corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea8e999826a5a4d3681e9f21c6cb7378ba94e268
tubestation/security/sandbox/linux/SandboxReporterClient.cpp
Nika Layzell 127232259b Bug 1440207 - Part 3e: Pass linux sandbox fds using geckoargs, r=ipc-reviewers,jld 
Previously these arguments were initialized in places which would be
inconvenient to use geckoargs with. This patch changes them to both be
initialized during SandboxLaunch::Configure in the parent process, and
then be passed down to the process launching code either within the
LaunchOptions object, or in the ChildProcessArgs object.

Unfortunately, we need to read the command line arguments within
XRE_InitChildProcess, rather than SandboxEarlyInit, as the sandbox code
is not linked directly to libxul, where the file handle GeckoArgs
methods are defined.

One of the more significant functional changes here is that when using
the fork server, the chroot pipe will be created within the parent
process, with the server end of the pipe passed over IPC to the fork
server to be used to create the chroot server. This is a bit
unnecessary, but keeps things simpler for the fork server, as geckoargs
are transferred directly from the parent process to the forked child
processes over the forkserver exec pipe.

Differential Revision: https://phabricator.services.mozilla.com/D221375
2024-10-01 22:21:49 +00:00

84 lines
2.8 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "SandboxReporterClient.h"
#include "SandboxLogging.h"
#include <errno.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <time.h>
#include "mozilla/Assertions.h"
#include "mozilla/PodOperations.h"
#include "prenv.h"
#include "sandbox/linux/bpf_dsl/seccomp_macros.h"
#ifdef ANDROID
# include "sandbox/linux/system_headers/linux_ucontext.h"
#else
# include <ucontext.h>
#endif
namespace mozilla {
SandboxReporterClient::SandboxReporterClient(SandboxReport::ProcType aProcType,
int aFd)
: mProcType(aProcType), mFd(aFd) {
// Unfortunately, there isn't a good way to check that the fd is a
// socket connected to the right thing without attempting some kind
// of in-band handshake. However, the crash reporter (which also
// uses a "magic number" fd) doesn't do any kind of checking either,
// so it's probably okay to skip it here.
}
SandboxReport SandboxReporterClient::MakeReport(const void* aContext) {
SandboxReport report;
const auto ctx = static_cast<const ucontext_t*>(aContext);
// Zero the entire struct; some memory safety analyses care about
// sending uninitialized alignment padding to another process.
PodZero(&report);
clock_gettime(CLOCK_MONOTONIC_COARSE, &report.mTime);
report.mPid = getpid();
report.mTid = syscall(__NR_gettid);
report.mProcType = mProcType;
report.mSyscall = SECCOMP_SYSCALL(ctx);
report.mArgs[0] = SECCOMP_PARM1(ctx);
report.mArgs[1] = SECCOMP_PARM2(ctx);
report.mArgs[2] = SECCOMP_PARM3(ctx);
report.mArgs[3] = SECCOMP_PARM4(ctx);
report.mArgs[4] = SECCOMP_PARM5(ctx);
report.mArgs[5] = SECCOMP_PARM6(ctx);
// Named Return Value Optimization allows the compiler to optimize
// out the copy here (and the one in MakeReportAndSend).
return report;
}
void SandboxReporterClient::SendReport(const SandboxReport& aReport) {
// The "common" seccomp-bpf policy allows sendmsg but not send(to),
// so just use sendmsg even though send would suffice for this.
struct iovec iov;
struct msghdr msg;
iov.iov_base = const_cast<void*>(static_cast<const void*>(&aReport));
iov.iov_len = sizeof(SandboxReport);
PodZero(&msg);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
const auto sent = sendmsg(mFd, &msg, MSG_NOSIGNAL);
if (sent != sizeof(SandboxReport)) {
MOZ_DIAGNOSTIC_ASSERT(sent == -1);
SANDBOX_LOG_ERRNO("Failed to report rejected syscall");
}
}
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink