From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/sandbox/linux/launch/SandboxLaunch.h | 71 +++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 security/sandbox/linux/launch/SandboxLaunch.h (limited to 'security/sandbox/linux/launch/SandboxLaunch.h') diff --git a/security/sandbox/linux/launch/SandboxLaunch.h b/security/sandbox/linux/launch/SandboxLaunch.h new file mode 100644 index 0000000000..988709dcdb --- /dev/null +++ b/security/sandbox/linux/launch/SandboxLaunch.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_SandboxLaunch_h +#define mozilla_SandboxLaunch_h + +#include "base/process_util.h" +#include "mozilla/ipc/UtilityProcessSandboxing.h" +#include "nsXULAppAPI.h" +#include + +namespace mozilla { + +class SandboxLaunch final { + public: + SandboxLaunch(); + ~SandboxLaunch(); + + SandboxLaunch(const SandboxLaunch&) = delete; + SandboxLaunch& operator=(const SandboxLaunch&) = delete; + + using LaunchOptions = base::LaunchOptions; + using SandboxingKind = ipc::SandboxingKind; + + // Decide what sandboxing features will be used for a process, and + // modify `*aOptions` accordingly. This does not allocate fds or + // other OS resources (other than memory for strings). + // + // This is meant to be called in the parent process (even if the + // fork server will be used), and if `aType` is Content then it must + // be called on the main thread in order to access prefs. + static void Configure(GeckoProcessType aType, SandboxingKind aKind, + LaunchOptions* aOptions); + + // Finish setting up for process launch, based on the information + // from `Configure(...)`. Called in the process that will do the + // launch (fork server if applicable, otherwise parent), and before + // calling `FileDescriptorShuffle::Init`. + // + // This can allocate fds (owned by `*this`) and modify + // `aOptions->fds_to_remap`, but does not access the + // environment-related fields of `*aOptions`. + bool Prepare(LaunchOptions* aOptions); + + // Launch the child process, similarly to `::fork()`; called after + // `Configure` and `Prepare`. + // + // If launch-time sandboxing features are used, `pthread_atfork` + // hooks are not currently supported in that case, and signal + // handlers are reset in the child process. If sandboxing is not + // used, this is equivalent to `::fork()`. + pid_t Fork(); + + private: + int mFlags; + int mChrootServer; + int mChrootClient; + + void StartChrootServer(); +}; + +// This doesn't really belong in this header but it's used in both +// SandboxLaunch and SandboxBrokerPolicyFactory. +bool HasAtiDrivers(); + +} // namespace mozilla + +#endif // mozilla_SandboxLaunch_h -- cgit v1.2.3