diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /security/sandbox/linux/launch/SandboxLaunch.h | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/sandbox/linux/launch/SandboxLaunch.h')
-rw-r--r-- | security/sandbox/linux/launch/SandboxLaunch.h | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/security/sandbox/linux/launch/SandboxLaunch.h b/security/sandbox/linux/launch/SandboxLaunch.h new file mode 100644 index 0000000000..988709dcdb --- /dev/null +++ b/security/sandbox/linux/launch/SandboxLaunch.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_SandboxLaunch_h +#define mozilla_SandboxLaunch_h + +#include "base/process_util.h" +#include "mozilla/ipc/UtilityProcessSandboxing.h" +#include "nsXULAppAPI.h" +#include <vector> + +namespace mozilla { + +class SandboxLaunch final { + public: + SandboxLaunch(); + ~SandboxLaunch(); + + SandboxLaunch(const SandboxLaunch&) = delete; + SandboxLaunch& operator=(const SandboxLaunch&) = delete; + + using LaunchOptions = base::LaunchOptions; + using SandboxingKind = ipc::SandboxingKind; + + // Decide what sandboxing features will be used for a process, and + // modify `*aOptions` accordingly. This does not allocate fds or + // other OS resources (other than memory for strings). + // + // This is meant to be called in the parent process (even if the + // fork server will be used), and if `aType` is Content then it must + // be called on the main thread in order to access prefs. + static void Configure(GeckoProcessType aType, SandboxingKind aKind, + LaunchOptions* aOptions); + + // Finish setting up for process launch, based on the information + // from `Configure(...)`. Called in the process that will do the + // launch (fork server if applicable, otherwise parent), and before + // calling `FileDescriptorShuffle::Init`. + // + // This can allocate fds (owned by `*this`) and modify + // `aOptions->fds_to_remap`, but does not access the + // environment-related fields of `*aOptions`. + bool Prepare(LaunchOptions* aOptions); + + // Launch the child process, similarly to `::fork()`; called after + // `Configure` and `Prepare`. + // + // If launch-time sandboxing features are used, `pthread_atfork` + // hooks are not currently supported in that case, and signal + // handlers are reset in the child process. If sandboxing is not + // used, this is equivalent to `::fork()`. + pid_t Fork(); + + private: + int mFlags; + int mChrootServer; + int mChrootClient; + + void StartChrootServer(); +}; + +// This doesn't really belong in this header but it's used in both +// SandboxLaunch and SandboxBrokerPolicyFactory. +bool HasAtiDrivers(); + +} // namespace mozilla + +#endif // mozilla_SandboxLaunch_h |