summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/Sandbox.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/sandbox/linux/Sandbox.h76
1 files changed, 76 insertions, 0 deletions
diff --git a/security/sandbox/linux/Sandbox.h b/security/sandbox/linux/Sandbox.h
new file mode 100644
index 0000000000..575f57a3a3
--- /dev/null
+++ b/security/sandbox/linux/Sandbox.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_Sandbox_h
+#define mozilla_Sandbox_h
+
+#include "mozilla/Maybe.h"
+#include "mozilla/Types.h"
+#include "nsXULAppAPI.h"
+#include <vector>
+
+#include "mozilla/ipc/UtilityProcessSandboxing.h"
+
+// This defines the entry points for a content process to start
+// sandboxing itself. See also SandboxInfo.h for what parts of
+// sandboxing are enabled/supported.
+
+namespace mozilla {
+
+namespace ipc {
+class FileDescriptor;
+} // namespace ipc
+
+// This must be called early, before glib creates any worker threads.
+// (See bug 1176099.)
+MOZ_EXPORT void SandboxEarlyInit();
+
+// A collection of sandbox parameters that have to be extracted from
+// prefs or other libxul facilities and passed down, because
+// libmozsandbox can't link against the APIs to read them.
+struct ContentProcessSandboxParams {
+ // Content sandbox level; see also GetEffectiveSandboxLevel in
+ // SandboxSettings.h and the comments for the Linux version of
+ // "security.sandbox.content.level" in browser/app/profile/firefox.js
+ int mLevel = 0;
+ // The filesystem broker client file descriptor, or -1 to allow
+ // direct filesystem access. (Warning: this is not a RAII class and
+ // will not close the fd on destruction.)
+ int mBrokerFd = -1;
+ // Determines whether we allow reading all files, for processes that
+ // render file:/// URLs.
+ bool mFileProcess = false;
+ // Syscall numbers to allow even if the seccomp-bpf policy otherwise
+ // wouldn't.
+ std::vector<int> mSyscallWhitelist;
+
+ static ContentProcessSandboxParams ForThisProcess(
+ const Maybe<ipc::FileDescriptor>& aBroker);
+};
+
+// Call only if SandboxInfo::CanSandboxContent() returns true.
+// (No-op if the sandbox is disabled.)
+// isFileProcess determines whether we allow system wide file reads.
+MOZ_EXPORT bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams);
+
+// Call only if SandboxInfo::CanSandboxMedia() returns true.
+// (No-op if MOZ_DISABLE_GMP_SANDBOX is set.)
+// aFilePath is the path to the plugin file.
+MOZ_EXPORT void SetMediaPluginSandbox(const char* aFilePath);
+
+MOZ_EXPORT void SetRemoteDataDecoderSandbox(int aBroker);
+
+MOZ_EXPORT void SetSocketProcessSandbox(int aBroker);
+
+MOZ_EXPORT void SetUtilitySandbox(int aBroker, ipc::SandboxingKind aKind);
+
+// We want to turn on/off crashing on error when running some tests
+// This will return current value and set the aValue we pass
+MOZ_EXPORT bool SetSandboxCrashOnError(bool aValue);
+
+} // namespace mozilla
+
+#endif // mozilla_Sandbox_h