corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
current
tubestation/security/sandbox/linux/launch/SandboxLaunch.h
Nika Layzell 127232259b Bug 1440207 - Part 3e: Pass linux sandbox fds using geckoargs, r=ipc-reviewers,jld 
Previously these arguments were initialized in places which would be
inconvenient to use geckoargs with. This patch changes them to both be
initialized during SandboxLaunch::Configure in the parent process, and
then be passed down to the process launching code either within the
LaunchOptions object, or in the ChildProcessArgs object.

Unfortunately, we need to read the command line arguments within
XRE_InitChildProcess, rather than SandboxEarlyInit, as the sandbox code
is not linked directly to libxul, where the file handle GeckoArgs
methods are defined.

One of the more significant functional changes here is that when using
the fork server, the chroot pipe will be created within the parent
process, with the server end of the pipe passed over IPC to the fork
server to be used to create the chroot server. This is a bit
unnecessary, but keeps things simpler for the fork server, as geckoargs
are transferred directly from the parent process to the forked child
processes over the forkserver exec pipe.

Differential Revision: https://phabricator.services.mozilla.com/D221375
2024-10-01 22:21:49 +00:00

73 lines
2.5 KiB
C++
Raw Permalink Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_SandboxLaunch_h
#define mozilla_SandboxLaunch_h
#include "base/process_util.h"
#include "mozilla/GeckoArgs.h"
#include "mozilla/ipc/UtilityProcessSandboxing.h"
#include "nsXULAppAPI.h"
#include <vector>
namespace mozilla {
class SandboxLaunch final {
public:
SandboxLaunch();
~SandboxLaunch();
SandboxLaunch(const SandboxLaunch&) = delete;
SandboxLaunch& operator=(const SandboxLaunch&) = delete;
using LaunchOptions = base::LaunchOptions;
using SandboxingKind = ipc::SandboxingKind;
// Decide what sandboxing features will be used for a process, and
// modify `*aOptions` accordingly. This does not allocate fds or
// other OS resources (other than memory for strings).
//
// This is meant to be called in the parent process (even if the
// fork server will be used), and if `aType` is Content then it must
// be called on the main thread in order to access prefs.
static bool Configure(GeckoProcessType aType, SandboxingKind aKind,
geckoargs::ChildProcessArgs& aExtraOpts,
LaunchOptions* aOptions);
// Finish setting up for process launch, based on the information
// from `Configure(...)`. Called in the process that will do the
// launch (fork server if applicable, otherwise parent), and before
// calling `FileDescriptorShuffle::Init`.
//
// This can allocate fds (owned by `*this`) and modify
// `aOptions->fds_to_remap`, but does not access the
// environment-related fields of `*aOptions`.
bool Prepare(LaunchOptions* aOptions);
// Launch the child process, similarly to `::fork()`; called after
// `Configure` and `Prepare`.
//
// If launch-time sandboxing features are used, `pthread_atfork`
// hooks are not currently supported in that case, and signal
// handlers are reset in the child process. If sandboxing is not
// used, this is equivalent to `::fork()`.
pid_t Fork();
private:
int mFlags;
int mChrootServer;
void StartChrootServer();
};
// This doesn't really belong in this header but it's used in both
// SandboxLaunch and SandboxBrokerPolicyFactory.
bool HasAtiDrivers();
} // namespace mozilla
#endif // mozilla_SandboxLaunch_h
Reference in New Issue View Git Blame Copy Permalink