Adding upstream version 115.7.0esr.upstream/115.7.0esr

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 76 insertions, 0 deletions

diff --git a/security/sandbox/linux/Sandbox.h b/security/sandbox/linux/Sandbox.h
new file mode 100644
index 0000000000..575f57a3a3
--- /dev/null
+++ b/security/sandbox/linux/Sandbox.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_Sandbox_h
+#define mozilla_Sandbox_h
+
+#include "mozilla/Maybe.h"
+#include "mozilla/Types.h"
+#include "nsXULAppAPI.h"
+#include <vector>
+
+#include "mozilla/ipc/UtilityProcessSandboxing.h"
+
+// This defines the entry points for a content process to start
+// sandboxing itself.  See also SandboxInfo.h for what parts of
+// sandboxing are enabled/supported.
+
+namespace mozilla {
+
+namespace ipc {
+class FileDescriptor;
+}  // namespace ipc
+
+// This must be called early, before glib creates any worker threads.
+// (See bug 1176099.)
+MOZ_EXPORT void SandboxEarlyInit();
+
+// A collection of sandbox parameters that have to be extracted from
+// prefs or other libxul facilities and passed down, because
+// libmozsandbox can't link against the APIs to read them.
+struct ContentProcessSandboxParams {
+  // Content sandbox level; see also GetEffectiveSandboxLevel in
+  // SandboxSettings.h and the comments for the Linux version of
+  // "security.sandbox.content.level" in browser/app/profile/firefox.js
+  int mLevel = 0;
+  // The filesystem broker client file descriptor, or -1 to allow
+  // direct filesystem access.  (Warning: this is not a RAII class and
+  // will not close the fd on destruction.)
+  int mBrokerFd = -1;
+  // Determines whether we allow reading all files, for processes that
+  // render file:/// URLs.
+  bool mFileProcess = false;
+  // Syscall numbers to allow even if the seccomp-bpf policy otherwise
+  // wouldn't.
+  std::vector<int> mSyscallWhitelist;
+
+  static ContentProcessSandboxParams ForThisProcess(
+      const Maybe<ipc::FileDescriptor>& aBroker);
+};
+
+// Call only if SandboxInfo::CanSandboxContent() returns true.
+// (No-op if the sandbox is disabled.)
+// isFileProcess determines whether we allow system wide file reads.
+MOZ_EXPORT bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams);
+
+// Call only if SandboxInfo::CanSandboxMedia() returns true.
+// (No-op if MOZ_DISABLE_GMP_SANDBOX is set.)
+// aFilePath is the path to the plugin file.
+MOZ_EXPORT void SetMediaPluginSandbox(const char* aFilePath);
+
+MOZ_EXPORT void SetRemoteDataDecoderSandbox(int aBroker);
+
+MOZ_EXPORT void SetSocketProcessSandbox(int aBroker);
+
+MOZ_EXPORT void SetUtilitySandbox(int aBroker, ipc::SandboxingKind aKind);
+
+// We want to turn on/off crashing on error when running some tests
+// This will return current value and set the aValue we pass
+MOZ_EXPORT bool SetSandboxCrashOnError(bool aValue);
+
+}  // namespace mozilla
+
+#endif  // mozilla_Sandbox_h