summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/interfaces/mozISandboxReporter.idl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/sandbox/linux/interfaces/mozISandboxReporter.idl65
1 files changed, 65 insertions, 0 deletions
diff --git a/security/sandbox/linux/interfaces/mozISandboxReporter.idl b/security/sandbox/linux/interfaces/mozISandboxReporter.idl
new file mode 100644
index 0000000000..82f3ab7a72
--- /dev/null
+++ b/security/sandbox/linux/interfaces/mozISandboxReporter.idl
@@ -0,0 +1,65 @@
+/* -*- Mode: IDL; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+// A wrapper for the C++ class SandboxReport, representing one system
+// call that was rejected by policy.
+[scriptable, builtinclass, uuid(ed1e84d3-3346-42e1-b28c-e76a77f549f0)]
+interface mozISandboxReport : nsISupports
+{
+ // The timestamp relative to the time when this property is read.
+ // This is mainly meant for distinguishing recent events that might
+ // be related to an observable failure from older ones that may be
+ // unrelated, not for exact timing.
+ readonly attribute uint64_t msecAgo;
+ readonly attribute int32_t pid;
+ readonly attribute int32_t tid;
+ readonly attribute ACString procType;
+ readonly attribute uint32_t syscall;
+ // Currently numArgs is effectively a constant and indicates the
+ // maximum number of arguments possible on the platform; the actual
+ // system call may use fewer.
+ readonly attribute uint32_t numArgs;
+ // The argument values are presented as strings because JS doesn't
+ // have 64-bit integers and data would be lost on 64-bit platforms
+ // if the XPIDL type uint64_t were used. The string may be decimal
+ // or hex (with leading "0x").
+ ACString getArg(in uint32_t aIndex);
+};
+
+// A wrapper for SandboxReporter::Snapshot, representing the most
+// recent SandboxReport events. Index 0 is the first report in the
+// session, and so on; exposing the indices like this lets us see how
+// many reports have been received even though only a limited number
+// of them are stored.
+[scriptable, builtinclass, uuid(6e8ff6e5-05c9-42d3-853d-40523fd86a50)]
+interface mozISandboxReportArray : nsISupports
+{
+ readonly attribute uint64_t begin;
+ readonly attribute uint64_t end;
+ // (aIndex >= begin && aIndex < end) must be true.
+ mozISandboxReport getElement(in uint64_t aIndex);
+};
+
+// A wrapper for the SandboxReporter; use the component/contract IDs
+// below to access the SandboxReporter singleton. The component
+// constructor will fail if called in a child process.
+[scriptable, builtinclass, uuid(8535bdf7-6d9e-4853-acf9-a146449c4a3b)]
+interface mozISandboxReporter : nsISupports
+{
+ mozISandboxReportArray snapshot();
+};
+
+%{ C++
+
+#define MOZ_SANDBOX_REPORTER_CID \
+{0x5118a6f9, 0x2493, 0x4f97, {0x95, 0x52, 0x62, 0x06, 0x63, 0xe0, 0x3c, 0xb3}}
+
+#define MOZ_SANDBOX_REPORTER_CONTRACTID \
+ "@mozilla.org/sandbox/syscall-reporter;1"
+
+%}