Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor

When early initialization of the sandbox is enabled, assert that the sandbox has already been enabled in ContentProcess::Init(). Depends on D6720 Differential Revision: https://phabricator.services.mozilla.com/D6721 --HG-- extra : moz-landing-system : lando
2018-10-02 19:41:30 +00:00 · 2018-10-02 19:41:30 +00:00 · 7977abcd65
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@ -14,6 +14,7 @@

 #if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
 #include <stdlib.h>
+#include "mozilla/Sandbox.h"
 #endif

 #if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
@ -296,7 +297,13 @@ ContentProcess::Init(int aArgc, char* aArgv[])
  mXREEmbed.Start();
 #if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
  mContent.SetProfileDir(profileDir);
-#endif
+#if defined(DEBUG)
+  if (IsContentSandboxEnabled() &&
+      Preferences::GetBool("security.sandbox.content.mac.earlyinit")) {
+    AssertMacSandboxEnabled();
+  }
+#endif /* DEBUG */
+#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */

 #if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
  SetUpSandboxEnvironment();
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@ -78,6 +78,9 @@ namespace mozilla {
 bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage);
 bool EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
                                   std::string &aErrorMessage);
+#ifdef DEBUG
+void AssertMacSandboxEnabled();
+#endif /* DEBUG */

 } // namespace mozilla

--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@ -489,5 +489,20 @@ EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
  return StartMacSandbox(info, aErrorMessage);
 }

+#ifdef DEBUG
+/*
+ * Ensures that a process sandbox is enabled by attempting to enable
+ * a new sandbox policy and ASSERT'ing that this fails. This depends
+ * on sandbox_init() failing when called again after a sandbox has
+ * already been successfully enabled.
+ */
+void
+AssertMacSandboxEnabled()
+{
+  char *errorbuf = NULL;
+  int rv = sandbox_init("(version 1)(deny default)", 0, &errorbuf);
+  MOZ_ASSERT(rv != 0);
+}
+#endif /* DEBUG */

 } // namespace mozilla