6 files changed, 190 insertions, 0 deletions

diff --git a/config/external/rlbox/moz.build b/config/external/rlbox/moz.build
new file mode 100644
index 0000000000..28b09d3314
--- /dev/null
+++ b/config/external/rlbox/moz.build
@@ -0,0 +1,31 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "Security: RLBox")
+
+EXPORTS.mozilla.rlbox += [
+    "/third_party/rlbox/include/rlbox.hpp",
+    "/third_party/rlbox/include/rlbox_app_pointer.hpp",
+    "/third_party/rlbox/include/rlbox_conversion.hpp",
+    "/third_party/rlbox/include/rlbox_helpers.hpp",
+    "/third_party/rlbox/include/rlbox_noop_sandbox.hpp",
+    "/third_party/rlbox/include/rlbox_policy_types.hpp",
+    "/third_party/rlbox/include/rlbox_range.hpp",
+    "/third_party/rlbox/include/rlbox_sandbox.hpp",
+    "/third_party/rlbox/include/rlbox_stdlib.hpp",
+    "/third_party/rlbox/include/rlbox_stdlib_polyfill.hpp",
+    "/third_party/rlbox/include/rlbox_struct_support.hpp",
+    "/third_party/rlbox/include/rlbox_type_traits.hpp",
+    "/third_party/rlbox/include/rlbox_types.hpp",
+    "/third_party/rlbox/include/rlbox_unwrap.hpp",
+    "/third_party/rlbox/include/rlbox_wrapper_traits.hpp",
+    "rlbox_config.h",
+]
+
+SOURCES += ["rlbox_thread_locals.cpp"]
+
+FINAL_LIBRARY = "xul"
diff --git a/config/external/rlbox/rlbox_config.h b/config/external/rlbox/rlbox_config.h
new file mode 100644
index 0000000000..c9aa34e4db
--- /dev/null
+++ b/config/external/rlbox/rlbox_config.h
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef RLBOX_CONFIG
+#define RLBOX_CONFIG
+
+#include "mozilla/Assertions.h"
+
+// All uses of rlbox's function and callbacks invocations are on a single
+// thread right now, so we disable rlbox thread checks for performance
+// See (Bug 1739298) for more details
+#define RLBOX_SINGLE_THREADED_INVOCATIONS
+
+#define RLBOX_CUSTOM_ABORT(msg) MOZ_CRASH_UNSAFE_PRINTF("RLBox crash: %s", msg)
+
+// The MingW compiler does not correctly handle static thread_local inline
+// members. This toggles a workaround that allows the host application (firefox)
+// to provide TLS storage via functions. This can be removed if the MingW bug is
+// fixed.
+#define RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+
+// When instantiating a wasm sandbox, rlbox requires the name of the wasm module
+// being instantiated. LLVM and wasm2c use the module name by choosing the name
+// used to generate the wasm file. In Firefox this is a static library called
+// rlbox
+#define RLBOX_WASM2C_MODULE_NAME rlbox
+
+#endif
diff --git a/config/external/rlbox/rlbox_thread_locals.cpp b/config/external/rlbox/rlbox_thread_locals.cpp
new file mode 100644
index 0000000000..157177c0e0
--- /dev/null
+++ b/config/external/rlbox/rlbox_thread_locals.cpp
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Load general firefox configuration of RLBox
+#include "mozilla/rlbox/rlbox_config.h"
+
+#define RLBOX_USE_STATIC_CALLS() rlbox_noop_sandbox_lookup_symbol
+#include "mozilla/rlbox/rlbox_noop_sandbox.hpp"
+
+#include "mozilla/rlbox/rlbox.hpp"
+
+// The MingW compiler does not correctly handle static thread_local inline
+// members. We instead TLS storage via functions. This can be removed if the
+// MingW bug is fixed.
+RLBOX_NOOP_SANDBOX_STATIC_VARIABLES();
diff --git a/config/external/rlbox_wasm2c_sandbox/moz.build b/config/external/rlbox_wasm2c_sandbox/moz.build
new file mode 100644
index 0000000000..4600f12c19
--- /dev/null
+++ b/config/external/rlbox_wasm2c_sandbox/moz.build
@@ -0,0 +1,27 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "Security: RLBox")
+
+EXPORTS.mozilla.rlbox += [
+    "/third_party/rlbox_wasm2c_sandbox/include/rlbox_wasm2c_sandbox.hpp",
+    "/third_party/rlbox_wasm2c_sandbox/include/rlbox_wasm2c_tls.hpp",
+]
+EXPORTS += [
+    "/third_party/rlbox_wasm2c_sandbox/include/wasm2c_rt_mem.h",
+    "/third_party/rlbox_wasm2c_sandbox/include/wasm2c_rt_minwasi.h",
+]
+
+SOURCES += [
+    "/third_party/rlbox_wasm2c_sandbox/src/wasm2c_rt_mem.c",
+    "/third_party/rlbox_wasm2c_sandbox/src/wasm2c_rt_minwasi.c",
+    "rlbox_wasm2c_thread_locals.cpp",
+]
+
+LOCAL_INCLUDES += ["/third_party/wasm2c/wasm2c/"]
+
+FINAL_LIBRARY = "xul"
diff --git a/config/external/rlbox_wasm2c_sandbox/moz.yaml b/config/external/rlbox_wasm2c_sandbox/moz.yaml
new file mode 100644
index 0000000000..dd4e660052
--- /dev/null
+++ b/config/external/rlbox_wasm2c_sandbox/moz.yaml
@@ -0,0 +1,31 @@
+schema: 1
+
+bugzilla:
+  product: Core
+  component: "General"
+
+origin:
+  name: rlbox_wasm2c_sandbox
+  description: rlbox integration for the wasm2c sandboxed code
+  url: https://github.com/PLSysSec/rlbox_wasm2c_sandbox/tree/upstream-wasm2c
+
+  release: 0938ae96c5467bdf2210cf21be47ae576cbcc3cd (2023-08-29T00:00:41Z).
+  revision: 0938ae96c5467bdf2210cf21be47ae576cbcc3cd
+
+  license: MIT
+  license-file: LICENSE
+
+vendoring:
+  url: https://github.com/PLSysSec/rlbox_wasm2c_sandbox
+  source-hosting: github
+  vendor-directory: third_party/rlbox_wasm2c_sandbox
+
+  exclude:
+    # dirs
+    - test
+    # files
+    - ".*"
+    - AppSandbox.md
+    - CMakeLists.txt
+    - LibrarySandbox.md
+    - README.md
diff --git a/config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp b/config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp
new file mode 100644
index 0000000000..0fadb5af40
--- /dev/null
+++ b/config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef MOZ_USING_WASM_SANDBOXING
+
+// For MOZ_CRASH_UNSAFE_PRINTF
+#  include "mozilla/Assertions.h"
+
+#  include "mozilla/mozalloc_oom.h"
+
+// Load general firefox configuration of RLBox
+#  include "mozilla/rlbox/rlbox_config.h"
+#  include "mozilla/rlbox/rlbox_wasm2c_tls.hpp"
+#  include "wasm-rt.h"
+
+#  ifndef WASM_RT_GROW_FAILED_CRASH
+#    include "nsExceptionHandler.h"
+#  endif
+
+// The MingW compiler does not correctly handle static thread_local inline
+// members. We instead TLS storage via functions. This can be removed if the
+// MingW bug is fixed.
+RLBOX_WASM2C_SANDBOX_STATIC_VARIABLES();
+
+extern "C" {
+
+// Any error encountered by the wasm2c runtime or wasm sandboxed library code
+// is configured to call the below trap handler.
+void moz_wasm2c_trap_handler(wasm_rt_trap_t code) {
+  MOZ_CRASH_UNSAFE_PRINTF("wasm2c crash: %s", wasm_rt_strerror(code));
+}
+
+// The below function is called if a malloc in sandboxed code returns null
+// This indicates that the sandbox has run out of memory.
+void moz_wasm2c_memgrow_failed() {
+#  ifdef WASM_RT_GROW_FAILED_CRASH
+  MOZ_CRASH("wasm2c memory grow failed");
+#  else
+  CrashReporter::AnnotateCrashReport(
+      CrashReporter::Annotation::WasmLibrarySandboxMallocFailed, true);
+#  endif
+}
+
+// This function is called when mozalloc_handle_oom is called from within
+// the sandbox. We redirect to that function, ignoring the ctx argument, which
+// is the sandbox itself.
+void w2c_env_mozalloc_handle_oom(void* ctx, uint32_t size) {
+  mozalloc_handle_oom(size);
+}
+}
+
+#endif