1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_SandboxLaunch_h
#define mozilla_SandboxLaunch_h
#include "base/process_util.h"
#include "mozilla/ipc/UtilityProcessSandboxing.h"
#include "nsXULAppAPI.h"
#include <vector>
namespace mozilla {
class SandboxLaunch final {
public:
SandboxLaunch();
~SandboxLaunch();
SandboxLaunch(const SandboxLaunch&) = delete;
SandboxLaunch& operator=(const SandboxLaunch&) = delete;
using LaunchOptions = base::LaunchOptions;
using SandboxingKind = ipc::SandboxingKind;
// Decide what sandboxing features will be used for a process, and
// modify `*aOptions` accordingly. This does not allocate fds or
// other OS resources (other than memory for strings).
//
// This is meant to be called in the parent process (even if the
// fork server will be used), and if `aType` is Content then it must
// be called on the main thread in order to access prefs.
static void Configure(GeckoProcessType aType, SandboxingKind aKind,
LaunchOptions* aOptions);
// Finish setting up for process launch, based on the information
// from `Configure(...)`. Called in the process that will do the
// launch (fork server if applicable, otherwise parent), and before
// calling `FileDescriptorShuffle::Init`.
//
// This can allocate fds (owned by `*this`) and modify
// `aOptions->fds_to_remap`, but does not access the
// environment-related fields of `*aOptions`.
bool Prepare(LaunchOptions* aOptions);
// Launch the child process, similarly to `::fork()`; called after
// `Configure` and `Prepare`.
//
// If launch-time sandboxing features are used, `pthread_atfork`
// hooks are not currently supported in that case, and signal
// handlers are reset in the child process. If sandboxing is not
// used, this is equivalent to `::fork()`.
pid_t Fork();
private:
int mFlags;
int mChrootServer;
int mChrootClient;
void StartChrootServer();
};
// This doesn't really belong in this header but it's used in both
// SandboxLaunch and SandboxBrokerPolicyFactory.
bool HasAtiDrivers();
} // namespace mozilla
#endif // mozilla_SandboxLaunch_h
|