allow-sandbox-null-dll-blocklist

mozilla-central/patches/9999999-allow-sandbox-null-dll-blocklist-suite.patch.

@@ -0,0 +1,90 @@
+
+# HG changeset patch
+# User Bill Gianopoulos <wgianopoulos@gmail.com>
+# Date 1725364198 0
+Bug 9999999 - Allow sandbox null dll blocklist if suite.
+
+diff --git a/python/mozbuild/mozbuild/base.py b/python/mozbuild/mozbuild/base.py
+--- a/python/mozbuild/mozbuild/base.py
++++ b/python/mozbuild/mozbuild/base.py
+@@ -968,16 +968,25 @@ class MachCommandConditions(object):
+     @staticmethod
+     def is_jsshell(cls):
+         """Must have a jsshell build."""
+         if hasattr(cls, "substs"):
+             return cls.substs.get("MOZ_BUILD_APP") == "js"
+         return False
+ 
+     @staticmethod
++    def is_comm_suite(cls):
++        """Must have a comm suite build"""
++        if hasattr(cls, "substs"):
++            build_app = cls.substs.get("MOZ_BUILD_APP")
++            if build_app" == "comm/suite"):
++               return True
++        return False
++
++    @staticmethod
+     def is_thunderbird(cls):
+         """Must have a Thunderbird build."""
+         if hasattr(cls, "substs"):
+             return cls.substs.get("MOZ_BUILD_APP") == "comm/mail"
+         return False
+ 
+     @staticmethod
+     def is_firefox_or_thunderbird(cls):
+@@ -1007,17 +1016,19 @@ class MachCommandConditions(object):
+             cls
+         ) or MachCommandConditions.is_android(cls)
+ 
+     @staticmethod
+     def has_build(cls):
+         """Must have a build."""
+         return MachCommandConditions.is_firefox_or_android(
+             cls
+-        ) or MachCommandConditions.is_thunderbird(cls)
++        ) or MachCommandConditions.is_thunderbird(
++            cls
++        ) or MachCommandConditions.is_comm_suite(cls)
+ 
+     @staticmethod
+     def has_build_or_shell(cls):
+         """Must have a build or a shell build."""
+         return MachCommandConditions.has_build(cls) or MachCommandConditions.is_jsshell(
+             cls
+         )
+ 
+diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
++++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+@@ -394,25 +394,25 @@ Result<Ok, mozilla::ipc::LaunchError> Sa
+     return Err(mozilla::ipc::LaunchError::FromWin32Error("SB::LA::SpawnTarget",
+                                                          last_error));
+   } else if (sandbox::SBOX_ALL_OK != last_warning) {
+     // If there was a warning (but the result was still ok), log it and proceed.
+     LOG_W("Warning on SpawnTarget with last_error=%lu, last_warning=%d",
+           last_error, last_warning);
+   }
+ 
+-#ifdef MOZ_THUNDERBIRD
+-  // In Thunderbird, mInitDllBlocklistOOP is null, so InitDllBlocklistOOP would
++#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
++  // In Thunderbird and SeaMonkey, mInitDllBlocklistOOP is null, so InitDllBlocklistOOP would
+   // hit MOZ_RELEASE_ASSERT.
+-  constexpr bool isThunderbird = true;
++  constexpr bool hasNullDllBlocklistOOP = true;
+ #else
+-  constexpr bool isThunderbird = false;
++  constexpr bool hasNullDllBlocklistOOP = false;
+ #endif
+ 
+-  if (!isThunderbird &&
++  if (!hasNullDllBlocklistOOP &&
+       XRE_GetChildProcBinPathType(aProcessType) == BinPathType::Self) {
+     RefPtr<DllServices> dllSvc(DllServices::Get());
+     LauncherVoidResultWithLineInfo blocklistInitOk =
+         dllSvc->InitDllBlocklistOOP(aPath, targetInfo.hProcess,
+                                     aCachedNtdllThunk, aProcessType);
+     if (blocklistInitOk.isErr()) {
+       dllSvc->HandleLauncherError(blocklistInitOk.unwrapErr(),
+                                   XRE_GeckoProcessTypeToString(aProcessType));

mozilla-central/patches/series

@@ -1,3 +1,4 @@
 9999999-NSSgetentropy.patch
 1807834-respect-dmg-hfs-env.patch
+9999999-allow-sandbox-null-dll-blocklist-suite.patch.
 TOP-PLASTER-revert-poll-interval.patch