Bug 1522830: Part 9 - Add IPC for untrusted modules to Content; r=jmathies

* The parent needs to be able to request the child to provide its untrusted
  modules telemetry. This is done via `GetUntrustedModulesData`.
* The child needs to be able to determine which of its module loads are trusted,
  and which are not. Since the child is sandboxed, it must delegate that work
  to the parent process. This is done via `GetModulesTrust`.

Differential Revision: https://phabricator.services.mozilla.com/D53681

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Aaron Klotz 2019-12-06 22:10:14 +00:00
Родитель 23e61114cf
Коммит 249f1cca46
5 изменённых файлов: 74 добавлений и 1 удалений

Просмотреть файл

@ -218,6 +218,7 @@
# define getpid _getpid
# include "mozilla/widget/AudioSession.h"
# include "mozilla/audio/AudioNotificationReceiver.h"
# include "mozilla/WinDllServices.h"
#endif
#if defined(XP_MACOSX)
@ -1334,6 +1335,13 @@ void ContentChild::InitXPCOM(
// background thread since we'll likely need database information very soon.
BackgroundChild::Startup();
#if defined(XP_WIN)
// DLL services untrusted modules processing depends on
// BackgroundChild::Startup having been called
RefPtr<DllServices> dllSvc(DllServices::Get());
dllSvc->StartUntrustedModulesProcessor();
#endif // defined(XP_WIN)
PBackgroundChild* actorChild = BackgroundChild::GetOrCreateForCurrentThread();
if (NS_WARN_IF(!actorChild)) {
MOZ_ASSERT_UNREACHABLE("PBackground init can't fail at this point");
@ -1440,6 +1448,22 @@ mozilla::ipc::IPCResult ContentChild::RecvRequestMemoryReport(
return IPC_OK();
}
mozilla::ipc::IPCResult ContentChild::RecvGetUntrustedModulesData(
GetUntrustedModulesDataResolver&& aResolver) {
#if defined(XP_WIN)
RefPtr<DllServices> dllSvc(DllServices::Get());
dllSvc->GetUntrustedModulesData()->Then(
GetMainThreadSerialEventTarget(), __func__,
[aResolver](Maybe<UntrustedModulesData>&& aData) {
aResolver(std::move(aData));
},
[aResolver](nsresult aReason) { aResolver(Nothing()); });
return IPC_OK();
#else
return IPC_FAIL(this, "Unsupported on this platform");
#endif // defined(XP_WIN)
}
PCycleCollectWithLogsChild* ContentChild::AllocPCycleCollectWithLogsChild(
const bool& aDumpAllTraces, const FileDescriptor& aGCLog,
const FileDescriptor& aCCLog) {
@ -2386,6 +2410,11 @@ void ContentChild::ActorDestroy(ActorDestroyReason why) {
// keep persistent state.
ProcessChild::QuickExit();
#else
#if defined(XP_WIN)
RefPtr<DllServices> dllSvc(DllServices::Get());
dllSvc->DisableFull();
#endif // defined(XP_WIN)
if (gFirstIdleTask) {
gFirstIdleTask->Cancel();
gFirstIdleTask = nullptr;

Просмотреть файл

@ -561,6 +561,9 @@ class ContentChild final
const uint32_t& generation, const bool& anonymize,
const bool& minimizeMemoryUsage, const Maybe<FileDescriptor>& DMDFile);
mozilla::ipc::IPCResult RecvGetUntrustedModulesData(
GetUntrustedModulesDataResolver&& aResolver);
mozilla::ipc::IPCResult RecvSetXPCOMProcessAttributes(
const XPCOMInitData& aXPCOMInit, const StructuredCloneData& aInitialData,
nsTArray<LookAndFeelInt>&& aLookAndFeelIntCache,
@ -805,7 +808,7 @@ class ContentChild final
* generated by the chrome process.
*/
uint32_t mMsaaID;
#endif
#endif // defined(XP_WIN) && defined(ACCESSIBILITY)
AppInfo mAppInfo;

Просмотреть файл

@ -281,6 +281,7 @@
#ifdef XP_WIN
# include "mozilla/audio/AudioNotificationSender.h"
# include "mozilla/widget/AudioSession.h"
# include "mozilla/WinDllServices.h"
#endif
#ifdef ACCESSIBILITY
@ -5794,6 +5795,24 @@ mozilla::ipc::IPCResult ContentParent::RecvNotifyMediaAudibleChanged(
return IPC_OK();
}
mozilla::ipc::IPCResult ContentParent::RecvGetModulesTrust(
ModulePaths&& aModPaths, bool aRunAtNormalPriority,
GetModulesTrustResolver&& aResolver) {
#if defined(XP_WIN)
RefPtr<DllServices> dllSvc(DllServices::Get());
dllSvc->GetModulesTrust(std::move(aModPaths), aRunAtNormalPriority)
->Then(
GetMainThreadSerialEventTarget(), __func__,
[aResolver](ModulesMapResult&& aResult) {
aResolver(Some(ModulesMapResult(std::move(aResult))));
},
[aResolver](nsresult aRv) { aResolver(Nothing()); });
return IPC_OK();
#else
return IPC_FAIL(this, "Unsupported on this platform");
#endif // defined(XP_WIN)
}
mozilla::ipc::IPCResult ContentParent::RecvAttachBrowsingContext(
BrowsingContext::IPCInitializer&& aInit) {
RefPtr<CanonicalBrowsingContext> parent;

Просмотреть файл

@ -1208,6 +1208,10 @@ class ContentParent final
mozilla::ipc::IPCResult RecvNotifyMediaAudibleChanged(
BrowsingContext* aContext, bool aAudible);
mozilla::ipc::IPCResult RecvGetModulesTrust(
ModulePaths&& aModPaths, bool aRunAtNormalPriority,
GetModulesTrustResolver&& aResolver);
// Notify the ContentChild to enable the input event prioritization when
// initializing.
void MaybeEnableRemoteInputEventQueue();

Просмотреть файл

@ -103,6 +103,9 @@ using mozilla::Telemetry::ScalarAction from "mozilla/TelemetryComms.h";
using mozilla::Telemetry::KeyedScalarAction from "mozilla/TelemetryComms.h";
using mozilla::Telemetry::DynamicScalarDefinition from "mozilla/TelemetryComms.h";
using mozilla::Telemetry::ChildEventData from "mozilla/TelemetryComms.h";
using moveonly mozilla::UntrustedModulesData from "mozilla/UntrustedModulesData.h";
using moveonly mozilla::ModulePaths from "mozilla/UntrustedModulesData.h";
using moveonly mozilla::ModulesMapResult from "mozilla/UntrustedModulesData.h";
using mozilla::Telemetry::DiscardedData from "mozilla/TelemetryComms.h";
using mozilla::CrossProcessMutexHandle from "mozilla/ipc/CrossProcessMutex.h";
using refcounted class mozilla::dom::BrowsingContext from "mozilla/dom/BrowsingContext.h";
@ -475,6 +478,12 @@ child:
FileDescriptor? DMDFile);
async RequestPerformanceMetrics(nsID aID);
/**
* Used by third-party modules telemetry (aka "untrusted modules" telemetry)
* to pull data from content processes.
*/
async GetUntrustedModulesData() returns (UntrustedModulesData? data);
/**
* Communication between the PuppetBidiKeyboard and the actual
* BidiKeyboard hosted by the parent
@ -1478,6 +1487,15 @@ parent:
*/
async NotifyMediaAudibleChanged(BrowsingContext aContext, bool aAudible);
/**
* Due to sandboxing, a child process's UntrustedModulesProcessor cannot
* obtain enough information about a DLL file to determine its
* trustworthiness. This API asks the chrome process to perform that
* evaluation.
*/
async GetModulesTrust(ModulePaths aModPaths, bool aRunAtNormalPriority)
returns (ModulesMapResult? modMapResult);
both:
async ScriptError(nsString message, nsString sourceName, nsString sourceLine,
uint32_t lineNumber, uint32_t colNumber, uint32_t flags,