зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1498624 - pt1 - Implement OSX sandbox for RDD process. r=haik
Differential Revision: https://phabricator.services.mozilla.com/D12376 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Michael Froman
Родитель
c084ff85e4
Коммит
be9430ed4b
|
|
@ -22,6 +22,13 @@
|
|||
#ifdef MOZ_GECKO_PROFILER
|
||||
#include "ChildProfilerController.h"
|
||||
#endif
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
|
||||
#include "mozilla/Sandbox.h"
|
||||
#include "nsMacUtilsImpl.h"
|
||||
#include <Carbon/Carbon.h> // for CGSSetDenyWindowServerConnections
|
||||
#endif
|
||||
|
||||
#include "nsDebugImpl.h"
|
||||
#include "nsThreadManager.h"
|
||||
#include "ProcessUtils.h"
|
||||
|
|
@ -74,9 +81,55 @@ bool RDDParent::Init(base::ProcessId aParentPid, const char* aParentBuildID,
|
|||
return true;
|
||||
}
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
|
||||
extern "C" {
|
||||
CGError CGSSetDenyWindowServerConnections(bool);
|
||||
void CGSShutdownServerConnections();
|
||||
};
|
||||
|
||||
static void StartRDDMacSandbox() {
|
||||
// Close all current connections to the WindowServer. This ensures that the
|
||||
// Activity Monitor will not label the content process as "Not responding"
|
||||
// because it's not running a native event loop. See bug 1384336.
|
||||
CGSShutdownServerConnections();
|
||||
|
||||
// Actual security benefits are only acheived when we additionally deny
|
||||
// future connections.
|
||||
CGError result = CGSSetDenyWindowServerConnections(true);
|
||||
MOZ_DIAGNOSTIC_ASSERT(result == kCGErrorSuccess);
|
||||
#if !MOZ_DIAGNOSTIC_ASSERT_ENABLED
|
||||
Unused << result;
|
||||
#endif
|
||||
|
||||
nsAutoCString appPath;
|
||||
nsMacUtilsImpl::GetAppPath(appPath);
|
||||
|
||||
MacSandboxInfo info;
|
||||
info.type = MacSandboxType_Plugin;
|
||||
info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
|
||||
PR_GetEnv("MOZ_SANDBOX_LOGGING");
|
||||
info.appPath.assign(appPath.get());
|
||||
// Per Haik, set appBinaryPath and pluginBinaryPath to '/dev/null' to
|
||||
// make sure OSX sandbox policy isn't confused by empty strings for
|
||||
// the paths.
|
||||
info.appBinaryPath.assign("/dev/null");
|
||||
info.pluginInfo.pluginBinaryPath.assign("/dev/null");
|
||||
std::string err;
|
||||
bool rv = mozilla::StartMacSandbox(info, err);
|
||||
if (!rv) {
|
||||
NS_WARNING(err.c_str());
|
||||
MOZ_CRASH("mozilla::StartMacSandbox failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
mozilla::ipc::IPCResult RDDParent::RecvInit() {
|
||||
Unused << SendInitComplete();
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
|
||||
StartRDDMacSandbox();
|
||||
#endif
|
||||
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,11 @@ SOURCES += [
|
|||
'VideoDecoderParent.cpp',
|
||||
]
|
||||
|
||||
# so we can include nsMacUtilsImpl.h in RDDParent.cpp for sandboxing
|
||||
LOCAL_INCLUDES += [
|
||||
'/xpcom/base',
|
||||
]
|
||||
|
||||
include('/ipc/chromium/chromium-config.mozbuild')
|
||||
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче