blob: 0edfbfdc0b70dedca9d5e0c9febeb5551ab2bb0b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "UtilityProcessImpl.h"
#include "mozilla/ipc/IOThreadChild.h"
#include "mozilla/GeckoArgs.h"
#if defined(OS_WIN)
# include "nsExceptionHandler.h"
#endif
#if defined(OS_WIN) && defined(MOZ_SANDBOX)
# include "mozilla/sandboxTarget.h"
# include "WMF.h"
# include "WMFDecoderModule.h"
#endif
#if defined(XP_OPENBSD) && defined(MOZ_SANDBOX)
# include "mozilla/SandboxSettings.h"
#endif
namespace mozilla::ipc {
UtilityProcessImpl::~UtilityProcessImpl() = default;
#if defined(XP_WIN)
/* static */
void UtilityProcessImpl::LoadLibraryOrCrash(LPCWSTR aLib) {
// re-try a few times depending on the error we get ; inspired by both our
// results on content process allocations as well as msys2:
// https://github.com/git-for-windows/msys2-runtime/blob/b4fed42af089ab955286343835a97e287496b3f8/winsup/cygwin/autoload.cc#L323-L339
const int kMaxRetries = 10;
DWORD err;
for (int i = 0; i < kMaxRetries; i++) {
HMODULE module = ::LoadLibraryW(aLib);
if (module) {
return;
}
err = ::GetLastError();
if (err != ERROR_NOACCESS && err != ERROR_DLL_INIT_FAILED) {
break;
}
PR_Sleep(0);
}
switch (err) {
/* case ERROR_ACCESS_DENIED: */
/* case ERROR_BAD_EXE_FORMAT: */
/* case ERROR_SHARING_VIOLATION: */
case ERROR_MOD_NOT_FOUND:
case ERROR_COMMITMENT_LIMIT:
// We want to make it explicit in telemetry that this was in fact an
// OOM condition, even though we could not detect it on our own
CrashReporter::AnnotateOOMAllocationSize(1);
break;
default:
break;
}
MOZ_CRASH_UNSAFE_PRINTF("Unable to preload module: 0x%lx", err);
}
#endif // defined(XP_WIN)
bool UtilityProcessImpl::Init(int aArgc, char* aArgv[]) {
Maybe<uint64_t> sandboxingKind = geckoargs::sSandboxingKind.Get(aArgc, aArgv);
if (sandboxingKind.isNothing()) {
return false;
}
if (*sandboxingKind >= SandboxingKind::COUNT) {
return false;
}
#if defined(MOZ_SANDBOX) && defined(OS_WIN)
// We delay load winmm.dll so that its dependencies don't interfere with COM
// initialization when win32k is locked down. We need to load it before we
// lower the sandbox in processes where the policy will prevent loading.
LoadLibraryOrCrash(L"winmm.dll");
if (*sandboxingKind == SandboxingKind::GENERIC_UTILITY) {
// Preload audio generic libraries required for ffmpeg only
UtilityAudioDecoderParent::GenericPreloadForSandbox();
}
if (*sandboxingKind == SandboxingKind::UTILITY_AUDIO_DECODING_WMF
# ifdef MOZ_WMF_MEDIA_ENGINE
|| *sandboxingKind == SandboxingKind::MF_MEDIA_ENGINE_CDM
# endif
) {
UtilityAudioDecoderParent::WMFPreloadForSandbox();
}
// Go for it
mozilla::SandboxTarget::Instance()->StartSandbox();
#elif defined(__OpenBSD__) && defined(MOZ_SANDBOX)
if (*sandboxingKind != SandboxingKind::GENERIC_UTILITY) {
StartOpenBSDSandbox(GeckoProcessType_Utility,
(SandboxingKind)*sandboxingKind);
}
#endif
Maybe<const char*> parentBuildID =
geckoargs::sParentBuildID.Get(aArgc, aArgv);
if (parentBuildID.isNothing()) {
return false;
}
if (!ProcessChild::InitPrefs(aArgc, aArgv)) {
return false;
}
return mUtility->Init(TakeInitialEndpoint(), nsCString(*parentBuildID),
*sandboxingKind);
}
void UtilityProcessImpl::CleanUp() { NS_ShutdownXPCOM(nullptr); }
} // namespace mozilla::ipc
|
