corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
current
tubestation/security/sandbox/linux/SandboxReporterClient.h
Nika Layzell 127232259b Bug 1440207 - Part 3e: Pass linux sandbox fds using geckoargs, r=ipc-reviewers,jld 
Previously these arguments were initialized in places which would be
inconvenient to use geckoargs with. This patch changes them to both be
initialized during SandboxLaunch::Configure in the parent process, and
then be passed down to the process launching code either within the
LaunchOptions object, or in the ChildProcessArgs object.

Unfortunately, we need to read the command line arguments within
XRE_InitChildProcess, rather than SandboxEarlyInit, as the sandbox code
is not linked directly to libxul, where the file handle GeckoArgs
methods are defined.

One of the more significant functional changes here is that when using
the fork server, the chroot pipe will be created within the parent
process, with the server end of the pipe passed over IPC to the fork
server to be used to create the chroot server. This is a bit
unnecessary, but keeps things simpler for the fork server, as geckoargs
are transferred directly from the parent process to the forked child
processes over the forkserver exec pipe.

Differential Revision: https://phabricator.services.mozilla.com/D221375
2024-10-01 22:21:49 +00:00

44 lines
1.4 KiB
C++
Raw Permalink Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_SandboxReporterClient_h
#define mozilla_SandboxReporterClient_h
#include "reporter/SandboxReporterCommon.h"
namespace mozilla {
// This class is instantiated in child processes in Sandbox.cpp to
// send reports from the SIGSYS handler to the SandboxReporter
// instance in the parent.
class SandboxReporterClient {
public:
// Note: this does not take ownership of the file descriptor; if
// it's not process-global (e.g., for unit testing), the caller
// will need to close it to avoid leaks.
SandboxReporterClient(SandboxReport::ProcType aProcType, int aFd);
// Constructs a report from a signal context (the ucontext_t* passed
// as void* to an sa_sigaction handler); uses the caller's pid and tid.
SandboxReport MakeReport(const void* aContext);
void SendReport(const SandboxReport& aReport);
SandboxReport MakeReportAndSend(const void* aContext) {
SandboxReport report = MakeReport(aContext);
SendReport(report);
return report;
}
private:
SandboxReport::ProcType mProcType;
int mFd;
};
} // namespace mozilla
#endif // mozilla_SandboxReporterClient_h
Reference in New Issue View Git Blame Copy Permalink