Bug 1653659 - Part 2: Add support for Wasm sandboxing hunspell. r=firefox-build-system-reviewers,dmajor

Differential Revision: https://phabricator.services.mozilla.com/D86063

browser/installer/package-manifest.in

@@ -118,6 +118,9 @@
 #ifdef MOZ_WASM_SANDBOXING_OGG
 @BINPATH@/@DLL_PREFIX@oggwasm@DLL_SUFFIX@
 #endif
+#ifdef MOZ_WASM_SANDBOXING_HUNSPELL
+@BINPATH@/@DLL_PREFIX@hunspellwasm@DLL_SUFFIX@
+#endif
 
 ; We don't have a complete view of which dlls to expect when doing an artifact
 ; build because we haven't run the relevant parts of configure, so we guess

extensions/spellcheck/hunspell/glue/RLBoxHunspell.cpp

@@ -4,6 +4,9 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/Assertions.h"
+#ifdef MOZ_WASM_SANDBOXING_HUNSPELL
+#  include "mozilla/ipc/LibrarySandboxPreload.h"
+#endif
 #include "RLBoxHunspell.h"
 #include "mozHunspellRLBoxGlue.h"
 #include "mozHunspellRLBoxHost.h"
@@ -34,7 +37,19 @@ static tainted_hunspell<char*> allocStrInSandbox(
 RLBoxHunspell::RLBoxHunspell(const nsAutoCString& affpath,
                              const nsAutoCString& dpath)
     : mHandle(nullptr) {
+#ifdef MOZ_WASM_SANDBOXING_HUNSPELL
+  // Firefox preloads the library externally to ensure we won't be stopped by
+  // the content sandbox
+  const bool external_loads_exist = true;
+  // See Bug 1606981: In some environments allowing stdio in the wasm sandbox
+  // fails as the I/O redirection involves querying meta-data of file
+  // descriptors. This querying fails in some environments.
+  const bool allow_stdio = false;
+  mSandbox.create_sandbox(mozilla::ipc::GetSandboxedHunspellPath().get(),
+                          external_loads_exist, allow_stdio);
+#else
   mSandbox.create_sandbox();
+#endif
 
   // Add the aff and dict files to allow list
   mozHunspellCallbacks::AllowFile(affpath);

extensions/spellcheck/hunspell/src/moz.build

@@ -4,7 +4,7 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-UNIFIED_SOURCES += [
+all_sources = [
     '../glue/mozHunspellRLBoxSandbox.cpp',
     'affentry.cxx',
     'affixmgr.cxx',
@@ -16,6 +16,13 @@ UNIFIED_SOURCES += [
     'suggestmgr.cxx',
 ]
 
+UNIFIED_SOURCES += all_sources
+
+if CONFIG['MOZ_WASM_SANDBOXING_HUNSPELL']:
+     SANDBOXED_WASM_LIBRARY_NAME = 'hunspellwasm'
+     WASM_DEFINES['MOZILLA_CLIENT'] = True
+     WASM_SOURCES += all_sources
+
 DEFINES['HUNSPELL_STATIC'] = True
 
 FINAL_LIBRARY = 'xul'

ipc/glue/LibrarySandboxPreload.cpp

@@ -51,6 +51,11 @@ nsAutoCString GetSandboxedOggPath() {
       nsLiteralCString(MOZ_DLL_PREFIX "oggwasm" MOZ_DLL_SUFFIX));
 }
 
+nsAutoCString GetSandboxedHunspellPath() {
+  return GetSandboxedPath(
+      nsLiteralCString(MOZ_DLL_PREFIX "hunspellwasm" MOZ_DLL_SUFFIX));
+}
+
 PRLibrary* PreloadLibrary(const nsAutoCString& path) {
   PRLibSpec libSpec;
   libSpec.type = PR_LibSpec_Pathname;
@@ -75,6 +80,11 @@ void PreloadSandboxedDynamicLibraries() {
     MOZ_CRASH("Library preload failure: Failed to load libogg\n");
   }
 #  endif
+#  if defined(MOZ_WASM_SANDBOXING_HUNSPELL)
+  if (!PreloadLibrary(GetSandboxedHunspellPath())) {
+    MOZ_CRASH("Library preload failure: Failed to load libhunspell\n");
+  }
+#  endif
 #endif
 }
 

ipc/glue/LibrarySandboxPreload.h

@@ -12,6 +12,7 @@ namespace mozilla {
 namespace ipc {
 nsAutoCString GetSandboxedGraphitePath();
 nsAutoCString GetSandboxedOggPath();
+nsAutoCString GetSandboxedHunspellPath();
 void PreloadSandboxedDynamicLibraries();
 }  // namespace ipc
 }  // namespace mozilla

toolkit/moz.configure

@@ -2045,6 +2045,7 @@ def wasm_sandboxing_libraries():
     return (
         "graphite",
         "ogg",
+        "hunspell",
     )