diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-04 09:09:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-04 09:09:10 +0200 |
commit | 4a2aeb152e48c44efa57c140660e99792f4dd350 (patch) | |
tree | 7b786de2b175122814a53232268b1147a8bd0bfb /dom/ipc/ContentChild.cpp | |
parent | 20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff) | |
parent | f265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff) | |
download | UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip |
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'dom/ipc/ContentChild.cpp')
-rw-r--r-- | dom/ipc/ContentChild.cpp | 196 |
1 files changed, 0 insertions, 196 deletions
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp index 75678ca96..d7068c6c3 100644 --- a/dom/ipc/ContentChild.cpp +++ b/dom/ipc/ContentChild.cpp @@ -65,21 +65,6 @@ #include "imgLoader.h" #include "GMPServiceChild.h" -#if defined(MOZ_CONTENT_SANDBOX) -#if defined(XP_WIN) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#elif defined(XP_LINUX) -#include "mozilla/Sandbox.h" -#include "mozilla/SandboxInfo.h" - -// Remove this include with Bug 1104619 -#include "CubebUtils.h" -#elif defined(XP_MACOSX) -#include "mozilla/Sandbox.h" -#endif -#endif - #include "mozilla/Unused.h" #include "mozInlineSpellChecker.h" @@ -1250,192 +1235,11 @@ ContentChild::AllocPProcessHangMonitorChild(Transport* aTransport, return CreateHangMonitorChild(aTransport, aOtherProcess); } -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - -#include <stdlib.h> - -static bool -GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir) -{ - nsAutoCString appPath; - nsAutoCString appBinaryPath( - (CommandLine::ForCurrentProcess()->argv()[0]).c_str()); - - nsAutoCString::const_iterator start, end; - appBinaryPath.BeginReading(start); - appBinaryPath.EndReading(end); - if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) { - end = start; - ++end; ++end; ++end; ++end; - appBinaryPath.BeginReading(start); - appPath.Assign(Substring(start, end)); - } else { - return false; - } - - nsCOMPtr<nsIFile> app, appBinary; - nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath), - true, getter_AddRefs(app)); - if (NS_FAILED(rv)) { - return false; - } - rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath), - true, getter_AddRefs(appBinary)); - if (NS_FAILED(rv)) { - return false; - } - - nsCOMPtr<nsIFile> appDir; - nsCOMPtr<nsIProperties> dirSvc = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID); - if (!dirSvc) { - return false; - } - rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR, - NS_GET_IID(nsIFile), getter_AddRefs(appDir)); - if (NS_FAILED(rv)) { - return false; - } - bool exists; - rv = appDir->Exists(&exists); - if (NS_FAILED(rv) || !exists) { - return false; - } - - bool isLink; - app->IsSymlink(&isLink); - if (isLink) { - app->GetNativeTarget(aAppPath); - } else { - app->GetNativePath(aAppPath); - } - appBinary->IsSymlink(&isLink); - if (isLink) { - appBinary->GetNativeTarget(aAppBinaryPath); - } else { - appBinary->GetNativePath(aAppBinaryPath); - } - appDir->IsSymlink(&isLink); - if (isLink) { - appDir->GetNativeTarget(aAppDir); - } else { - appDir->GetNativePath(aAppDir); - } - - return true; -} - -static bool -StartMacOSContentSandbox() -{ - int sandboxLevel = Preferences::GetInt("security.sandbox.content.level"); - if (sandboxLevel < 1) { - return false; - } - - nsAutoCString appPath, appBinaryPath, appDir; - if (!GetAppPaths(appPath, appBinaryPath, appDir)) { - MOZ_CRASH("Error resolving child process path"); - } - - // During sandboxed content process startup, before reaching - // this point, NS_OS_TEMP_DIR is modified to refer to a sandbox- - // writable temporary directory - nsCOMPtr<nsIFile> tempDir; - nsresult rv = nsDirectoryService::gService->Get(NS_OS_TEMP_DIR, - NS_GET_IID(nsIFile), getter_AddRefs(tempDir)); - if (NS_FAILED(rv)) { - MOZ_CRASH("Failed to get NS_OS_TEMP_DIR"); - } - - nsAutoCString tempDirPath; - tempDir->Normalize(); - rv = tempDir->GetNativePath(tempDirPath); - if (NS_FAILED(rv)) { - MOZ_CRASH("Failed to get NS_OS_TEMP_DIR path"); - } - - nsCOMPtr<nsIFile> profileDir; - ContentChild::GetSingleton()->GetProfileDir(getter_AddRefs(profileDir)); - nsCString profileDirPath; - if (profileDir) { - rv = profileDir->GetNativePath(profileDirPath); - if (NS_FAILED(rv) || profileDirPath.IsEmpty()) { - MOZ_CRASH("Failed to get profile path"); - } - } - - MacSandboxInfo info; - info.type = MacSandboxType_Content; - info.level = info.level = sandboxLevel; - info.appPath.assign(appPath.get()); - info.appBinaryPath.assign(appBinaryPath.get()); - info.appDir.assign(appDir.get()); - info.appTempDir.assign(tempDirPath.get()); - - if (profileDir) { - info.hasSandboxedProfile = true; - info.profileDir.assign(profileDirPath.get()); - } else { - info.hasSandboxedProfile = false; - } - - std::string err; - if (!mozilla::StartMacSandbox(info, err)) { - NS_WARNING(err.c_str()); - MOZ_CRASH("sandbox_init() failed"); - } - - return true; -} -#endif - bool ContentChild::RecvSetProcessSandbox(const MaybeFileDesc& aBroker) { // We may want to move the sandbox initialization somewhere else // at some point; see bug 880808. -#if defined(MOZ_CONTENT_SANDBOX) - bool sandboxEnabled = true; -#if defined(XP_LINUX) -#if defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19 - // For B2G >= KitKat, sandboxing is mandatory; this has already - // been enforced by ContentParent::StartUp(). - MOZ_ASSERT(SandboxInfo::Get().CanSandboxContent()); -#else - // Otherwise, sandboxing is best-effort. - if (!SandboxInfo::Get().CanSandboxContent()) { - sandboxEnabled = false; - } else { - // This triggers the initialization of cubeb, which needs to happen - // before seccomp is enabled (Bug 1259508). It also increases the startup - // time of the content process, because cubeb is usually initialized - // when it is actually needed. This call here is no longer required - // once Bug 1104619 (remoting audio) is resolved. - Unused << CubebUtils::GetCubebContext(); - } - -#endif /* MOZ_WIDGET_GONK && ANDROID_VERSION >= 19 */ - if (sandboxEnabled) { - int brokerFd = -1; - if (aBroker.type() == MaybeFileDesc::TFileDescriptor) { - auto fd = aBroker.get_FileDescriptor().ClonePlatformHandle(); - brokerFd = fd.release(); - // brokerFd < 0 means to allow direct filesystem access, so - // make absolutely sure that doesn't happen if the parent - // didn't intend it. - MOZ_RELEASE_ASSERT(brokerFd >= 0); - } - sandboxEnabled = SetContentProcessSandbox(brokerFd); - } -#elif defined(XP_WIN) - mozilla::SandboxTarget::Instance()->StartSandbox(); -#elif defined(XP_MACOSX) - sandboxEnabled = StartMacOSContentSandbox(); -#endif - -#endif /* MOZ_CONTENT_SANDBOX */ - return true; } |