summaryrefslogtreecommitdiffstats
path: root/security/sandbox/test/browser_content_sandbox_utils.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/sandbox/test/browser_content_sandbox_utils.js
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/sandbox/test/browser_content_sandbox_utils.js')
-rw-r--r--security/sandbox/test/browser_content_sandbox_utils.js462
1 files changed, 462 insertions, 0 deletions
diff --git a/security/sandbox/test/browser_content_sandbox_utils.js b/security/sandbox/test/browser_content_sandbox_utils.js
new file mode 100644
index 0000000000..3891c5d6df
--- /dev/null
+++ b/security/sandbox/test/browser_content_sandbox_utils.js
@@ -0,0 +1,462 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+const uuidGenerator = Services.uuid;
+
+/*
+ * Utility functions for the browser content sandbox tests.
+ */
+
+function sanityChecks() {
+ // This test is only relevant in e10s
+ if (!gMultiProcessBrowser) {
+ ok(false, "e10s is enabled");
+ info("e10s is not enabled, exiting");
+ return;
+ }
+
+ let level = 0;
+ let prefExists = true;
+
+ // Read the security.sandbox.content.level pref.
+ // eslint-disable-next-line mozilla/use-default-preference-values
+ try {
+ level = Services.prefs.getIntPref("security.sandbox.content.level");
+ } catch (e) {
+ prefExists = false;
+ }
+
+ ok(prefExists, "pref security.sandbox.content.level exists");
+ if (!prefExists) {
+ return;
+ }
+
+ info(`security.sandbox.content.level=${level}`);
+ ok(level > 0, "content sandbox is enabled.");
+
+ let isFileIOSandboxed = isContentFileIOSandboxed(level);
+
+ // Content sandbox enabled, but level doesn't include file I/O sandboxing.
+ ok(isFileIOSandboxed, "content file I/O sandboxing is enabled.");
+ if (!isFileIOSandboxed) {
+ info("content sandbox level too low for file I/O tests, exiting\n");
+ }
+}
+
+// Creates file at |path| and returns a promise that resolves with an object
+// with .ok boolean to indicate true if the file was successfully created,
+// otherwise false. Include imports so this can be safely serialized and run
+// remotely by ContentTask.spawn.
+function createFile(path) {
+ const { FileUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/FileUtils.sys.mjs"
+ );
+
+ try {
+ const fstream = Cc[
+ "@mozilla.org/network/file-output-stream;1"
+ ].createInstance(Ci.nsIFileOutputStream);
+
+ fstream.init(
+ new FileUtils.File(path),
+ -1, // readonly mode
+ -1, // default permissions
+ 0
+ ); // behaviour flags
+
+ const ostream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+ Ci.nsIBinaryOutputStream
+ );
+ ostream.setOutputStream(fstream);
+
+ const data = "TEST FILE DUMMY DATA";
+ ostream.writeBytes(data, data.length);
+
+ ostream.close();
+ fstream.close();
+ } catch (e) {
+ return { ok: false };
+ }
+
+ return { ok: true };
+}
+
+// Creates a symlink at |path| and returns a promise that resolves with an
+// object with .ok boolean to indicate true if the symlink was successfully
+// created, otherwise false. Include imports so this can be safely serialized
+// and run remotely by ContentTask.spawn.
+function createSymlink(path) {
+ const { ctypes } = ChromeUtils.import("resource://gre/modules/ctypes.jsm");
+
+ try {
+ const libc = ctypes.open(
+ Services.appinfo.OS === "Darwin" ? "libSystem.B.dylib" : "libc.so"
+ );
+
+ const symlink = libc.declare(
+ "symlink",
+ ctypes.default_abi,
+ ctypes.int, // return value
+ ctypes.char.ptr, // target
+ ctypes.char.ptr //linkpath
+ );
+
+ if (symlink("/etc", path)) {
+ return { ok: false };
+ }
+ } catch (e) {
+ return { ok: false };
+ }
+
+ return { ok: true };
+}
+
+// Deletes file at |path| and returns a promise that resolves with an object
+// with .ok boolean to indicate true if the file was successfully deleted,
+// otherwise false. Include imports so this can be safely serialized and run
+// remotely by ContentTask.spawn.
+function deleteFile(path) {
+ const { FileUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/FileUtils.sys.mjs"
+ );
+
+ try {
+ const file = new FileUtils.File(path);
+ file.remove(false);
+ } catch (e) {
+ return { ok: false };
+ }
+
+ return { ok: true };
+}
+
+// Reads the directory at |path| and returns a promise that resolves when
+// iteration over the directory finishes or encounters an error. The promise
+// resolves with an object where .ok indicates success or failure and
+// .numEntries is the number of directory entries found.
+function readDir(path) {
+ const { FileUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/FileUtils.sys.mjs"
+ );
+
+ let numEntries = 0;
+
+ try {
+ const file = new FileUtils.File(path);
+ const enumerator = file.directoryEntries;
+
+ while (enumerator.hasMoreElements()) {
+ void enumerator.nextFile;
+ numEntries++;
+ }
+ } catch (e) {
+ return { ok: false, numEntries };
+ }
+
+ return { ok: true, numEntries };
+}
+
+// Reads the file at |path| and returns a promise that resolves when
+// reading is completed. Returned object has boolean .ok to indicate
+// success or failure.
+function readFile(path) {
+ const { FileUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/FileUtils.sys.mjs"
+ );
+
+ try {
+ const file = new FileUtils.File(path);
+
+ const fstream = Cc[
+ "@mozilla.org/network/file-input-stream;1"
+ ].createInstance(Ci.nsIFileInputStream);
+ fstream.init(file, -1, -1, 0);
+
+ const istream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+ Ci.nsIBinaryInputStream
+ );
+ istream.setInputStream(fstream);
+
+ const available = istream.available();
+ void istream.readBytes(available);
+ } catch (e) {
+ return { ok: false };
+ }
+
+ return { ok: true };
+}
+
+// Does a stat of |path| and returns a promise that resolves if the
+// stat is successful. Returned object has boolean .ok to indicate
+// success or failure.
+function statPath(path) {
+ const { FileUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/FileUtils.sys.mjs"
+ );
+
+ try {
+ const file = new FileUtils.File(path);
+ void file.lastModifiedTime;
+ } catch (e) {
+ return { ok: false };
+ }
+
+ return { ok: true };
+}
+
+// Returns true if the current content sandbox level, passed in
+// the |level| argument, supports filesystem sandboxing.
+function isContentFileIOSandboxed(level) {
+ let fileIOSandboxMinLevel = 0;
+
+ // Set fileIOSandboxMinLevel to the lowest level that has
+ // content filesystem sandboxing enabled. For now, this
+ // varies across Windows, Mac, Linux, other.
+ switch (Services.appinfo.OS) {
+ case "WINNT":
+ fileIOSandboxMinLevel = 1;
+ break;
+ case "Darwin":
+ fileIOSandboxMinLevel = 1;
+ break;
+ case "Linux":
+ fileIOSandboxMinLevel = 2;
+ break;
+ default:
+ Assert.ok(false, "Unknown OS");
+ }
+
+ return level >= fileIOSandboxMinLevel;
+}
+
+// Returns the lowest sandbox level where blanket reading of the profile
+// directory from the content process should be blocked by the sandbox.
+function minProfileReadSandboxLevel(level) {
+ switch (Services.appinfo.OS) {
+ case "WINNT":
+ return 3;
+ case "Darwin":
+ return 2;
+ case "Linux":
+ return 3;
+ default:
+ Assert.ok(false, "Unknown OS");
+ return 0;
+ }
+}
+
+// Returns the lowest sandbox level where blanket reading of the home
+// directory from the content process should be blocked by the sandbox.
+function minHomeReadSandboxLevel(level) {
+ switch (Services.appinfo.OS) {
+ case "WINNT":
+ return 3;
+ case "Darwin":
+ return 3;
+ case "Linux":
+ return 3;
+ default:
+ Assert.ok(false, "Unknown OS");
+ return 0;
+ }
+}
+
+function isMac() {
+ return Services.appinfo.OS == "Darwin";
+}
+function isWin() {
+ return Services.appinfo.OS == "WINNT";
+}
+function isLinux() {
+ return Services.appinfo.OS == "Linux";
+}
+
+function isNightly() {
+ let version = SpecialPowers.Services.appinfo.version;
+ return version.endsWith("a1");
+}
+
+function uuid() {
+ return uuidGenerator.generateUUID().toString();
+}
+
+// Returns a file object for a new file in the home dir ($HOME/<UUID>).
+function fileInHomeDir() {
+ // get home directory, make sure it exists
+ let homeDir = Services.dirsvc.get("Home", Ci.nsIFile);
+ Assert.ok(homeDir.exists(), "Home dir exists");
+ Assert.ok(homeDir.isDirectory(), "Home dir is a directory");
+
+ // build a file object for a new file named $HOME/<UUID>
+ let homeFile = homeDir.clone();
+ homeFile.appendRelativePath(uuid());
+ Assert.ok(!homeFile.exists(), homeFile.path + " does not exist");
+ return homeFile;
+}
+
+// Returns a file object for a new file in the content temp dir (.../<UUID>).
+function fileInTempDir() {
+ let contentTempKey = "ContentTmpD";
+
+ // get the content temp dir, make sure it exists
+ let ctmp = Services.dirsvc.get(contentTempKey, Ci.nsIFile);
+ Assert.ok(ctmp.exists(), "Content temp dir exists");
+ Assert.ok(ctmp.isDirectory(), "Content temp dir is a directory");
+
+ // build a file object for a new file in content temp
+ let tempFile = ctmp.clone();
+ tempFile.appendRelativePath(uuid());
+ Assert.ok(!tempFile.exists(), tempFile.path + " does not exist");
+ return tempFile;
+}
+
+function GetProfileDir() {
+ // get profile directory
+ let profileDir = Services.dirsvc.get("ProfD", Ci.nsIFile);
+ return profileDir;
+}
+
+function GetHomeDir() {
+ // get home directory
+ let homeDir = Services.dirsvc.get("Home", Ci.nsIFile);
+ return homeDir;
+}
+
+function GetHomeSubdir(subdir) {
+ return GetSubdir(GetHomeDir(), subdir);
+}
+
+function GetHomeSubdirFile(subdir) {
+ return GetSubdirFile(GetHomeSubdir(subdir));
+}
+
+function GetSubdir(dir, subdir) {
+ let newSubdir = dir.clone();
+ newSubdir.appendRelativePath(subdir);
+ return newSubdir;
+}
+
+function GetSubdirFile(dir) {
+ let newFile = dir.clone();
+ newFile.appendRelativePath(uuid());
+ return newFile;
+}
+
+function GetPerUserExtensionDir() {
+ return Services.dirsvc.get("XREUSysExt", Ci.nsIFile);
+}
+
+// Returns a file object for the file or directory named |name| in the
+// profile directory.
+function GetProfileEntry(name) {
+ let entry = GetProfileDir();
+ entry.append(name);
+ return entry;
+}
+
+function GetDir(path) {
+ let dir = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+ dir.initWithPath(path);
+ Assert.ok(dir.isDirectory(), `${path} is a directory`);
+ return dir;
+}
+
+function GetDirFromEnvVariable(varName) {
+ return GetDir(Services.env.get(varName));
+}
+
+function GetFile(path) {
+ let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+ file.initWithPath(path);
+ return file;
+}
+
+function GetBrowserType(type) {
+ let browserType = undefined;
+
+ if (!GetBrowserType[type]) {
+ if (type === "web") {
+ GetBrowserType[type] = gBrowser.selectedBrowser;
+ } else {
+ // open a tab in a `type` content process
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank", {
+ preferredRemoteType: type,
+ });
+ // get the browser for the `type` process tab
+ GetBrowserType[type] = gBrowser.getBrowserForTab(gBrowser.selectedTab);
+ }
+ }
+
+ browserType = GetBrowserType[type];
+ ok(
+ browserType.remoteType === type,
+ `GetBrowserType(${type}) returns a ${type} process`
+ );
+ return browserType;
+}
+
+function GetWebBrowser() {
+ return GetBrowserType("web");
+}
+
+function isFileContentProcessEnabled() {
+ // Ensure that the file content process is enabled.
+ let fileContentProcessEnabled = Services.prefs.getBoolPref(
+ "browser.tabs.remote.separateFileUriProcess"
+ );
+ ok(fileContentProcessEnabled, "separate file content process is enabled");
+ return fileContentProcessEnabled;
+}
+
+function GetFileBrowser() {
+ if (!isFileContentProcessEnabled()) {
+ return undefined;
+ }
+ return GetBrowserType("file");
+}
+
+function GetSandboxLevel() {
+ // Current level
+ return Services.prefs.getIntPref("security.sandbox.content.level");
+}
+
+async function runTestsList(tests) {
+ let level = GetSandboxLevel();
+
+ // remove tests not enabled by the current sandbox level
+ tests = tests.filter(test => test.minLevel <= level);
+
+ for (let test of tests) {
+ let okString = test.ok ? "allowed" : "blocked";
+ let processType = test.browser.remoteType;
+
+ // ensure the file/dir exists before we ask a content process to stat
+ // it so we know a failure is not due to a nonexistent file/dir
+ if (test.func === statPath) {
+ ok(test.file.exists(), `${test.file.path} exists`);
+ }
+
+ let result = await ContentTask.spawn(
+ test.browser,
+ test.file.path,
+ test.func
+ );
+
+ ok(
+ result.ok == test.ok,
+ `reading ${test.desc} from a ${processType} process ` +
+ `is ${okString} (${test.file.path})`
+ );
+
+ // if the directory is not expected to be readable,
+ // ensure the listing has zero entries
+ if (test.func === readDir && !test.ok) {
+ ok(result.numEntries == 0, `directory list is empty (${test.file.path})`);
+ }
+
+ if (test.cleanup != undefined) {
+ await test.cleanup(test.file.path);
+ }
+ }
+}