| SLOW_SCRIPT_PAGE_COUNT<br />
| style="background-color: White;width:250px;"| The number of pages that trigger slow script notices.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|-<br />
| SLOW_SCRIPT_NOTIFY_DELAY<br />
| style="background-color: White;width:250px;"| The difference between the js slow script timeout for content set in prefs and the actual time we waited before displaying the notification in milliseconds.<br />
| style="background-color: White;" | ben/tracy<br />
| style="background-color: #FFFF99;" | <br />
Win: YES<br/><br />
OSX: limited data<br/><br />
Linux: no data<br />
| style="background-color: White;" | TBD<br />
|}<br />
<br />
== Tests ==<br />
<br />
{| class="wikitable"<br />
! Reporting<br />
| Blake Kaplan / Gabor Krizsanits<br />
|-<br />
! Accountable<br />
| Everyone<br />
|-<br />
! Sign Off<br />
| Module Owners / Jeff Griffiths<br />
|}<br />
<br />
All unit tests disabled for e10s-multi must be triaged and:<br />
<br />
* re-enabled (and fixed, if necessary)<br />
* or annotated that the test is irrelevant for e10s-multi<br />
* or deleted<br />
<br />
We want each test directory to be signed-off by the feature area's owner.<br />
<br />
* e10s-multi test meta {{bug|1315042}}<br />
<br />
== QA Test Plan ==<br />
<br />
{| class="wikitable"<br />
! Responsible<br />
| Erin Lancaster<br />
|-<br />
! Accountable<br />
| SoftVision / tracy<br />
|-<br />
! Sign Off<br />
| Jeff Griffiths / tracy<br />
|}<br />
<br />
{| class="wikitable"<br />
|-<br />
! Task<br />
! Owner<br />
! Criteria Met?<br />
! Criteria Met Signed-off By<br />
|-<br />
| [https://wiki.mozilla.org/QA/e10s_Multi Write test plan]<br />
| Tracy<br />
| style="background-color: LightGreen;" | Done<br />
| style="background-color: LightGreen;" | tracy<br />
|-<br />
| [https://wiki.mozilla.org/QA/e10s_Multi Execute test plan]<br />
| Tracy, Ben M, SV<br />
| style="background-color: LightGreen;" | on going perf testing. so far so good<br />
| style="background-color: white;" | tbd<br />
|}</div>
Twalker