diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
| commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
| tree | f435a8308119effd964b339f76abb83a57c29483 /ipc/glue/UtilityProcessSandboxing.cpp | |
| parent | Initial commit. (diff) | |
| download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip | |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ipc/glue/UtilityProcessSandboxing.cpp')
| -rw-r--r-- | ipc/glue/UtilityProcessSandboxing.cpp | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/ipc/glue/UtilityProcessSandboxing.cpp b/ipc/glue/UtilityProcessSandboxing.cpp new file mode 100644 index 0000000000..0c333fdeca --- /dev/null +++ b/ipc/glue/UtilityProcessSandboxing.cpp @@ -0,0 +1,70 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "UtilityProcessSandboxing.h" + +#include <vector> +#include <string> + +#include "prenv.h" + +namespace mozilla::ipc { + +std::vector<std::string> split(const std::string& str, char s) { + std::vector<std::string> rv; + size_t last = 0; + size_t i; + size_t c = str.size(); + for (i = 0; i <= c; ++i) { + if (i == c || str[i] == s) { + rv.push_back(str.substr(last, i - last)); + last = i + 1; + } + } + return rv; +} + +bool IsUtilitySandboxEnabled(const char* envVar, SandboxingKind aKind) { +#ifdef XP_WIN + // Sandboxing the Windows file dialog is probably not useful. + // + // (Additionally, it causes failures in our test environments: when running + // tests on windows-11-2009-qr machines, sandboxed child processes can't see + // or interact with any other process's windows -- which means they can't + // select a window from the parent process as the file dialog's parent. This + // occurs regardless of the sandbox preferences, which is why we disable + // sandboxing entirely rather than use a maximally permissive preference-set. + // This behavior has not been seen in user-facing environments.) + if (aKind == SandboxingKind::WINDOWS_FILE_DIALOG) { + return false; + } +#endif + + if (envVar == nullptr) { + return true; + } + + const std::string disableUtility(envVar); + if (disableUtility == "1") { + return false; + } + + std::vector<std::string> components = split(disableUtility, ','); + const std::string thisKind = "utility:" + std::to_string(aKind); + for (const std::string& thisOne : components) { + if (thisOne == thisKind) { + return false; + } + } + + return true; +} + +bool IsUtilitySandboxEnabled(SandboxingKind aKind) { + return IsUtilitySandboxEnabled(PR_GetEnv("MOZ_DISABLE_UTILITY_SANDBOX"), + aKind); +} + +} // namespace mozilla::ipc |