corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1920463 p1: Remove RemoteSandboxBroker. r=nika,geckoview-reviewers,ipc-reviewers,m_kato

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D223114
This commit is contained in:
Bob Owen
2024-10-16 07:49:24 +00:00
parent 0c747f7dfe
commit 9a7429a6d1
35 changed files with 29 additions and 841 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
browser/app/nsBrowserApp.cpp
View File

@@ -393,11 +393,6 @@ int main(int argc, char* argv[], char* envp[]) {
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction; childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
} }
if (GetGeckoProcessType() == GeckoProcessType_RemoteSandboxBroker) {
childData.sandboxBrokerServices =
mozilla::sandboxing::GetInitializedBrokerServices();
}
# endif # endif
rv = gBootstrap->XRE_InitChildProcess(argc, argv, &childData); rv = gBootstrap->XRE_InitChildProcess(argc, argv, &childData);

1
dom/chrome-webidl/ChromeUtils.webidl
View File

@@ -794,7 +794,6 @@ enum WebIDLProcType {
"vr", "vr",
"rdd", "rdd",
"socket", "socket",
"remoteSandboxBroker",
"inference", "inference",
#ifdef MOZ_ENABLE_FORKSERVER #ifdef MOZ_ENABLE_FORKSERVER
"forkServer", "forkServer",

12
dom/docs/ipc/process_model.rst
View File

@@ -63,7 +63,6 @@ Diagram
<TR><TD BORDER="1">Data Decoder (RDD) Process</TD></TR> <TR><TD BORDER="1">Data Decoder (RDD) Process</TD></TR>
<TR><TD BORDER="1">Network (Socket) Process</TD></TR> <TR><TD BORDER="1">Network (Socket) Process</TD></TR>
<TR><TD BORDER="1">Utility Process</TD></TR> <TR><TD BORDER="1">Utility Process</TD></TR>
<TR><TD BORDER="1">Remote Sandbox Broker Process</TD></TR>
<TR><TD BORDER="1">Fork Server</TD></TR> <TR><TD BORDER="1">Fork Server</TD></TR>
</TABLE> </TABLE>
> >
@@ -291,17 +290,6 @@ Network (Socket) Process
The socket process is used to separate certain networking operations from the parent process, allowing them to be performed more directly in a partially sandboxed process. The eventual goal is to move all TCP/UDP network operations into this dedicated process, and is being tracked in `Bug 1322426 <https://bugzilla.mozilla.org/show_bug.cgi?id=1322426>`_. The socket process is used to separate certain networking operations from the parent process, allowing them to be performed more directly in a partially sandboxed process. The eventual goal is to move all TCP/UDP network operations into this dedicated process, and is being tracked in `Bug 1322426 <https://bugzilla.mozilla.org/show_bug.cgi?id=1322426>`_.
.. _remote-sandbox-process:
Remote Sandbox Broker Process
-----------------------------
:platform: Windows on ARM only
:primary protocol: `PRemoteSandboxBroker <https://searchfox.org/mozilla-central/source/security/sandbox/win/src/remotesandboxbroker/PRemoteSandboxBroker.ipdl>`_
:sandboxed?: no
In order to run sandboxed x86 plugin processes from Windows-on-ARM, the remote sandbox broker process is launched in x86-mode, and used to launch sandboxed x86 subprocesses. This avoids issues with the sandboxing layer, which unfortunately assumes that pointer width matches between the sandboxer and sandboxing process. To avoid this, the remote sandbox broker is used as an x86 sandboxing process which wraps these plugins.
.. _fork-server: .. _fork-server:
Fork Server Fork Server

5
ipc/app/MozillaRuntimeMain.cpp
View File

@@ -88,11 +88,6 @@ int main(int argc, char* argv[]) {
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction; childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
} }
if (GetGeckoProcessType() == GeckoProcessType_RemoteSandboxBroker) {
childData.sandboxBrokerServices =
mozilla::sandboxing::GetInitializedBrokerServices();
}
#endif #endif
nsresult rv = bootstrap->XRE_InitChildProcess(argc, argv, &childData); nsresult rv = bootstrap->XRE_InitChildProcess(argc, argv, &childData);

1
ipc/docs/ipdl.rst
View File

@@ -753,7 +753,6 @@ process type:
``VR`` VR process ``VR`` VR process
``RDD`` Remote Data Decoder (RDD) process ``RDD`` Remote Data Decoder (RDD) process
``Socket`` Socket/Networking process ``Socket`` Socket/Networking process
``RemoteSandboxBroker`` Remote Sandbox Broker process
``ForkServer`` Fork Server process ``ForkServer`` Fork Server process
``Utility`` Utility process ``Utility`` Utility process
============================= ================================================= ============================= =================================================

8
ipc/docs/processes.rst
View File

@@ -523,12 +523,8 @@ Windows Sandbox
_______________ _______________
- Introduce a new ``SandboxBroker::SetSecurityLevelForXXXProcess()`` that - Introduce a new ``SandboxBroker::SetSecurityLevelForXXXProcess()`` that
defines the new sandbox in both defines the new sandbox in the sandbox broker basing yourself on this
`example <https://searchfox.org/mozilla-central/rev/d4b9c457db637fde655592d9e2048939b7ab2854/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#1241-1344>`_
+ the sandbox broker basing yourself on that `example
<https://searchfox.org/mozilla-central/rev/d4b9c457db637fde655592d9e2048939b7ab2854/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#1241-1344>`_
+ the remote sandbox broker getting `inspired by
<https://searchfox.org/mozilla-central/rev/d4b9c457db637fde655592d9e2048939b7ab2854/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp#161-165>`_
- Add new case handling in ``WindowsProcessLauncher::DoSetup()`` calling - Add new case handling in ``WindowsProcessLauncher::DoSetup()`` calling
``SandboxBroker::SetSecurityLevelForXXXProcess()`` in `GeckoChildProcessHost ``SandboxBroker::SetSecurityLevelForXXXProcess()`` in `GeckoChildProcessHost

27
ipc/glue/GeckoChildProcessHost.cpp
View File

@@ -75,9 +75,6 @@
# include "WinUtils.h" # include "WinUtils.h"
# include "mozilla/Preferences.h" # include "mozilla/Preferences.h"
# include "mozilla/sandboxing/sandboxLogging.h" # include "mozilla/sandboxing/sandboxLogging.h"
# if defined(_ARM64_)
# include "mozilla/remoteSandboxBroker.h"
# endif
# endif # endif
# include "mozilla/NativeNt.h" # include "mozilla/NativeNt.h"
@@ -1550,19 +1547,7 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() {
# if defined(MOZ_SANDBOX) || defined(_ARM64_) # if defined(MOZ_SANDBOX) || defined(_ARM64_)
const bool isGMP = mProcessType == GeckoProcessType_GMPlugin; const bool isGMP = mProcessType == GeckoProcessType_GMPlugin;
const bool isWidevine = isGMP && Contains(mChildArgs, "gmp-widevinecdm"); const bool isWidevine = isGMP && Contains(mChildArgs, "gmp-widevinecdm");
# if defined(_ARM64_) # endif // defined(MOZ_SANDBOX) || defined(_ARM64_)
bool useRemoteSandboxBroker = false;
if (mLaunchArch & (base::PROCESS_ARCH_I386 | base::PROCESS_ARCH_X86_64)) {
// On Windows on ARM64 for ClearKey and Widevine, and for the sandbox
// launcher process, we want to run the x86 plugin-container.exe in
// the "i686" subdirectory, instead of the aarch64 plugin-container.exe.
// So insert "i686" into the exePath.
exePath = exePath.DirName().AppendASCII("i686").Append(exePath.BaseName());
useRemoteSandboxBroker =
mProcessType != GeckoProcessType_RemoteSandboxBroker;
}
# endif // if defined(_ARM64_)
# endif // defined(MOZ_SANDBOX) || defined(_ARM64_)
mCmdLine.emplace(exePath.ToWStringHack()); mCmdLine.emplace(exePath.ToWStringHack());
@@ -1585,12 +1570,7 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() {
} }
# if defined(MOZ_SANDBOX) # if defined(MOZ_SANDBOX)
# if defined(_ARM64_) mResults.mSandboxBroker = new SandboxBroker();
if (useRemoteSandboxBroker)
mResults.mSandboxBroker = new RemoteSandboxBroker(mLaunchArch);
else
# endif // if defined(_ARM64_)
mResults.mSandboxBroker = new SandboxBroker();
// XXX: Bug 1124167: We should get rid of the process specific logic for // XXX: Bug 1124167: We should get rid of the process specific logic for
// sandboxing in this class at some point. Unfortunately it will take a bit // sandboxing in this class at some point. Unfortunately it will take a bit
@@ -1666,9 +1646,6 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() {
mUseSandbox = true; mUseSandbox = true;
} }
break; break;
case GeckoProcessType_RemoteSandboxBroker:
// We don't sandbox the sandbox launcher...
break;
case GeckoProcessType_Default: case GeckoProcessType_Default:
default: default:
MOZ_CRASH("Bad process type in GeckoChildProcessHost"); MOZ_CRASH("Bad process type in GeckoChildProcessHost");

2
ipc/ipdl/sync-messages.ini
View File

@@ -296,8 +296,6 @@ description = legacy sync IPC - please add detailed description
description = Lets unprivileged child processes synchronously get a description of the app that handles a given protocol scheme description = Lets unprivileged child processes synchronously get a description of the app that handles a given protocol scheme
[PClientSource::WorkerSyncPing] [PClientSource::WorkerSyncPing]
description = Synchronous ping allowing worker thread to confirm actor is created. Necessary to avoid racing with ClientHandle actors on main thread. description = Synchronous ping allowing worker thread to confirm actor is created. Necessary to avoid racing with ClientHandle actors on main thread.
[PRemoteSandboxBroker::LaunchApp]
description = Synchronous launch of a child process that in turn launches and sandboxes another process. Called on a dedicated thread and targets a dedicated process, so this shouldn't block anything.
[PSandboxTesting::GetSpecialDirectory] [PSandboxTesting::GetSpecialDirectory]
description = Testing only - get a special directory path. description = Testing only - get a special directory path.
# WebGL internals # WebGL internals

2
ipc/ipdl/test/ipdl/error/PUnknownProc.ipdl
View File

@@ -1,4 +1,4 @@
//error: invalid value for attribute `ChildProc', expected one of: any, anychild, anydom, compositor, Parent, Content, IPDLUnitTest, GMPlugin, GPU, VR, RDD, Socket, RemoteSandboxBroker, ForkServer, Utility //error: invalid value for attribute `ChildProc', expected one of: any, anychild, anydom, compositor, Parent, Content, IPDLUnitTest, GMPlugin, GPU, VR, RDD, Socket, ForkServer, Utility
[ChildProc=unknowntype] [ChildProc=unknowntype]
protocol PUnknownProc { protocol PUnknownProc {

4
mobile/android/geckoview/src/main/java/org/mozilla/gecko/process/GeckoProcessType.java
View File

@@ -10,7 +10,7 @@ import org.mozilla.gecko.annotation.WrapForJNI;
public enum GeckoProcessType { public enum GeckoProcessType {
// These need to match the stringified names from the GeckoProcessType enum // These need to match the stringified names from the GeckoProcessType enum
PARENT("default"), PARENT("default"),
PLUGIN("plugin"), OBSOLETE1("plugin"),
CONTENT("tab"), CONTENT("tab"),
IPDLUNITTEST("ipdlunittest"), IPDLUNITTEST("ipdlunittest"),
GMPLUGIN("gmplugin"), GMPLUGIN("gmplugin"),
@@ -18,7 +18,7 @@ public enum GeckoProcessType {
VR("vr"), VR("vr"),
RDD("rdd"), RDD("rdd"),
SOCKET("socket"), SOCKET("socket"),
REMOTESANDBOXBROKER("sandboxbroker"), OBSOLETE2("sandboxbroker"),
FORKSERVER("forkserver"), FORKSERVER("forkserver"),
UTILITY("utility"); UTILITY("utility");

1
security/sandbox/moz.build
View File

@@ -27,7 +27,6 @@ elif CONFIG["OS_ARCH"] == "WINNT":
FORCE_STATIC_LIB = True FORCE_STATIC_LIB = True
DIRS += [ DIRS += [
"win/src/remotesandboxbroker",
"win/src/sandboxbroker", "win/src/sandboxbroker",
"win/src/sandboxtarget", "win/src/sandboxtarget",
] ]

36
security/sandbox/win/src/remotesandboxbroker/PRemoteSandboxBroker.ipdl
View File

@@ -1,36 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
using mozilla::dom::NativeThreadId from "mozilla/dom/NativeThreadId.h";
namespace mozilla {
struct EnvVar {
nsString name;
nsString value;
};
struct LaunchParameters {
nsString path;
nsString args;
EnvVar[] env;
uint32_t processType;
uint32_t sandboxLevel;
nsString[] allowedReadFiles;
uint64_t[] shareHandles;
bool enableLogging;
};
[NeedsOtherPid, NestedUpTo=inside_sync, ChildProc=RemoteSandboxBroker]
sync protocol PRemoteSandboxBroker
{
parent:
async InitCrashReporter(NativeThreadId threadId);
child:
[Nested=inside_sync] sync LaunchApp(LaunchParameters params)
returns (bool ok, uint64_t handle);
};
} // namespace mozilla

87
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.cpp
View File

@@ -1,87 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#include "RemoteSandboxBrokerChild.h"
#include "chrome/common/ipc_channel.h"
#include "mozilla/ipc/CrashReporterClient.h"
#include "nsDebugImpl.h"
#include "mozilla/ipc/CrashReporterClient.h"
#include "RemoteSandboxBrokerProcessChild.h"
using namespace mozilla::ipc;
namespace mozilla {
RemoteSandboxBrokerChild::RemoteSandboxBrokerChild() {
nsDebugImpl::SetMultiprocessMode("RemoteSandboxBroker");
}
RemoteSandboxBrokerChild::~RemoteSandboxBrokerChild() {}
bool RemoteSandboxBrokerChild::Init(mozilla::ipc::UntypedEndpoint&& aEndpoint) {
if (NS_WARN_IF(!aEndpoint.Bind(this))) {
return false;
}
CrashReporterClient::InitSingleton(this);
return true;
}
void RemoteSandboxBrokerChild::ActorDestroy(ActorDestroyReason aWhy) {
if (AbnormalShutdown == aWhy) {
NS_WARNING("Abnormal shutdown of GMP process!");
ipc::ProcessChild::QuickExit();
}
CrashReporterClient::DestroySingleton();
XRE_ShutdownChildProcess();
}
mozilla::ipc::IPCResult RemoteSandboxBrokerChild::RecvLaunchApp(
LaunchParameters&& aParams, bool* aOutOk, uint64_t* aOutHandle) {
auto towstring = [](const nsString& s) {
return std::wstring(s.get(), s.Length());
};
base::EnvironmentMap envmap;
for (const EnvVar& env : aParams.env()) {
envmap[towstring(env.name())] = towstring(env.value());
}
if (!mSandboxBroker.SetSecurityLevelForGMPlugin(
AbstractSandboxBroker::SandboxLevel(aParams.sandboxLevel()),
/* aIsRemoteLaunch */ true)) {
*aOutOk = false;
return IPC_OK();
}
for (const auto& path : aParams.allowedReadFiles()) {
if (!mSandboxBroker.AllowReadFile(path.get())) {
*aOutOk = false;
return IPC_OK();
}
}
for (const auto& handle : aParams.shareHandles()) {
mSandboxBroker.AddHandleToShare(HANDLE(handle));
}
HANDLE p;
mozilla::Result<mozilla::Ok, LaunchError> err =
mSandboxBroker.LaunchApp(aParams.path().get(), aParams.args().get(),
envmap, GeckoProcessType(aParams.processType()),
aParams.enableLogging(), nullptr, (void**)&p);
*aOutOk = err.isOk();
if (*aOutOk) {
*aOutHandle = uint64_t(p);
}
for (const auto& handle : aParams.shareHandles()) {
CloseHandle(HANDLE(handle));
}
return IPC_OK();
}
} // namespace mozilla

35
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.h
View File

@@ -1,35 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#ifndef RemoteSandboxBrokerChild_h_
#define RemoteSandboxBrokerChild_h_
#include "mozilla/PRemoteSandboxBrokerChild.h"
#include "sandboxBroker.h"
namespace mozilla {
class RemoteSandboxBrokerChild : public PRemoteSandboxBrokerChild {
friend class PRemoteSandboxBrokerChild;
public:
NS_INLINE_DECL_REFCOUNTING(RemoteSandboxBrokerChild, override)
RemoteSandboxBrokerChild();
bool Init(mozilla::ipc::UntypedEndpoint&& aEndpoint);
private:
virtual ~RemoteSandboxBrokerChild();
mozilla::ipc::IPCResult RecvLaunchApp(LaunchParameters&& aParams,
bool* aOutOk, uint64_t* aOutHandle);
void ActorDestroy(ActorDestroyReason aWhy);
SandboxBroker mSandboxBroker;
};
} // namespace mozilla
#endif

83
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.cpp
View File

@@ -1,83 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#include "RemoteSandboxBrokerParent.h"
#include "RemoteSandboxBrokerProcessParent.h"
#include "mozilla/Telemetry.h"
#include <windows.h>
namespace mozilla {
RefPtr<GenericPromise> RemoteSandboxBrokerParent::Launch(
uint32_t aLaunchArch, const nsTArray<uint64_t>& aHandlesToShare,
nsISerialEventTarget* aThread) {
MOZ_ASSERT(!mProcess);
if (mProcess) {
// Don't re-init.
return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
}
mProcess = new RemoteSandboxBrokerProcessParent();
#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
mProcess->SetLaunchArchitecture(aLaunchArch);
#endif
for (uint64_t handle : aHandlesToShare) {
mProcess->AddHandleToShare(HANDLE(handle));
}
auto resolve = [self = RefPtr{this}](base::ProcessHandle handle) {
self->mOpened = self->mProcess->TakeInitialEndpoint().Bind(self);
if (!self->mOpened) {
self->mProcess->Destroy();
self->mProcess = nullptr;
return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
}
return GenericPromise::CreateAndResolve(true, __func__);
};
auto reject = [self = RefPtr{this}]() {
NS_ERROR("failed to launch child in the parent");
if (self->mProcess) {
self->mProcess->Destroy();
self->mProcess = nullptr;
}
return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
};
return mProcess->AsyncLaunch()->Then(aThread, __func__, std::move(resolve),
std::move(reject));
}
bool RemoteSandboxBrokerParent::DuplicateFromLauncher(HANDLE aLauncherHandle,
LPHANDLE aOurHandle) {
return ::DuplicateHandle(mProcess->GetChildProcessHandle(), aLauncherHandle,
::GetCurrentProcess(), aOurHandle, 0, false,
DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
}
void RemoteSandboxBrokerParent::ActorDestroy(ActorDestroyReason aWhy) {
if (AbnormalShutdown == aWhy) {
Telemetry::Accumulate(Telemetry::SUBPROCESS_ABNORMAL_ABORT,
nsDependentCString(XRE_GeckoProcessTypeToString(
GeckoProcessType_RemoteSandboxBroker)),
1);
GenerateCrashReport(OtherPid());
}
Shutdown();
}
void RemoteSandboxBrokerParent::Shutdown() {
if (mOpened) {
mOpened = false;
Close();
}
if (mProcess) {
mProcess->Destroy();
mProcess = nullptr;
}
}
} // namespace mozilla

48
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.h
View File

@@ -1,48 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#ifndef RemoteSandboxBrokerParent_h_
#define RemoteSandboxBrokerParent_h_
#include "mozilla/PRemoteSandboxBrokerParent.h"
#include "RemoteSandboxBrokerProcessParent.h"
#include "mozilla/ipc/CrashReporterHelper.h"
namespace mozilla {
class RemoteSandboxBrokerParent
: public PRemoteSandboxBrokerParent,
public ipc::CrashReporterHelper<GeckoProcessType_RemoteSandboxBroker> {
friend class PRemoteSandboxBrokerParent;
public:
NS_INLINE_DECL_REFCOUNTING(RemoteSandboxBrokerParent, override)
bool DuplicateFromLauncher(HANDLE aLauncherHandle, LPHANDLE aOurHandle);
void Shutdown();
// Asynchronously launches the launcher process.
// Note: we rely on the caller to keep this instance alive
// until this promise resolves.
// aThread is the thread to use to resolve the promise on if needed.
RefPtr<GenericPromise> Launch(uint32_t aLaunchArch,
const nsTArray<uint64_t>& aHandlesToShare,
nsISerialEventTarget* aThread);
private:
~RemoteSandboxBrokerParent() = default;
void ActorDestroy(ActorDestroyReason aWhy) override;
RemoteSandboxBrokerProcessParent* mProcess = nullptr;
bool mOpened = false;
};
} // namespace mozilla
#endif // RemoteSandboxBrokerParent_h_

27
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.cpp
View File

@@ -1,27 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#include "RemoteSandboxBrokerProcessChild.h"
#include "mozilla/ipc/IOThreadChild.h"
#include "mozilla/BackgroundHangMonitor.h"
using mozilla::ipc::IOThreadChild;
namespace mozilla {
RemoteSandboxBrokerProcessChild::~RemoteSandboxBrokerProcessChild() {}
bool RemoteSandboxBrokerProcessChild::Init(int aArgc, char* aArgv[]) {
BackgroundHangMonitor::Startup();
return mSandboxBrokerChild->Init(TakeInitialEndpoint());
}
void RemoteSandboxBrokerProcessChild::CleanUp() {
BackgroundHangMonitor::Shutdown();
}
} // namespace mozilla

33
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.h
View File

@@ -1,33 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef RemoteSandboxBrokerProcessChild_h_
#define RemoteSandboxBrokerProcessChild_h_
#include "mozilla/ipc/ProcessChild.h"
#include "RemoteSandboxBrokerChild.h"
namespace mozilla {
class RemoteSandboxBrokerProcessChild final
: public mozilla::ipc::ProcessChild {
protected:
typedef mozilla::ipc::ProcessChild ProcessChild;
public:
using ProcessChild::ProcessChild;
~RemoteSandboxBrokerProcessChild();
bool Init(int aArgc, char* aArgv[]) override;
void CleanUp() override;
private:
RefPtr<RemoteSandboxBrokerChild> mSandboxBrokerChild =
new RemoteSandboxBrokerChild;
};
} // namespace mozilla
#endif // GMPProcessChild_h_

35
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.cpp
View File

@@ -1,35 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#include "RemoteSandboxBrokerProcessParent.h"
#include <windows.h>
#include "mozilla/ipc/LaunchError.h"
using mozilla::ipc::GeckoChildProcessHost;
using mozilla::ipc::LaunchError;
using mozilla::ipc::ProcessHandlePromise;
namespace mozilla {
RemoteSandboxBrokerProcessParent::RemoteSandboxBrokerProcessParent()
: GeckoChildProcessHost(GeckoProcessType_RemoteSandboxBroker) {
MOZ_COUNT_CTOR(RemoteSandboxBrokerProcessParent);
}
RemoteSandboxBrokerProcessParent::~RemoteSandboxBrokerProcessParent() {
MOZ_COUNT_DTOR(RemoteSandboxBrokerProcessParent);
}
RefPtr<ProcessHandlePromise> RemoteSandboxBrokerProcessParent::AsyncLaunch() {
if (!GeckoChildProcessHost::AsyncLaunch()) {
return ProcessHandlePromise::CreateAndReject(
LaunchError("RSBPP::AsyncLaunch"), __func__);
}
return WhenProcessHandleReady();
}
} // namespace mozilla

48
security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.h
View File

@@ -1,48 +0,0 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: sw=2 ts=4 et :
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef RemoteSandboxBrokerProcessParent_h_
#define RemoteSandboxBrokerProcessParent_h_
#include "mozilla/Attributes.h"
#include "base/basictypes.h"
#include "base/file_path.h"
#include "base/thread.h"
#include "mozilla/ipc/GeckoChildProcessHost.h"
class nsIRunnable;
namespace mozilla {
class RemoteSandboxBrokerProcessParent final
: public mozilla::ipc::GeckoChildProcessHost {
public:
RemoteSandboxBrokerProcessParent();
RefPtr<ipc::ProcessHandlePromise> AsyncLaunch();
bool CanShutdown() override { return true; }
using mozilla::ipc::GeckoChildProcessHost::GetChildProcessHandle;
// GeckoChildProcessHost does not directly provide `AddHandleToShare` as
// handles are expected to be passed using `GeckoArgs`. However when
// `RemoteSandboxBroker` is being used, we have already set up the argument
// list, so allow adding those handles directly to the broker's launch
// options.
void AddHandleToShare(HANDLE aHandle) {
mLaunchOptions->handles_to_inherit.push_back(aHandle);
}
private:
~RemoteSandboxBrokerProcessParent();
DISALLOW_COPY_AND_ASSIGN(RemoteSandboxBrokerProcessParent);
};
} // namespace mozilla
#endif // ifndef GMPProcessParent_h

30
security/sandbox/win/src/remotesandboxbroker/moz.build
View File

@@ -1,30 +0,0 @@
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOURCES += [
"remoteSandboxBroker.cpp",
"RemoteSandboxBrokerChild.cpp",
"RemoteSandboxBrokerParent.cpp",
"RemoteSandboxBrokerProcessChild.cpp",
"RemoteSandboxBrokerProcessParent.cpp",
]
EXPORTS.mozilla += [
"remoteSandboxBroker.h",
"RemoteSandboxBrokerChild.h",
"RemoteSandboxBrokerParent.h",
"RemoteSandboxBrokerProcessChild.h",
"RemoteSandboxBrokerProcessParent.h",
]
for var in ("UNICODE", "_UNICODE"):
DEFINES[var] = True
FINAL_LIBRARY = "xul"
IPDL_SOURCES += ["PRemoteSandboxBroker.ipdl"]
include("/ipc/chromium/chromium-config.mozbuild")

167
security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
View File

@@ -1,167 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#include "remoteSandboxBroker.h"
#include "RemoteSandboxBrokerParent.h"
#include "mozilla/SpinEventLoopUntil.h"
#include "nsIThread.h"
namespace mozilla {
RemoteSandboxBroker::RemoteSandboxBroker(uint32_t aLaunchArch)
: mParent(new RemoteSandboxBrokerParent), mLaunchArch(aLaunchArch) {}
RemoteSandboxBroker::~RemoteSandboxBroker() {
MOZ_ASSERT(
mShutdown,
"Shutdown must be called on RemoteSandboxBroker before destruction!");
}
void RemoteSandboxBroker::Shutdown() {
MOZ_ASSERT(!mShutdown, "Don't call Shutdown() twice!");
mShutdown = true;
if (!mIPCLaunchThread) {
// Can't have launched child process, nothing to shutdown.
return;
}
RefPtr<RemoteSandboxBroker> self = this;
mIPCLaunchThread->Dispatch(
NS_NewRunnableFunction("Remote Sandbox Launch", [self, this]() {
// Note: `self` here should be the last reference to this instance.
mParent->Shutdown();
mIPCLaunchThread = nullptr;
}));
}
Result<Ok, mozilla::ipc::LaunchError> RemoteSandboxBroker::LaunchApp(
const wchar_t* aPath, const wchar_t* aArguments,
base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
const bool aEnableLogging, const IMAGE_THUNK_DATA*, void** aProcessHandle) {
// Note: we expect to be called on the IPC launch thread from
// GeckoChildProcesHost while it's launching a child process. The IPC launch
// thread is a TaskQueue. We can't run a synchronous launch here as that
// blocks the calling thread while it dispatches a task to the IPC launch
// thread to spawn the process. Since our calling thread is the IPC launch
// thread, we'd then be deadlocked. So instead we do an async launch, and spin
// the event loop until the process launch succeeds.
// We should be on the IPC launch thread. We're shutdown on the IO thread,
// so save a ref to the IPC launch thread here, so we can close the channel
// on the IPC launch thread on shutdown.
mIPCLaunchThread = GetCurrentSerialEventTarget();
mParameters.path() = nsDependentString(aPath);
mParameters.args() = nsDependentString(aArguments);
auto toNsString = [](const std::wstring& s) {
return nsDependentString(s.c_str());
};
for (auto itr : aEnvironment) {
mParameters.env().AppendElement(
EnvVar(toNsString(itr.first), toNsString(itr.second)));
}
mParameters.processType() = uint32_t(aProcessType);
mParameters.enableLogging() = aEnableLogging;
enum Result { Pending, Succeeded, Failed };
Result res = Pending;
auto resolve = [&](bool ok) {
res = Succeeded;
return GenericPromise::CreateAndResolve(ok, __func__);
};
auto reject = [&](nsresult) {
res = Failed;
return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
};
// We need to wait on the current thread for the process to launch which will
// block the running IPC Launch taskqueue. We cannot use
// GetCurrentSerialEventTarget() (as this returns the currently running
// TaskQueue) to resolve our promise as it will be blocked until we return
// from this function.
nsCOMPtr<nsISerialEventTarget> target = NS_GetCurrentThread();
mParent->Launch(mLaunchArch, mParameters.shareHandles(), target)
->Then(target, __func__, std::move(resolve), std::move(reject));
// Spin the event loop while the sandbox launcher process launches.
SpinEventLoopUntil("RemoteSandboxBroker::LaunchApp"_ns,
[&]() { return res != Pending; });
if (res == Failed) {
return Err(mozilla::ipc::LaunchError("RSB::LaunchApp"));
}
uint64_t handle = 0;
bool ok = false;
bool rv = mParent->SendLaunchApp(std::move(mParameters), &ok, &handle) && ok;
mParameters.shareHandles().Clear();
if (!rv) {
mParent->Shutdown();
return Err(mozilla::ipc::LaunchError("RSB::SendLaunchApp"));
}
// Duplicate the handle of the child process that the launcher launched from
// the launcher process's space into this process' space.
HANDLE ourChildHandle = 0;
bool dh = mParent->DuplicateFromLauncher((HANDLE)handle, &ourChildHandle);
if (!dh) {
mParent->Shutdown();
return Err(mozilla::ipc::LaunchError("RSB::DuplicateFromLauncher"));
}
*aProcessHandle = (void**)(ourChildHandle);
return Ok();
}
bool RemoteSandboxBroker::SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
bool aIsRemoteLaunch) {
mParameters.sandboxLevel() = uint32_t(aLevel);
return true;
}
bool RemoteSandboxBroker::AllowReadFile(wchar_t const* aFile) {
mParameters.allowedReadFiles().AppendElement(nsDependentString(aFile));
return true;
}
void RemoteSandboxBroker::AddHandleToShare(HANDLE aHandle) {
mParameters.shareHandles().AppendElement(uint64_t(aHandle));
}
void RemoteSandboxBroker::SetSecurityLevelForContentProcess(
int32_t aSandboxLevel, bool aIsFileProcess) {
MOZ_CRASH(
"RemoteSandboxBroker::SetSecurityLevelForContentProcess not Implemented");
}
void RemoteSandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
MOZ_CRASH(
"RemoteSandboxBroker::SetSecurityLevelForGPUProcess not Implemented");
}
bool RemoteSandboxBroker::SetSecurityLevelForRDDProcess() {
MOZ_CRASH(
"RemoteSandboxBroker::SetSecurityLevelForRDDProcess not Implemented");
}
bool RemoteSandboxBroker::SetSecurityLevelForSocketProcess() {
MOZ_CRASH(
"RemoteSandboxBroker::SetSecurityLevelForSocketProcess not Implemented");
}
bool RemoteSandboxBroker::SetSecurityLevelForUtilityProcess(
mozilla::ipc::SandboxingKind aSandbox) {
MOZ_CRASH(
"RemoteSandboxBroker::SetSecurityLevelForUtilityProcess not Implemented");
}
} // namespace mozilla

75
security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
View File

@@ -1,75 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#ifndef __REMOTE_SANDBOXBROKER_H__
#define __REMOTE_SANDBOXBROKER_H__
#include "sandboxBroker.h"
#include "RemoteSandboxBrokerParent.h"
#include "mozilla/Result.h"
#include "mozilla/ipc/LaunchError.h"
namespace mozilla {
// To make sandboxing an x86 plugin-container process on Windows on ARM64,
// we launch an x86 child process which in turn launches and sandboxes the x86
// plugin-container child. This means the sandbox broker (in the remote
// x86 sandbox launcher process) can be same-arch with the process that it's
// sandboxing, which means all the sandbox's assumptions about things being
// same arch still hold.
class RemoteSandboxBroker : public AbstractSandboxBroker {
public:
explicit RemoteSandboxBroker(uint32_t aLaunchArch);
void Shutdown() override;
// Note: This should be called on the IPC launch thread, and this spins
// the event loop. So this means potentially another IPC launch could occur
// re-entrantly while calling this.
Result<Ok, mozilla::ipc::LaunchError> LaunchApp(
const wchar_t* aPath, const wchar_t* aArguments,
base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
const bool aEnableLogging, const IMAGE_THUNK_DATA*,
void** aProcessHandle) override;
// Security levels for different types of processes
void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
bool aIsFileProcess) override;
void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
bool SetSecurityLevelForRDDProcess() override;
bool SetSecurityLevelForSocketProcess() override;
bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
bool aIsRemoteLaunch = false) override;
bool SetSecurityLevelForUtilityProcess(
mozilla::ipc::SandboxingKind aSandbox) override;
bool AllowReadFile(wchar_t const* file) override;
void AddHandleToShare(HANDLE aHandle) override;
bool IsWin32kLockedDown() final { return false; };
private:
virtual ~RemoteSandboxBroker();
// Parameters that we use to launch the child process.
LaunchParameters mParameters;
RefPtr<RemoteSandboxBrokerParent> mParent;
// We bind the RemoteSandboxBrokerParent to the IPC launch thread.
// As such, we must close its channel on the same thread. So we save
// a reference to the IPC launch thread here.
nsCOMPtr<nsISerialEventTarget> mIPCLaunchThread;
// True if we've been shutdown.
bool mShutdown = false;
uint32_t mLaunchArch;
};
} // namespace mozilla
#endif // __REMOTE_SANDBOXBROKER_H__

42
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View File

@@ -159,31 +159,27 @@ static void CacheDirAndAutoClear(nsIProperties* aDirSvc, const char* aDirKey,
void SandboxBroker::GeckoDependentInitialize() { void SandboxBroker::GeckoDependentInitialize() {
MOZ_ASSERT(NS_IsMainThread()); MOZ_ASSERT(NS_IsMainThread());
bool haveXPCOM = XRE_GetProcessType() != GeckoProcessType_RemoteSandboxBroker; // Cache directory paths for use in policy rules, because the directory
if (haveXPCOM) { // service must be called on the main thread.
// Cache directory paths for use in policy rules, because the directory nsresult rv;
// service must be called on the main thread. nsCOMPtr<nsIProperties> dirSvc =
nsresult rv; do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
nsCOMPtr<nsIProperties> dirSvc = if (NS_FAILED(rv)) {
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv); MOZ_ASSERT(false,
if (NS_FAILED(rv)) { "Failed to get directory service, cannot cache directories "
MOZ_ASSERT(false, "for rules.");
"Failed to get directory service, cannot cache directories " LOG_E(
"for rules."); "Failed to get directory service, cannot cache directories for "
LOG_E( "rules.");
"Failed to get directory service, cannot cache directories for " return;
"rules.");
return;
}
CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR,
&sUserExtensionsDir);
#endif
} }
CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
#endif
// Create sLaunchErrors up front because ClearOnShutdown must be called on the // Create sLaunchErrors up front because ClearOnShutdown must be called on the
// main thread. // main thread.
sLaunchErrors = new nsTHashtable<nsCStringHashKey>(); sLaunchErrors = new nsTHashtable<nsCStringHashKey>();

3
toolkit/components/aboutprocesses/content/aboutProcesses.js
View File

@@ -519,9 +519,6 @@ var View = {
case "socket": case "socket":
fluentName = "about-processes-socket-process"; fluentName = "about-processes-socket-process";
break; break;
case "remoteSandboxBroker":
fluentName = "about-processes-remote-sandbox-broker-process";
break;
case "forkServer": case "forkServer":
fluentName = "about-processes-fork-server-process"; fluentName = "about-processes-fork-server-process";
break; break;

2
toolkit/components/crashes/tests/xpcshell/test_crash_manager.js
View File

@@ -82,7 +82,6 @@ add_task(async function test_process_ping() {
Assert.ok(m.isPingAllowed("gpu")); Assert.ok(m.isPingAllowed("gpu"));
Assert.ok(m.isPingAllowed("main")); Assert.ok(m.isPingAllowed("main"));
Assert.ok(m.isPingAllowed("rdd")); Assert.ok(m.isPingAllowed("rdd"));
Assert.ok(m.isPingAllowed("sandboxbroker"));
Assert.ok(m.isPingAllowed("socket")); Assert.ok(m.isPingAllowed("socket"));
Assert.ok(m.isPingAllowed("utility")); Assert.ok(m.isPingAllowed("utility"));
Assert.ok(m.isPingAllowed("vr")); Assert.ok(m.isPingAllowed("vr"));
@@ -707,7 +706,6 @@ add_task(async function test_child_process_crash_ping() {
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_VR], m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_VR],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_RDD], m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_RDD],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_SOCKET], m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_SOCKET],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_REMOTESANDBOXBROKER],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_FORKSERVER], m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_FORKSERVER],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_UTILITY], m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_UTILITY],
]; ];

2
toolkit/components/telemetry/docs/data/crash-ping.rst
View File

@@ -129,8 +129,6 @@ are sent only for the ones below:
+---------------+-------------------------------------------------------------------------------+ +---------------+-------------------------------------------------------------------------------+
| socket | :ref:`Network socket process <network-socket-process>` | | socket | :ref:`Network socket process <network-socket-process>` |
+---------------+-------------------------------------------------------------------------------+ +---------------+-------------------------------------------------------------------------------+
| sandboxbroker | :ref:`Remote sandbox broker <remote-sandbox-process>` |
+---------------+-------------------------------------------------------------------------------+
| forkserver | :ref:`Fork server <fork-server>` | | forkserver | :ref:`Fork server <fork-server>` |
+---------------+-------------------------------------------------------------------------------+ +---------------+-------------------------------------------------------------------------------+
| utility | :ref:`Utility process <utility-process>` | | utility | :ref:`Utility process <utility-process>` |

1
toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl
View File

@@ -50,7 +50,6 @@ about-processes-gpu-process = GPU ({ $pid })
about-processes-vr-process = VR ({ $pid }) about-processes-vr-process = VR ({ $pid })
about-processes-rdd-process = Data Decoder ({ $pid }) about-processes-rdd-process = Data Decoder ({ $pid })
about-processes-socket-process = Network ({ $pid }) about-processes-socket-process = Network ({ $pid })
about-processes-remote-sandbox-broker-process = Remote Sandbox Broker ({ $pid })
about-processes-fork-server-process = Fork Server ({ $pid }) about-processes-fork-server-process = Fork Server ({ $pid })
about-processes-preallocated-process = Preallocated ({ $pid }) about-processes-preallocated-process = Preallocated ({ $pid })
about-processes-utility-process = Utility ({ $pid }) about-processes-utility-process = Utility ({ $pid })

26
toolkit/xre/nsEmbedFunctions.cpp
View File

@@ -91,7 +91,6 @@
#if defined(MOZ_SANDBOX) && defined(XP_WIN) #if defined(MOZ_SANDBOX) && defined(XP_WIN)
# include "mozilla/sandboxTarget.h" # include "mozilla/sandboxTarget.h"
# include "mozilla/sandboxing/loggingCallbacks.h" # include "mozilla/sandboxing/loggingCallbacks.h"
# include "mozilla/RemoteSandboxBrokerProcessChild.h"
#endif #endif
#if defined(MOZ_SANDBOX) #if defined(MOZ_SANDBOX)
@@ -484,22 +483,12 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
? MessageLoop::TYPE_MOZILLA_CHILD ? MessageLoop::TYPE_MOZILLA_CHILD
: MessageLoop::TYPE_DEFAULT; : MessageLoop::TYPE_DEFAULT;
break; break;
case GeckoProcessType_RemoteSandboxBroker:
uiLoopType = MessageLoop::TYPE_DEFAULT;
break;
default: default:
uiLoopType = MessageLoop::TYPE_UI; uiLoopType = MessageLoop::TYPE_UI;
break; break;
} }
#if defined(XP_WIN) #if defined(XP_WIN)
# if defined(MOZ_SANDBOX)
if (aChildData->sandboxBrokerServices) {
SandboxBroker::Initialize(aChildData->sandboxBrokerServices, u""_ns);
SandboxBroker::GeckoDependentInitialize();
}
# endif // defined(MOZ_SANDBOX)
{ {
DebugOnly<bool> result = mozilla::WindowsBCryptInitialization(); DebugOnly<bool> result = mozilla::WindowsBCryptInitialization();
MOZ_ASSERT(result); MOZ_ASSERT(result);
@@ -567,13 +556,6 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
std::move(*clientChannel), *parentPID, messageChannelId); std::move(*clientChannel), *parentPID, messageChannelId);
break; break;
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
case GeckoProcessType_RemoteSandboxBroker:
process = MakeUnique<RemoteSandboxBrokerProcessChild>(
std::move(*clientChannel), *parentPID, messageChannelId);
break;
#endif
#if defined(MOZ_ENABLE_FORKSERVER) #if defined(MOZ_ENABLE_FORKSERVER)
case GeckoProcessType_ForkServer: case GeckoProcessType_ForkServer:
MOZ_CRASH("Fork server should not go here"); MOZ_CRASH("Fork server should not go here");
@@ -604,12 +586,8 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
mozilla::sandboxing::InitLoggingIfRequired( mozilla::sandboxing::InitLoggingIfRequired(
aChildData->ProvideLogFunction); aChildData->ProvideLogFunction);
#endif #endif
if (XRE_GetProcessType() != GeckoProcessType_RemoteSandboxBroker) { mozilla::FilePreferences::InitDirectoriesAllowlist();
// Remote sandbox launcher process doesn't have prerequisites for mozilla::FilePreferences::InitPrefs();
// these...
mozilla::FilePreferences::InitDirectoriesAllowlist();
mozilla::FilePreferences::InitPrefs();
}
#if defined(MOZ_SANDBOX) #if defined(MOZ_SANDBOX)
AddContentSandboxLevelAnnotation(); AddContentSandboxLevelAnnotation();

2
tools/@types/lib.gecko.dom.d.ts vendored
View File

@@ -25452,7 +25452,7 @@ type VideoTransferCharacteristics = "bt709" | "hlg" | "iec61966-2-1" | "linear"
type VisibilityState = "hidden" | "visible"; type VisibilityState = "hidden" | "visible";
type WakeLockType = "screen"; type WakeLockType = "screen";
type WebGLPowerPreference = "default" | "high-performance" | "low-power"; type WebGLPowerPreference = "default" | "high-performance" | "low-power";
type WebIDLProcType = "browser" | "extension" | "file" | "forkServer" | "gmpPlugin" | "gpu" | "inference" | "ipdlUnitTest" | "preallocated" | "privilegedabout" | "privilegedmozilla" | "rdd" | "remoteSandboxBroker" | "socket" | "unknown" | "utility" | "vr" | "web" | "webIsolated" | "webServiceWorker" | "withCoopCoep"; type WebIDLProcType = "browser" | "extension" | "file" | "forkServer" | "gmpPlugin" | "gpu" | "inference" | "ipdlUnitTest" | "preallocated" | "privilegedabout" | "privilegedmozilla" | "rdd" | "socket" | "unknown" | "utility" | "vr" | "web" | "webIsolated" | "webServiceWorker" | "withCoopCoep";
type WebIDLUtilityActorName = "audioDecoder_AppleMedia" | "audioDecoder_Generic" | "audioDecoder_WMF" | "jSOracle" | "mfMediaEngineCDM" | "unknown" | "windowsFileDialog" | "windowsUtils"; type WebIDLUtilityActorName = "audioDecoder_AppleMedia" | "audioDecoder_Generic" | "audioDecoder_WMF" | "jSOracle" | "mfMediaEngineCDM" | "unknown" | "windowsFileDialog" | "windowsUtils";
type WebTransportCongestionControl = "default" | "low-latency" | "throughput"; type WebTransportCongestionControl = "default" | "low-latency" | "throughput";
type WebTransportErrorSource = "session" | "stream"; type WebTransportErrorSource = "session" | "stream";

1
tools/@types/lib.gecko.xpcom.d.ts vendored
View File

@@ -14570,7 +14570,6 @@ interface nsIXULRuntime extends nsISupports, Enums<typeof nsIXULRuntime.Experime
readonly PROCESS_TYPE_VR: 6; readonly PROCESS_TYPE_VR: 6;
readonly PROCESS_TYPE_RDD: 7; readonly PROCESS_TYPE_RDD: 7;
readonly PROCESS_TYPE_SOCKET: 8; readonly PROCESS_TYPE_SOCKET: 8;
readonly PROCESS_TYPE_REMOTESANDBOXBROKER: 9;
readonly PROCESS_TYPE_FORKSERVER: 10; readonly PROCESS_TYPE_FORKSERVER: 10;
readonly PROCESS_TYPE_UTILITY: 11; readonly PROCESS_TYPE_UTILITY: 11;
readonly E10S_MULTI_EXPERIMENT: 1; readonly E10S_MULTI_EXPERIMENT: 1;

6
xpcom/build/XREChildData.h
View File

@@ -32,12 +32,6 @@ struct XREChildData {
* Function to provide a logging function to the chromium sandbox code. * Function to provide a logging function to the chromium sandbox code.
*/ */
mozilla::sandboxing::ProvideLogFunctionCb ProvideLogFunction = nullptr; mozilla::sandboxing::ProvideLogFunctionCb ProvideLogFunction = nullptr;
/**
* Chromium sandbox broker services; needed by the remote sandbox
* launcher process.
*/
sandbox::BrokerServices* sandboxBrokerServices = nullptr;
#endif #endif
}; };

1
xpcom/components/nsComponentManager.cpp
View File

@@ -367,7 +367,6 @@ nsresult nsComponentManagerImpl::Init() {
// We are going to assume that only a select few (see below) process types // We are going to assume that only a select few (see below) process types
// want to load chrome manifests, and that any new process types will not // want to load chrome manifests, and that any new process types will not
// want to load them, because they're not going to be executing JS. // want to load them, because they're not going to be executing JS.
case GeckoProcessType_RemoteSandboxBroker:
default: default:
loadChromeManifests = false; loadChromeManifests = false;
break; break;

11
xpcom/geckoprocesstypes_generator/geckoprocesstypes/__init__.py
View File

@@ -167,17 +167,6 @@ process_types = [
"SOCKET", "SOCKET",
True, True,
), ),
GeckoProcessType(
9,
"RemoteSandboxBroker",
"sandboxbroker",
"RemoteSandboxBroker",
"PluginContainer",
"RemoteSandboxBroker",
"RemoteSandboxBroker",
"REMOTESANDBOXBROKER",
True,
),
GeckoProcessType( GeckoProcessType(
10, 10,
"ForkServer", "ForkServer",

1
xpcom/system/nsIXULRuntime.idl
View File

@@ -223,7 +223,6 @@ interface nsIXULRuntime : nsISupports
const unsigned long PROCESS_TYPE_VR = 6; const unsigned long PROCESS_TYPE_VR = 6;
const unsigned long PROCESS_TYPE_RDD = 7; const unsigned long PROCESS_TYPE_RDD = 7;
const unsigned long PROCESS_TYPE_SOCKET = 8; const unsigned long PROCESS_TYPE_SOCKET = 8;
const unsigned long PROCESS_TYPE_REMOTESANDBOXBROKER = 9;
const unsigned long PROCESS_TYPE_FORKSERVER = 10; const unsigned long PROCESS_TYPE_FORKSERVER = 10;
const unsigned long PROCESS_TYPE_UTILITY = 11; const unsigned long PROCESS_TYPE_UTILITY = 11;