Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 71 insertions, 0 deletions

diff --git a/security/sandbox/linux/launch/SandboxLaunch.h b/security/sandbox/linux/launch/SandboxLaunch.h
new file mode 100644
index 0000000000..988709dcdb
--- /dev/null
+++ b/security/sandbox/linux/launch/SandboxLaunch.h
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_SandboxLaunch_h
+#define mozilla_SandboxLaunch_h
+
+#include "base/process_util.h"
+#include "mozilla/ipc/UtilityProcessSandboxing.h"
+#include "nsXULAppAPI.h"
+#include <vector>
+
+namespace mozilla {
+
+class SandboxLaunch final {
+ public:
+  SandboxLaunch();
+  ~SandboxLaunch();
+
+  SandboxLaunch(const SandboxLaunch&) = delete;
+  SandboxLaunch& operator=(const SandboxLaunch&) = delete;
+
+  using LaunchOptions = base::LaunchOptions;
+  using SandboxingKind = ipc::SandboxingKind;
+
+  // Decide what sandboxing features will be used for a process, and
+  // modify `*aOptions` accordingly.  This does not allocate fds or
+  // other OS resources (other than memory for strings).
+  //
+  // This is meant to be called in the parent process (even if the
+  // fork server will be used), and if `aType` is Content then it must
+  // be called on the main thread in order to access prefs.
+  static void Configure(GeckoProcessType aType, SandboxingKind aKind,
+                        LaunchOptions* aOptions);
+
+  // Finish setting up for process launch, based on the information
+  // from `Configure(...)`. Called in the process that will do the
+  // launch (fork server if applicable, otherwise parent), and before
+  // calling `FileDescriptorShuffle::Init`.
+  //
+  // This can allocate fds (owned by `*this`) and modify
+  // `aOptions->fds_to_remap`, but does not access the
+  // environment-related fields of `*aOptions`.
+  bool Prepare(LaunchOptions* aOptions);
+
+  // Launch the child process, similarly to `::fork()`; called after
+  // `Configure` and `Prepare`.
+  //
+  // If launch-time sandboxing features are used, `pthread_atfork`
+  // hooks are not currently supported in that case, and signal
+  // handlers are reset in the child process.  If sandboxing is not
+  // used, this is equivalent to `::fork()`.
+  pid_t Fork();
+
+ private:
+  int mFlags;
+  int mChrootServer;
+  int mChrootClient;
+
+  void StartChrootServer();
+};
+
+// This doesn't really belong in this header but it's used in both
+// SandboxLaunch and SandboxBrokerPolicyFactory.
+bool HasAtiDrivers();
+
+}  // namespace mozilla
+
+#endif  // mozilla_SandboxLaunch_h