202
edits
Security/Sandbox: Difference between revisions
Cleanup and add RDD process
Haftandilian (talk | contribs) (Remove table documenting what is blocked for each level and replace with a description.) |
Haftandilian (talk | contribs) (Cleanup and add RDD process) |
||
| Line 256: | Line 256: | ||
== OSX == | == OSX == | ||
=== Content Levels === | === Content Levels for Web and File Content Processes === | ||
Mac content processes use sandbox level 3. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Mac sandboxing uses a white list policy for all process types. Each policy begins with a statement to deny all access to system resources and then specifies the allowed resources. The level 3 sandbox allows file system read metadata access with full read access for specific system directories and some user directories, access to the microphone, access to various system services, windowserver, named sysctls and iokit properties, and other miscellaneous items. Work is ongoing to remove access to the microphone, windowserver, and other system services where possible. The sandbox blocks write access to all of the file system, read access to the profile directory (apart from the chrome and extensions subdirectories, read access to the home directory, inbound/outbound network I/O, exec, fork, printing, video input devices such as cameras. Older sandbox levels 1 and 2 are less restrictive. Mainly, level 2 allows file-read access to all of the filesystem except the ~/Library directory. Level 1 allows all file-read access. Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3. | Mac content processes use sandbox level 3. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Mac sandboxing uses a white list policy for all process types. Each policy begins with a statement to deny all access to system resources and then specifies the allowed resources. The level 3 sandbox allows file system read metadata access with full read access for specific system directories and some user directories, access to the microphone, access to various system services, windowserver, named sysctls and iokit properties, and other miscellaneous items. Work is ongoing to remove access to the microphone, windowserver, and other system services where possible. The sandbox blocks write access to all of the file system, read access to the profile directory (apart from the chrome and extensions subdirectories, read access to the home directory, inbound/outbound network I/O, exec, fork, printing, video input devices such as cameras. Older sandbox levels 1 and 2 are less restrictive. Mainly, level 2 allows file-read access to all of the filesystem except the ~/Library directory. Level 1 allows all file-read access. Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3. | ||
The web and file content policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyContent.h SandboxPolicyContent.h] | |||
[https:// | === Gecko Media Plugin Processes === | ||
The Gecko Media Plugins (GMP) policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyGMP.h SandboxPolicyGMP.h]. | |||
=== Remote Data Decoder Processes === | |||
The Remote Data Decoder (RDD) policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyUtility.h SandboxPolicyUtility.h]. | |||
=== NPAPI Flash Process === | === NPAPI Flash Process === | ||
Enabled in Firefox starting with build 62. The Mac Flash sandbox is enabled at level 1. Some features are affected by the Sandbox and those are documented in [https://support.mozilla.org/en-US/kb/changes-affecting-adobe-flash-firefox-mac "Changes affecting Adobe Flash on Firefox for Mac" on support.mozilla.org]. | Enabled in Firefox starting with build 62. The Mac Flash sandbox is enabled at level 1. Some features are affected by the Sandbox and those are documented in [https://support.mozilla.org/en-US/kb/changes-affecting-adobe-flash-firefox-mac "Changes affecting Adobe Flash on Firefox for Mac" on support.mozilla.org]. The Flash policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyFlash.h SandboxPolicyFlash.h]. | ||
== Linux == | == Linux == | ||