Bug 1997854 - Change the number of policy memory pages back to previous value. r=yjuglaret

This also surfaces that value as a constant, so that we can rely on it.

Differential Revision: https://phabricator.services.mozilla.com/D271086

Author: bobowen

security/sandbox/chromium-shim/patches/52_surface_kPolMemPageCount_and_revert_to_14.patch

@@ -0,0 +1,51 @@
+This surfaces the memory page count for the maximum policy size as a constant,
+so that we can rely on it in our code. It also reverts it to 14, the value
+it was set to before the latest chromium sandbox update.
+
+diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h b/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
+index 4d9d8f270890..bffab2fae890 100644
+--- a/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
++++ b/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
+@@ -10,16 +10,19 @@
+ 
+ #include "base/containers/span.h"
+ #include "base/memory/scoped_refptr.h"
+ #include "sandbox/win/src/sandbox_types.h"
+ #include "sandbox/win/src/security_level.h"
+ 
+ namespace sandbox {
+ 
++// Number of memory pages to allow for the policy storage.
++constexpr size_t kPolMemPageCount = 14;
++
+ class AppContainer;
+ 
+ // Desktop used to launch child, controls GetDesktop().
+ enum class Desktop {
+   // Child is launched without changing the desktop.
+   kDefault,
+   // Child is launched using the alternate desktop.
+   kAlternateDesktop,
+diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc b/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
+index 2559133d772b..3395e9cadc07 100644
+--- a/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
++++ b/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
+@@ -44,17 +44,17 @@
+ 
+ namespace sandbox {
+ namespace {
+ 
+ // The standard windows size for one memory page.
+ constexpr size_t kOneMemPage = 4096;
+ // The IPC and Policy shared memory sizes.
+ constexpr size_t kIPCMemSize = kOneMemPage * 2;
+-constexpr size_t kPolMemSize = kOneMemPage * 6;
++constexpr size_t kPolMemSize = kOneMemPage * kPolMemPageCount;
+ 
+ // Offset of pShimData in ntdll!_PEB.
+ #if defined(_WIN64)
+ // This is the same on x64 and arm64.
+ constexpr ptrdiff_t kShimDataOffset = 0x2d8;
+ #else
+ constexpr ptrdiff_t kShimDataOffset = 0x1e8;
+ #endif

security/sandbox/chromium/sandbox/win/src/sandbox_policy.h

@@ -15,6 +15,9 @@
 
 namespace sandbox {
 
+// Number of memory pages to allow for the policy storage.
+constexpr size_t kPolMemPageCount = 14;
+
 class AppContainer;
 
 // Desktop used to launch child, controls GetDesktop().

security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc

@@ -49,7 +49,7 @@ namespace {
 constexpr size_t kOneMemPage = 4096;
 // The IPC and Policy shared memory sizes.
 constexpr size_t kIPCMemSize = kOneMemPage * 2;
-constexpr size_t kPolMemSize = kOneMemPage * 6;
+constexpr size_t kPolMemSize = kOneMemPage * kPolMemPageCount;
 
 // Offset of pShimData in ntdll!_PEB.
 #if defined(_WIN64)

security/sandbox/win/src/sandboxbroker/ConfigHelpers.cpp

@@ -30,8 +30,10 @@ SizeTrackingConfig::SizeTrackingConfig(sandbox::TargetConfig* aConfig,
     : mConfig(aConfig) {
   MOZ_ASSERT(mConfig);
 
-  // The calculation at the start of sandbox_policy_base.cc allows for 14 pages.
-  MOZ_ASSERT(aStoragePages <= 14);
+  // The calculation uses the kPolMemPageCount constant in sandbox_policy.h.
+  // We reduce the allowable size by 1 to account for the PolicyGlobal.
+  MOZ_ASSERT(aStoragePages > 0);
+  MOZ_ASSERT(static_cast<size_t>(aStoragePages) < sandbox::kPolMemPageCount);
 
   constexpr int32_t kOneMemPage = 4096;
   mRemainingSize = kOneMemPage * aStoragePages;