1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
#ifndef __REMOTE_SANDBOXBROKER_H__
#define __REMOTE_SANDBOXBROKER_H__
#include "sandboxBroker.h"
#include "RemoteSandboxBrokerParent.h"
namespace mozilla {
// To make sandboxing an x86 plugin-container process on Windows on ARM64,
// we launch an x86 child process which in turn launches and sandboxes the x86
// plugin-container child. This means the sandbox broker (in the remote
// x86 sandbox launcher process) can be same-arch with the process that it's
// sandboxing, which means all the sandbox's assumptions about things being
// same arch still hold.
class RemoteSandboxBroker : public AbstractSandboxBroker {
public:
RemoteSandboxBroker();
void Shutdown() override;
// Note: This should be called on the IPC launch thread, and this spins
// the event loop. So this means potentially another IPC launch could occur
// re-entrantly while calling this.
bool LaunchApp(const wchar_t* aPath, const wchar_t* aArguments,
base::EnvironmentMap& aEnvironment,
GeckoProcessType aProcessType, const bool aEnableLogging,
const IMAGE_THUNK_DATA*, void** aProcessHandle) override;
// Security levels for different types of processes
void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
bool aIsFileProcess) override;
void SetSecurityLevelForGPUProcess(
int32_t aSandboxLevel, const nsCOMPtr<nsIFile>& aProfileDir) override;
bool SetSecurityLevelForRDDProcess() override;
bool SetSecurityLevelForSocketProcess() override;
bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
bool aIsRemoteLaunch = false) override;
bool SetSecurityLevelForUtilityProcess(
mozilla::ipc::SandboxingKind aSandbox) override;
bool AllowReadFile(wchar_t const* file) override;
void AddHandleToShare(HANDLE aHandle) override;
bool IsWin32kLockedDown() final { return false; };
private:
virtual ~RemoteSandboxBroker();
// Parameters that we use to launch the child process.
LaunchParameters mParameters;
RemoteSandboxBrokerParent mParent;
// We bind the RemoteSandboxBrokerParent to the IPC launch thread.
// As such, we must close its channel on the same thread. So we save
// a reference to the IPC launch thread here.
nsCOMPtr<nsISerialEventTarget> mIPCLaunchThread;
// True if we've been shutdown.
bool mShutdown = false;
};
} // namespace mozilla
#endif // __REMOTE_SANDBOXBROKER_H__
|