- bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - should be ready to land today
- bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - landed!
- bug 1299329 - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed
- bug 1284588 - OS X: Disable content process write access to user files in the home directory
- bug 1301034 - Log when non-static file policy AddRule calls fail in Windows SandboxBroker
- landed - need to uplift
- bug 1147911 - Use a separate content process for file:// URLs
- Have rough patch that give us a separate process for file://.
- Needs more testing, but the main problem is that I've discovered that my work around for bug 1287426 and the USER_NON_ADMIN token doesn't give access to network drives. So I might have to back that out tomorrow.
- bug 1104619 - remoting audio - little progress, working on getting the cubeb.h api remoted
- bug 1289718 - Construct policy - started looking at the newest changes from :gcp
- not much implementation work, mostly security assurance
- [Bug 1289718] Construct a seccomp-bpf policy for file access on Linux Desktop
- Addressing review comments, looking at try fallout now
- Fixing bugs in profile locking/XRemote
- bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows.
- Was working with audio on content proc. Very soon working with audio on chrome proc.
- bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
- Prezi fix was not valid. They are back on it.
Add-ons meeting action items
- Documenting restrictions on MDN
- giving developers a long term view of what's coming so they only need to change things once
- documenting rollout plan / rough release estimates
- For outreach -> Jorge
- develop debugging tools
- file access (write and read if possible) restriction logging?
- bowen: we have MOZ_WIN_SANDBOX_LOGGING on Windows (also pref security.sandbox.windows.log)
- gcp: On linux the file broker can do this
- filtering known paths to cut down on log volume
- Differentiating between Firefox activity and addons?
- static analysis of add-on code?
- Hard to do, fraught with accuracy issues.
- telemetry logging?
- Could we log all content process writes to profile dir? logging without paths? Just to know it happened.
- Providing a way for add-ons to register area of the file system they want to access to?
- transferring of data from chrome too content (GreaseMonkey/ABP/DTA)?
- fraught with issues.. probably better to set the policy that data must come over IPC
- Making sure we have the APIs needed to move existing file access to IPC
* https://developer.mozilla.org/en-US/docs/Web/API/File * https://developer.mozilla.org/en-US/docs/Extensions/Using_the_DOM_File_API_in_chrome_code * https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL * https://bugzilla.mozilla.org/show_bug.cgi?id=1279186 (FF50, makes createObjectURL apply to all processes) * http://searchfox.org/mozilla-central/source/dom/ipc/PBlobStream.ipdl